This is an automated email from the ASF dual-hosted git repository.
albumenj pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/dubbo.git
The following commit(s) were added to refs/heads/3.1 by this push:
new 8c5e2b299f [3.1] Update XDS Impl (#10416)
8c5e2b299f is described below
commit 8c5e2b299f031777dcd27b4e91facb6ef4fd530c
Author: Albumen Kevin <[email protected]>
AuthorDate: Mon Aug 8 17:42:02 2022 +0800
[3.1] Update XDS Impl (#10416)
---
.../xds/istio/IstioCitadelCertificateSigner.java | 2 +-
.../dubbo/registry/xds/istio/IstioConstant.java | 4 +++
.../apache/dubbo/registry/xds/istio/IstioEnv.java | 42 ++++++++++++++++++++--
.../dubbo/registry/xds/util/NodeBuilder.java | 13 ++++---
4 files changed, 53 insertions(+), 8 deletions(-)
diff --git
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioCitadelCertificateSigner.java
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioCitadelCertificateSigner.java
index 554a39082c..cf91f1ea98 100644
---
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioCitadelCertificateSigner.java
+++
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioCitadelCertificateSigner.java
@@ -74,7 +74,7 @@ public class IstioCitadelCertificateSigner implements
XdsCertificateSigner {
// watch cert, Refresh every 30s
ScheduledExecutorService scheduledThreadPool =
Executors.newScheduledThreadPool(1);
scheduledThreadPool.scheduleAtFixedRate(new GenerateCertTask(), 0, 30,
TimeUnit.SECONDS);
- istioEnv = new org.apache.dubbo.registry.xds.istio.IstioEnv();
+ istioEnv = IstioEnv.getInstance();
}
@Override
diff --git
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioConstant.java
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioConstant.java
index 296c5ae46a..789f70bd10 100644
---
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioConstant.java
+++
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioConstant.java
@@ -46,6 +46,10 @@ public class IstioConstant {
*/
public final static String KUBERNETES_SA_PATH =
"/var/run/secrets/kubernetes.io/serviceaccount/token";
+ public final static String KUBERNETES_CA_PATH =
"/var/run/secrets/kubernetes.io/serviceaccount/ca.crt";
+
+ public final static String KUBERNETES_NAMESPACE_PATH =
"/var/run/secrets/kubernetes.io/serviceaccount/namespace";
+
public final static String RSA_KEY_SIZE_KEY = "RSA_KEY_SIZE";
public final static String DEFAULT_RSA_KEY_SIZE = "2048";
diff --git
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioEnv.java
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioEnv.java
index 9ed4b8c322..0bb0e06c96 100644
--- a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioEnv.java
+++ b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/istio/IstioEnv.java
@@ -34,6 +34,10 @@ import static
org.apache.dubbo.registry.xds.istio.IstioConstant.SPIFFE;
public class IstioEnv implements XdsEnv {
private static final Logger logger =
LoggerFactory.getLogger(IstioEnv.class);
+ private static final IstioEnv INSTANCE = new IstioEnv();
+
+ private String podName;
+
private String caAddr;
private String serviceAccount = null;
@@ -54,14 +58,28 @@ public class IstioEnv implements XdsEnv {
private String istioMetaClusterId;
- public IstioEnv() {
+ private String caCert;
+
+ private IstioEnv() {
// read k8s jwt token
File saFile = new File(IstioConstant.KUBERNETES_SA_PATH);
if (saFile.canRead()) {
try {
+ podName = System.getenv("HOSTNAME");
serviceAccount = FileUtils.readFileToString(saFile,
StandardCharsets.UTF_8);
trustDomain =
Optional.ofNullable(System.getenv(IstioConstant.TRUST_DOMAIN_KEY)).orElse(IstioConstant.DEFAULT_TRUST_DOMAIN);
- workloadNameSpace =
Optional.ofNullable(System.getenv(IstioConstant.WORKLOAD_NAMESPACE_KEY)).orElse(IstioConstant.DEFAULT_WORKLOAD_NAMESPACE);
+ workloadNameSpace =
Optional.ofNullable(System.getenv(IstioConstant.WORKLOAD_NAMESPACE_KEY))
+ .orElseGet(()->{
+ File namespaceFile = new
File(IstioConstant.KUBERNETES_NAMESPACE_PATH);
+ if (namespaceFile.canRead()) {
+ try {
+ return
FileUtils.readFileToString(namespaceFile, StandardCharsets.UTF_8);
+ } catch (IOException e) {
+ logger.error("read namespace file error", e);
+ }
+ }
+ return IstioConstant.DEFAULT_WORKLOAD_NAMESPACE;
+ });
// spiffe://<trust_domain>/ns/<namespace>/sa/<service_account>
csrHost = SPIFFE + trustDomain + NS + workloadNameSpace + SA +
serviceAccount;
caAddr =
Optional.ofNullable(System.getenv(IstioConstant.CA_ADDR_KEY)).orElse(IstioConstant.DEFAULT_CA_ADDR);
@@ -70,6 +88,14 @@ public class IstioEnv implements XdsEnv {
secretTTL =
Integer.parseInt(Optional.ofNullable(System.getenv(IstioConstant.SECRET_TTL_KEY)).orElse(IstioConstant.DEFAULT_SECRET_TTL));
secretGracePeriodRatio =
Float.parseFloat(Optional.ofNullable(System.getenv(IstioConstant.SECRET_GRACE_PERIOD_RATIO_KEY)).orElse(IstioConstant.DEFAULT_SECRET_GRACE_PERIOD_RATIO));
istioMetaClusterId =
Optional.ofNullable(System.getenv(IstioConstant.ISTIO_META_CLUSTER_ID_KEY)).orElse(IstioConstant.DEFAULT_ISTIO_META_CLUSTER_ID);
+ File caFile = new File(IstioConstant.KUBERNETES_CA_PATH);
+ if (caFile.canRead()) {
+ try {
+ caCert = FileUtils.readFileToString(caFile,
StandardCharsets.UTF_8);
+ } catch (IOException e) {
+ logger.error("read ca file error", e);
+ }
+ }
} catch (IOException e) {
logger.error("Unable to read token file.", e);
}
@@ -80,6 +106,14 @@ public class IstioEnv implements XdsEnv {
}
}
+ public static IstioEnv getInstance() {
+ return INSTANCE;
+ }
+
+ public String getPodName() {
+ return podName;
+ }
+
public String getCaAddr() {
return caAddr;
}
@@ -124,4 +158,8 @@ public class IstioEnv implements XdsEnv {
public String getIstioMetaClusterId() {
return istioMetaClusterId;
}
+
+ public String getCaCert() {
+ return caCert;
+ }
}
diff --git
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/util/NodeBuilder.java
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/util/NodeBuilder.java
index c925c166ee..e353bec85e 100644
---
a/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/util/NodeBuilder.java
+++
b/dubbo-xds/src/main/java/org/apache/dubbo/registry/xds/util/NodeBuilder.java
@@ -16,6 +16,9 @@
*/
package org.apache.dubbo.registry.xds.util;
+import org.apache.dubbo.common.utils.NetUtils;
+import org.apache.dubbo.registry.xds.istio.IstioEnv;
+
import io.envoyproxy.envoy.config.core.v3.Node;
public class NodeBuilder {
@@ -26,14 +29,14 @@ public class NodeBuilder {
// String podName = System.getenv("metadata.name");
// String podNamespace = System.getenv("metadata.namespace");
- String podName = System.getenv("POD_NAME");
- String podNamespace = System.getenv("NAMESPACE_NAME");
- String svcName = System.getenv("SVC_NAME");
+ String podName = IstioEnv.getInstance().getPodName();
+ String podNamespace = IstioEnv.getInstance().getWorkloadNameSpace();
+ String svcName = IstioEnv.getInstance().getIstioMetaClusterId();
- // id -> {POD_NAME}~{NAMESPACE_NAME}.svc.cluster.local
+ // id -> sidecar~ip~{POD_NAME}~{NAMESPACE_NAME}.svc.cluster.local
// cluster -> {SVC_NAME}
return Node.newBuilder()
- .setId(podName + "~" + podNamespace + SVC_CLUSTER_LOCAL)
+ .setId("sidecar~" + NetUtils.getLocalHost() + "~" +podName + "~" +
podNamespace + SVC_CLUSTER_LOCAL)
.setCluster(svcName)
.build();
}
