diff --git a/.ci/yamllint.yml b/.ci/yamllint.yml index bff5d4401..0dadade77 100644 --- a/.ci/yamllint.yml +++ b/.ci/yamllint.yml @@ -6,6 +6,7 @@ ignore: | manifests/charts/aeraki/templates/deployment.yaml manifests/charts/aeraki/templates/service.yaml manifests/charts/aeraki/templates/serviceaccount.yaml + manifests/charts/aeraki/templates/tcmapiservice.yaml k8s/crd.yaml yaml-files: diff --git a/manifests/charts/aeraki/Chart.yaml b/manifests/charts/aeraki/Chart.yaml index b029cf01d..b76c283b9 100644 --- a/manifests/charts/aeraki/Chart.yaml +++ b/manifests/charts/aeraki/Chart.yaml @@ -34,10 +34,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "1.0.4" diff --git a/manifests/charts/aeraki/templates/applicationprotocol.yaml b/manifests/charts/aeraki/templates/applicationprotocol.yaml new file mode 100644 index 000000000..b9ec16b63 --- /dev/null +++ b/manifests/charts/aeraki/templates/applicationprotocol.yaml @@ -0,0 +1,32 @@ +# Copyright Aeraki Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: metaprotocol.aeraki.io/v1alpha1 +kind: ApplicationProtocol +metadata: + name: dubbo + namespace: istio-system +spec: + protocol: dubbo + codec: aeraki.meta_protocol.codec.dubbo +--- +apiVersion: metaprotocol.aeraki.io/v1alpha1 +kind: ApplicationProtocol +metadata: + name: thrift + namespace: istio-system +spec: + protocol: thrift + codec: aeraki.meta_protocol.codec.thrift diff --git a/manifests/charts/aeraki/templates/applicationprotocols-crd.yaml b/manifests/charts/aeraki/templates/applicationprotocols-crd.yaml new file mode 100644 index 000000000..36fd25813 --- /dev/null +++ b/manifests/charts/aeraki/templates/applicationprotocols-crd.yaml @@ -0,0 +1,61 @@ +# Copyright Aeraki Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: aeraki + chart: aeraki + heritage: Tiller + release: aeraki + name: applicationprotocols.metaprotocol.aeraki.io +spec: + group: metaprotocol.aeraki.io + names: + categories: + - aeraki-io + - metaprotocol-aeraki-io + kind: ApplicationProtocol + listKind: ApplicationProtocolList + plural: applicationprotocols + singular: applicationprotocol + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + description: ApplicationProtocol defines an application protocol built + on top of MetaProtocol. + properties: + codec: + format: string + type: string + protocol: + format: string + type: string + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/manifests/charts/aeraki/templates/clusterrole.yaml b/manifests/charts/aeraki/templates/clusterrole.yaml index 15f0e4d09..e4ce150ba 100644 --- a/manifests/charts/aeraki/templates/clusterrole.yaml +++ b/manifests/charts/aeraki/templates/clusterrole.yaml @@ -37,6 +37,7 @@ rules: - apiGroups: - redis.aeraki.io - dubbo.aeraki.io + - metaprotocol.aeraki.io resources: - '*' verbs: diff --git a/manifests/charts/aeraki/templates/deployment.yaml b/manifests/charts/aeraki/templates/deployment.yaml index 3edc9b729..1efafd584 100644 --- a/manifests/charts/aeraki/templates/deployment.yaml +++ b/manifests/charts/aeraki/templates/deployment.yaml @@ -42,14 +42,33 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - - name: ISTIOD_ADDR - value: {{ .Values.ISTIOD_ADDR }} - - name: NAMESPACE + - name: AERAKI_IS_MASTER + value: {{ .Values.AERAKI_ENV.AERAKI_IS_MASTER }} + - name: AERAKI_ISTIOD_ADDR + value: {{ .Values.AERAKI_ENV.AERAKI_ISTIOD_ADDR }} + - name: AERAKI_CLUSTER_ID + value: {{ .Values.AERAKI_ENV.AERAKI_CLUSTER_ID }} + # In case of TCM, Istio config store can be a different k8s API server from the one Aeraki is running with + - name: AERAKI_ISTIO_CONFIG_STORE_SECRET + value: {{ .Values.AERAKI_ENV.AERAKI_ISTIO_CONFIG_STORE_SECRET }} + - name: AERAKI_XDS_LISTEN_ADDR + value: {{ .Values.AERAKI_ENV.AERAKI_XDS_LISTEN_ADDR }} + - name: AERAKI_LOG_LEVEL + value: {{ .Values.AERAKI_ENV.AERAKI_LOG_LEVEL }} + - name: AERAKI_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - - name: ISTIO_CONFIG_STORE_SECRET - value: {{ .Values.ISTIO_CONFIG_STORE_SECRET }} + - name: AERAKI_SERVER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: istiod-ca-cert + mountPath: /var/run/secrets/istio + readOnly: true + resources: + {{- toYaml .Values.resources | nindent 12 }} # ports: # - name: http # containerPort: 80 @@ -62,8 +81,11 @@ spec: # httpGet: # path: / # port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: istiod-ca-cert + configMap: + name: istio-ca-root-cert + defaultMode: 420 {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/manifests/charts/aeraki/templates/metarouters-crd.yaml b/manifests/charts/aeraki/templates/metarouters-crd.yaml new file mode 100644 index 000000000..abdf27e6f --- /dev/null +++ b/manifests/charts/aeraki/templates/metarouters-crd.yaml @@ -0,0 +1,308 @@ +# Copyright Aeraki Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep + labels: + app: aeraki + chart: aeraki + heritage: Tiller + release: aeraki + name: metarouters.metaprotocol.aeraki.io +spec: + group: metaprotocol.aeraki.io + names: + categories: + - aeraki-io + - metaprotocol-aeraki-io + kind: MetaRouter + listKind: MetaRouterList + plural: metarouters + singular: metarouter + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + description: MetaRouter defines route policies for MetaProtocol proxy. + properties: + globalRateLimit: + properties: + denyOnFail: + type: boolean + descriptors: + items: + properties: + descriptorKey: + format: string + type: string + property: + format: string + type: string + type: object + type: array + domain: + description: The rate limit domain to use when calling the rate + limit service. + format: string + type: string + match: + description: Match conditions to be satisfied for the rate limit + rule to be activated. + properties: + attributes: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + format: string + type: string + type: object + description: If the value is empty and only the name of attribute + is specified, presence of the attribute is checked. + type: object + type: object + rateLimitService: + description: The cluster name of the external rate limit service + provider. + format: string + type: string + requestTimeout: + description: The timeout in milliseconds for the rate limit service + RPC. + type: string + type: object + hosts: + items: + format: string + type: string + type: array + localRateLimit: + properties: + conditions: + description: The more specific rate limit conditions, the first + match will be used. + items: + properties: + match: + description: Match conditions to be satisfied for the rate + limit rule to be activated. + properties: + attributes: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + format: string + type: string + type: object + description: If the value is empty and only the name + of attribute is specified, presence of the attribute + is checked. + type: object + type: object + tokenBucket: + properties: + fillInterval: + description: The fill interval that tokens are added + to the bucket. + type: string + maxTokens: + description: The maximum tokens that the bucket can + hold. + type: integer + tokensPerFill: + description: The number of tokens added to the bucket + during each fill interval. + nullable: true + type: integer + type: object + type: object + type: array + tokenBucket: + properties: + fillInterval: + description: The fill interval that tokens are added to the + bucket. + type: string + maxTokens: + description: The maximum tokens that the bucket can hold. + type: integer + tokensPerFill: + description: The number of tokens added to the bucket during + each fill interval. + nullable: true + type: integer + type: object + type: object + routes: + items: + properties: + match: + description: Match conditions to be satisfied for the rule to + be activated. + properties: + attributes: + additionalProperties: + oneOf: + - not: + anyOf: + - required: + - exact + - required: + - prefix + - required: + - regex + - required: + - exact + - required: + - prefix + - required: + - regex + properties: + exact: + format: string + type: string + prefix: + format: string + type: string + regex: + description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + format: string + type: string + type: object + description: If the value is empty and only the name of + attribute is specified, presence of the attribute is checked. + type: object + type: object + name: + description: The name assigned to the route for debugging purposes. + format: string + type: string + requestMutation: + description: Specifies a list of key-value pairs that should + be mutated for each request. + items: + properties: + key: + description: Key name. + format: string + type: string + value: + description: alue. + format: string + type: string + type: object + type: array + responseMutation: + description: Specifies a list of key-value pairs that should + be mutated for each response. + items: + properties: + key: + description: Key name. + format: string + type: string + value: + description: alue. + format: string + type: string + type: object + type: array + route: + description: A Route rule can forward (default) traffic. + items: + properties: + destination: + properties: + host: + description: The name of a service from the service + registry. + format: string + type: string + port: + description: Specifies the port on the host that is + being addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + format: string + type: string + type: object + weight: + type: integer + type: object + type: array + type: object + type: array + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} diff --git a/manifests/charts/aeraki/templates/service.yaml b/manifests/charts/aeraki/templates/service.yaml index 42ea85401..2d259f6c5 100644 --- a/manifests/charts/aeraki/templates/service.yaml +++ b/manifests/charts/aeraki/templates/service.yaml @@ -31,3 +31,20 @@ spec: selector: app: aeraki {{- end }} + +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: aeraki-xds + name: aeraki-xds + namespace: {{ .Release.Namespace }} +spec: + ports: + - name: grpc-xds + port: 15010 + protocol: TCP + targetPort: 15010 + selector: + app: aeraki \ No newline at end of file diff --git a/manifests/charts/aeraki/templates/serviceaccount.yaml b/manifests/charts/aeraki/templates/serviceaccount.yaml index ed8f0f8e8..e3ac5751b 100644 --- a/manifests/charts/aeraki/templates/serviceaccount.yaml +++ b/manifests/charts/aeraki/templates/serviceaccount.yaml @@ -18,6 +18,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: aeraki + namespace: {{ .Release.Namespace }} labels: app: aeraki {{- end }} diff --git a/manifests/charts/aeraki/templates/tcmapiservice.yaml b/manifests/charts/aeraki/templates/tcmapiservice.yaml new file mode 100644 index 000000000..45152d61d --- /dev/null +++ b/manifests/charts/aeraki/templates/tcmapiservice.yaml @@ -0,0 +1,63 @@ +# Copyright Aeraki Authors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +{{- if .Values.tcmapiservice.create -}} +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.dubbo.aeraki.io +spec: + insecureSkipTLSVerify: true + group: dubbo.aeraki.io + groupPriorityMinimum: 1000 + versionPriority: 10 + service: + name: istio-crd + namespace: istio-system + port: 61011 + version: v1alpha1 + +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.redis.aeraki.io +spec: + insecureSkipTLSVerify: true + group: redis.aeraki.io + groupPriorityMinimum: 1000 + versionPriority: 10 + service: + name: istio-crd + namespace: istio-system + port: 61011 + version: v1alpha1 + +--- +apiVersion: apiregistration.k8s.io/v1 +kind: APIService +metadata: + name: v1alpha1.metaprotocol.aeraki.io +spec: + insecureSkipTLSVerify: true + group: metaprotocol.aeraki.io + groupPriorityMinimum: 1000 + versionPriority: 10 + service: + name: istio-crd + namespace: istio-system + port: 61011 + version: v1alpha1 +{{- end }} diff --git a/manifests/charts/aeraki/values.yaml b/manifests/charts/aeraki/values.yaml index 66cf4007d..e23993feb 100644 --- a/manifests/charts/aeraki/values.yaml +++ b/manifests/charts/aeraki/values.yaml @@ -25,9 +25,13 @@ image: # Overrides the image tag whose default is the chart appVersion. tag: latest -ISTIOD_ADDR: "istiod.istio-system:15010" - -ISTIO_CONFIG_STORE_SECRET: "" +AERAKI_ENV: + AERAKI_IS_MASTER: + AERAKI_ISTIOD_ADDR: "istiod.istio-system:15010" + AERAKI_CLUSTER_ID: + AERAKI_ISTIO_CONFIG_STORE_SECRET: + AERAKI_XDS_LISTEN_ADDR: ":15010" + AERAKI_LOG_LEVEL: "all:debug" imagePullSecrets: [] nameOverride: "" @@ -89,3 +93,6 @@ nodeSelector: {} tolerations: [] affinity: {} + +tcmapiservice: + create: false