refactory

cmd/aeraki/main.go

@@ -21,6 +21,8 @@ import (
 	"strings"
 	"syscall"
 
+	"github.com/aeraki-mesh/aeraki/pkg/config/constants"
+
 	"github.com/google/uuid"
 
 	"github.com/aeraki-mesh/aeraki/pkg/bootstrap"
@@ -36,7 +38,7 @@ import (
 
 const (
 	defaultIstiodAddr        = "istiod.istio-system:15010"
-	defaultNamespace         = "istio-system"
+	defaultRootNamespace     = constants.DefaultRootNamespace
 	defaultXdsAddr           = ":15010"
 	defaultElectionID        = "aeraki-controller"
 	defaultLogLevel          = "all:info"
@@ -48,7 +50,7 @@ func main() {
 	args := bootstrap.NewAerakiArgs()
 	flag.BoolVar(&args.Master, "master", true, "Istiod xds server address")
 	flag.StringVar(&args.IstiodAddr, "istiod-address", defaultIstiodAddr, "Istiod xds server address")
-	flag.StringVar(&args.Namespace, "namespace", defaultNamespace, "The namespace where Aeraki is deployed")
+	flag.StringVar(&args.RootNamespace, "root-namespace", defaultRootNamespace, "The Root Namespace of Aeraki")
 	flag.StringVar(&args.ClusterID, "cluster-id", "", "The cluster where Aeraki is deployed")
 	flag.StringVar(&args.XdsAddr, "xds-listen-address", defaultXdsAddr, "Istiod xds server port")
 	flag.StringVar(&args.ConfigStoreSecret, "config-store-secret", defaultConfigStoreSecret,

docker/Dockerfile

@@ -29,7 +29,7 @@ ENV AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE="false"
 COPY aeraki /usr/local/bin/
 ENTRYPOINT /usr/local/bin/aeraki                                                     \
            -istiod-address=$AERAKI_ISTIOD_ADDR                                       \
-           -namespace=$AERAKI_NAMESPACE                                              \
+           -root-namespace=$AERAKI_NAMESPACE                                              \
            -cluster-id=$AERAKI_CLUSTER_ID                                            \
            -config-store-secret=$AERAKI_ISTIO_CONFIG_STORE_SECRET                    \
            -xds-listen-address=$AERAKI_XDS_LISTEN_ADDR                               \

pkg/bootstrap/options.go

@@ -26,7 +26,7 @@ type AerakiArgs struct {
 	XdsAddr    string
 	// The listening address for HTTPS (webhooks).
 	HTTPSAddr                string
-	Namespace                string
+	RootNamespace            string
 	ClusterID                string
 	ConfigStoreSecret        string
 	ElectionID               string

pkg/bootstrap/server.go

@@ -27,8 +27,9 @@ import (
 	"github.com/aeraki-mesh/aeraki/pkg/leaderelection"
 
 	aerakischeme "github.com/aeraki-mesh/aeraki/client-go/pkg/clientset/versioned/scheme"
-	"github.com/aeraki-mesh/aeraki/pkg/config"
-	"github.com/aeraki-mesh/aeraki/pkg/controller"
+	"github.com/aeraki-mesh/aeraki/pkg/controller/istio"
+	"github.com/aeraki-mesh/aeraki/pkg/controller/kube"
+
 	"github.com/aeraki-mesh/aeraki/pkg/envoyfilter"
 	"github.com/aeraki-mesh/aeraki/pkg/model/protocol"
 	"github.com/aeraki-mesh/aeraki/pkg/xds"
@@ -55,7 +56,7 @@ var (
 type Server struct {
 	args                  *AerakiArgs
 	kubeClient            kubernetes.Interface
-	configController      *config.Controller
+	configController      *istio.Controller
 	envoyFilterController *envoyfilter.Controller
 	xdsCacheMgr           *xds.CacheMgr
 	xdsServer             *xds.Server
@@ -83,10 +84,10 @@ func NewServer(args *AerakiArgs) (*Server, error) {
 	}
 
 	// configController watches Istiod through MCP over xDS to get service entry and virtual service updates
-	configController := config.NewController(&config.Options{
+	configController := istio.NewController(&istio.Options{
 		ClusterID:  args.ClusterID,
 		IstiodAddr: args.IstiodAddr,
-		NameSpace:  args.Namespace,
+		NameSpace:  args.RootNamespace,
 	})
 
 	// envoyFilterController watches changes on config and create/update corresponding EnvoyFilters
@@ -154,7 +155,7 @@ func NewServer(args *AerakiArgs) (*Server, error) {
 // These controllers are horizontally scalable, multiple instances can be deployed to share the load
 func createScalableControllers(args *AerakiArgs, kubeConfig *rest.Config,
 	envoyFilterController *envoyfilter.Controller, xdsCacheMgr *xds.CacheMgr) (manager.Manager, error) {
-	mgr, err := controller.NewManager(kubeConfig, args.Namespace, false, "")
+	mgr, err := kube.NewManager(kubeConfig, args.RootNamespace, false, "")
 	if err != nil {
 		return nil, err
 	}
@@ -167,23 +168,23 @@ func createScalableControllers(args *AerakiArgs, kubeConfig *rest.Config,
 		xdsCacheMgr.UpdateRoute()
 		return nil
 	}
-	err = controller.AddRedisServiceController(mgr, updateEnvoyFilter)
+	err = kube.AddRedisServiceController(mgr, updateEnvoyFilter)
 	if err != nil {
 		aerakiLog.Fatalf("could not add RedisServiceController: %e", err)
 	}
-	err = controller.AddRedisDestinationController(mgr, updateEnvoyFilter)
+	err = kube.AddRedisDestinationController(mgr, updateEnvoyFilter)
 	if err != nil {
 		aerakiLog.Fatalf("could not add RedisDestinationController: %e", err)
 	}
-	err = controller.AddDubboAuthorizationPolicyController(mgr, updateEnvoyFilter)
+	err = kube.AddDubboAuthorizationPolicyController(mgr, updateEnvoyFilter)
 	if err != nil {
 		aerakiLog.Fatalf("could not add DubboAuthorizationPolicyController: %e", err)
 	}
-	err = controller.AddApplicationProtocolController(mgr, updateEnvoyFilter)
+	err = kube.AddApplicationProtocolController(mgr, updateEnvoyFilter)
 	if err != nil {
 		aerakiLog.Fatalf("could not add ApplicationProtocolController: %e", err)
 	}
-	err = controller.AddMetaRouterController(mgr, func() error {
+	err = kube.AddMetaRouterController(mgr, func() error {
 		if err := updateEnvoyFilter(); err != nil { //MetaRouter Rate limit config will cause update on EnvoyFilters
 			return err
 		}
@@ -210,15 +211,15 @@ func createScalableControllers(args *AerakiArgs, kubeConfig *rest.Config,
 // Since Aeraki is using the VIP of a serviceEntry as match condition when generating EnvoyFilter,
 // the VIP must be unique and consistent in the mesh.
 func createSingletonControllers(args *AerakiArgs, kubeConfig *rest.Config) (manager.Manager, error) {
-	mgr, err := controller.NewManager(kubeConfig, args.Namespace, true, leaderelection.AllocateVIPController)
+	mgr, err := kube.NewManager(kubeConfig, args.RootNamespace, true, leaderelection.AllocateVIPController)
 	if err != nil {
 		return nil, err
 	}
-	err = controller.AddServiceEntryController(mgr)
+	err = kube.AddServiceEntryController(mgr)
 	if err != nil {
 		aerakiLog.Fatalf("could not add ServiceEntryController: %e", err)
 	}
-	err = controller.AddNamespaceController(mgr)
+	err = kube.AddNamespaceController(mgr)
 	if err != nil {
 		aerakiLog.Fatalf("could not add NamespaceController: %e", err)
 	}
@@ -239,7 +240,8 @@ func (s *Server) Start(stop <-chan struct{}) {
 		aerakiLog.Infof("aeraki is running as the master")
 		go func() {
 			leaderelection.
-				NewLeaderElection(s.args.Namespace, s.args.ServerID, leaderelection.EnvoyFilterController, s.kubeClient).
+				NewLeaderElection(s.args.RootNamespace, s.args.ServerID, leaderelection.EnvoyFilterController,
+					s.kubeClient).
 				AddRunFunction(func(leaderStop <-chan struct{}) {
 					aerakiLog.Infof("starting EnvoyFilter creation controller")
 					s.envoyFilterController.Run(stop)
@@ -330,13 +332,13 @@ func getConfigStoreKubeConfig(args *AerakiArgs) (*rest.Config, error) {
 
 	// Aeraki allows to use a dedicated API Server as the Istio config store.
 	// The credential to access this dedicated Istio config store should be stored in a secret
-	if args.Namespace != "" && args.ConfigStoreSecret != "" {
+	if args.RootNamespace != "" && args.ConfigStoreSecret != "" {
 		client, err := kubernetes.NewForConfig(kubeConfig)
 		if err != nil {
 			err = fmt.Errorf("failed to get Kube client: %v", err)
 			return nil, err
 		}
-		secret, err := client.CoreV1().Secrets(args.Namespace).Get(context.TODO(), args.ConfigStoreSecret,
+		secret, err := client.CoreV1().Secrets(args.RootNamespace).Get(context.TODO(), args.ConfigStoreSecret,
 			metav1.GetOptions{})
 		if err != nil {
 			err = fmt.Errorf("failed to get Istio config store secret: %v", err)

pkg/ca/certificate.go

@@ -23,6 +23,8 @@ import (
 	"encoding/pem"
 	"math/big"
 	"time"
+
+	"github.com/aeraki-mesh/aeraki/pkg/config/constants"
 )
 
 // KeyCertBundle stores the cert, private key and root cert for aeraki.
@@ -68,7 +70,9 @@ func GenerateKeyCertBundle() (*KeyCertBundle, error) {
 		Bytes: caBytes,
 	})
 
-	dnsNames := []string{"aeraki", "aeraki.istio-system", "aeraki.istio-system.svc"}
+	dnsNames := []string{"aeraki",
+		"aeraki." + constants.DefaultRootNamespace,
+		"aeraki." + constants.DefaultRootNamespace + ".svc"}
 	commonName := "aeraki.default.svc"
 
 	// server cert config

pkg/config/constants/constants.go

@@ -0,0 +1,23 @@
+// Copyright Aeraki Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package constants
+
+const (
+	// DefaultRootNamespace is the root config namespace
+	DefaultRootNamespace = "istio-system"
+
+	// AerakiFieldManager is the FileldManager for Aeraki CRDs
+	AerakiFieldManager = "Aeraki"
+)

pkg/config/controller.go → pkg/controller/istio/controller.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package config
+package istio
 
 import (
 	"io/ioutil"
@@ -308,4 +308,4 @@ func (c *Controller) newSecretManager() (*cache.SecretManagerClient, error) {
 	}
 
 	return cache.NewSecretManagerClient(caClient, o)
-}
+}

pkg/controller/dubbo.go → pkg/controller/kube/dubbo.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"context"

pkg/controller/controller.go → pkg/controller/kube/manager.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"istio.io/pkg/log"

pkg/controller/metaprotocol.go → pkg/controller/kube/metaprotocol.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"context"

pkg/controller/metarouter.go → pkg/controller/kube/metarouter.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"context"

pkg/controller/namesapce.go → pkg/controller/kube/namesapce.go

@@ -12,12 +12,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"context"
 	"fmt"
 
+	"github.com/aeraki-mesh/aeraki/pkg/config/constants"
 	"k8s.io/apimachinery/pkg/api/errors"
 
 	"istio.io/pkg/log"
@@ -100,7 +101,7 @@ func (c *namespaceController) createBootstrapConfigMap(ns string) {
 		"custom_bootstrap.json": bootstrapConfig,
 	}
 	if err := c.Client.Create(context.TODO(), cm, &controllerclient.CreateOptions{
-		FieldManager: aerakiFieldManager,
+		FieldManager: constants.AerakiFieldManager,
 	}); err != nil {
 		namespaceLog.Errorf("failed to create configMap: %v", err)
 	}

pkg/controller/redis.go → pkg/controller/kube/redis.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"context"

pkg/controller/serviceentry.go → pkg/controller/kube/serviceentry.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"context"
@@ -22,6 +22,7 @@ import (
 
 	"k8s.io/apimachinery/pkg/api/errors"
 
+	"github.com/aeraki-mesh/aeraki/pkg/config/constants"
 	"github.com/aeraki-mesh/aeraki/pkg/model"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -39,8 +40,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/source"
 )
 
-const aerakiFieldManager = "Aeraki"
-
 var serviceEntryLog = log.RegisterScope("service-entry-controller", "service-entry-controller debugging", 0)
 
 var (
@@ -161,7 +160,7 @@ func (c *serviceEntryController) autoAllocateIP(key client.ObjectKey, s *network
 func (c *serviceEntryController) updateServiceEntry(s *networking.ServiceEntry, key client.ObjectKey) {
 	err := c.Client.Update(context.TODO(), s,
 		&controllerclient.UpdateOptions{
-			FieldManager: aerakiFieldManager,
+			FieldManager: constants.AerakiFieldManager,
 		})
 	if err == nil {
 		c.serviceIPs[s.Spec.Addresses[0]] = key

pkg/controller/serviceetnry_test.go → pkg/controller/kube/serviceetnry_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 import (
 	"testing"

pkg/controller/bootstrap_config.go → pkg/controller/kube/sidecar_bootstrap_config.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package controller
+package kube
 
 var bootstrapConfig = `
     {
@@ -55,7 +55,7 @@ var bootstrapConfig = `
                                "endpoint":{
                                   "address":{
                                      "socket_address":{
-                                        "address":"aeraki-xds.istio-system",
+                                        "address":"aeraki.istio-system",
                                         "port_value":15010
                                      }
                                   }