This is an automated email from the ASF dual-hosted git repository.
zhongxjian pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/dubbo-kubernetes.git
The following commit(s) were added to refs/heads/master by this push:
new 4a59f2a7 Remove redundant code logic from the control plane (#851)
4a59f2a7 is described below
commit 4a59f2a780d4f20a886191e656c7b62b033c56a6
Author: mfordjody <[email protected]>
AuthorDate: Wed Jan 21 22:04:57 2026 +0800
Remove redundant code logic from the control plane (#851)
---
dubbod/planet/pkg/bootstrap/cert_controller.go | 14 -
dubbod/planet/pkg/bootstrap/dubbo_ca.go | 11 -
dubbod/planet/pkg/bootstrap/server.go | 2 -
.../config/kube/clustertrustbundle/controller.go | 132 ---------
dubbod/planet/pkg/config/kube/crdclient/types.go | 28 +-
dubbod/planet/pkg/credentials/model.go | 2 -
dubbod/planet/pkg/features/planet.go | 10 -
.../leaderelection/k8sleaderelection/metrics.go | 6 -
dubbod/planet/pkg/model/kstatus/helper.go | 3 +-
dubbod/planet/pkg/model/typed_xds_cache.go | 43 +--
dubbod/planet/pkg/networking/core/cluster.go | 32 ---
dubbod/planet/pkg/networking/core/configgen.go | 10 -
.../networking/core/extension_config_builder.go | 26 --
dubbod/planet/pkg/networking/core/httproute.go | 26 --
dubbod/planet/pkg/networking/core/listener.go | 26 --
dubbod/planet/pkg/networking/networking.go | 45 ----
dubbod/planet/pkg/networking/util/util.go | 8 +-
dubbod/planet/pkg/security/model/authentication.go | 21 --
.../serviceregistry/kube/controller/controller.go | 27 +-
.../kube/controller/multicluster.go | 67 ++---
.../pkg/serviceregistry/kube/controller/network.go | 60 -----
.../planet/pkg/serviceregistry/util/label/label.go | 47 ----
dubbod/planet/pkg/status/resource.go | 14 -
dubbod/planet/pkg/trustbundle/trustbundle.go | 294 ---------------------
dubbod/planet/pkg/xds/cds.go | 7 +-
dubbod/planet/pkg/xds/lds.go | 17 --
dubbod/planet/pkg/xds/rds.go | 5 +-
manifests/charts/base/templates/crds.yaml | 2 +-
pkg/adsc/adsc.go | 9 +-
pkg/config/kube/conversion.go | 3 -
pkg/config/labels/instance.go | 16 +-
pkg/config/model.go | 20 --
pkg/config/types/duration.go | 64 -----
pkg/config/types/keys.go | 55 ----
pkg/config/types/tls.go | 52 ----
pkg/env/var.go | 19 --
pkg/kube/controllers/queue.go | 5 +-
pkg/queue/instance.go | 6 -
pkg/queue/util.go | 41 ---
pkg/typemap/map.go | 5 -
pkg/util/net/ip.go | 72 -----
pkg/wellknown/wellknown.go | 6 -
42 files changed, 60 insertions(+), 1298 deletions(-)
diff --git a/dubbod/planet/pkg/bootstrap/cert_controller.go
b/dubbod/planet/pkg/bootstrap/cert_controller.go
index 51794ca5..5af40b32 100644
--- a/dubbod/planet/pkg/bootstrap/cert_controller.go
+++ b/dubbod/planet/pkg/bootstrap/cert_controller.go
@@ -19,7 +19,6 @@ package bootstrap
import (
"bytes"
"fmt"
- tb "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/trustbundle"
"os"
"path"
"strings"
@@ -230,19 +229,6 @@ func (s *Server) updateRootCertAndGenKeyCert() error {
return err
}
- if features.MultiRootMesh {
- // Trigger trust anchor update, this will send PCDS to all
sidecars.
- log.Infof("Update trust anchor with new root cert")
- err =
s.workloadTrustBundle.UpdateTrustAnchor(&tb.TrustAnchorUpdate{
- TrustAnchorConfig: tb.TrustAnchorConfig{Certs:
[]string{string(caBundle)}},
- Source: tb.SourceDubboCA,
- })
- if err != nil {
- log.Errorf("failed to update trust anchor from source
Dubbo CA, err: %v", err)
- return err
- }
- }
-
s.dubbodCertBundleWatcher.SetAndNotify(keyPEM, certChain, caBundle)
return nil
}
diff --git a/dubbod/planet/pkg/bootstrap/dubbo_ca.go
b/dubbod/planet/pkg/bootstrap/dubbo_ca.go
index 687bc945..c8370222 100644
--- a/dubbod/planet/pkg/bootstrap/dubbo_ca.go
+++ b/dubbod/planet/pkg/bootstrap/dubbo_ca.go
@@ -49,10 +49,6 @@ type caOptions struct {
}
var (
- trustedIssuer = env.Register("TOKEN_ISSUER", "",
- "OIDC token issuer. If set, will be used to check the tokens.")
- audience = env.Register("AUDIENCE", "",
- "Expected audience in the tokens. ")
LocalCertDir = env.Register("ROOT_CA_DIR", "./etc/cacerts",
"Location of a local or mounted CA root")
useRemoteCerts = env.Register("USE_REMOTE_CERTS", false,
@@ -63,8 +59,6 @@ var (
// TODO: Likely to be removed and added to mesh config
k8sSigner = env.Register("K8S_SIGNER", "",
"Kubernetes CA Signer type. Valid from Kubernetes 1.18").Get()
- k8sInCluster = env.Register("KUBERNETES_SERVICE_HOST", "",
- "Kubernetes service host, set automatically when running
in-cluster")
workloadCertTTL = env.Register("DEFAULT_WORKLOAD_CERT_TTL",
cmd.DefaultWorkloadCertTTL,
"The default TTL of issued workload certificates. Applied when
the client sets a "+
@@ -352,11 +346,6 @@ func handleEvent(s *Server) {
// Only updating intermediate CA is supported now
if !bytes.Equal(currentCABundle, newCABundle) {
- if !features.MultiRootMesh {
- log.Info("Multi root is disabled, updating new ROOT-CA
not supported")
- return
- }
-
// in order to support root ca rotation, or we are removing the
old ca,
// we need to make the new CA bundle contain both old and new
CA certs
if bytes.Contains(currentCABundle, newCABundle) ||
diff --git a/dubbod/planet/pkg/bootstrap/server.go
b/dubbod/planet/pkg/bootstrap/server.go
index 50588e30..5a865330 100644
--- a/dubbod/planet/pkg/bootstrap/server.go
+++ b/dubbod/planet/pkg/bootstrap/server.go
@@ -39,7 +39,6 @@ import (
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/server"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/serviceregistry/aggregate"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/serviceregistry/provider"
- tb "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/trustbundle"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/xds"
"github.com/apache/dubbo-kubernetes/dubbod/security/pkg/pki/ca"
"github.com/apache/dubbo-kubernetes/dubbod/security/pkg/pki/ra"
@@ -111,7 +110,6 @@ type Server struct {
shutdownDuration time.Duration
caServer *caserver.Server
- workloadTrustBundle *tb.TrustBundle
cacertsWatcher *fsnotify.Watcher
dubbodCertBundleWatcher *keycertbundle.Watcher
dubbodCert *tls.Certificate
diff --git a/dubbod/planet/pkg/config/kube/clustertrustbundle/controller.go
b/dubbod/planet/pkg/config/kube/clustertrustbundle/controller.go
deleted file mode 100644
index 64f4799c..00000000
--- a/dubbod/planet/pkg/config/kube/clustertrustbundle/controller.go
+++ /dev/null
@@ -1,132 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package clustertrustbundle
-
-import (
- certificatesv1beta1 "k8s.io/api/certificates/v1beta1"
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/types"
-
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/keycertbundle"
- "github.com/apache/dubbo-kubernetes/pkg/kube"
- "github.com/apache/dubbo-kubernetes/pkg/kube/controllers"
- "github.com/apache/dubbo-kubernetes/pkg/kube/kclient"
-)
-
-const (
- dubboClusterTrustBundleName =
"dubbo.apache.org:dubbo-ca:root-cert"
- dubboClusterTrustBundleSignerName = "dubbo.apache.org/dubbod-ca"
- maxRetries = 5
-)
-
-type Controller struct {
- caBundleWatcher *keycertbundle.Watcher
- queue controllers.Queue
- clustertrustbundles
kclient.Client[*certificatesv1beta1.ClusterTrustBundle]
-}
-
-// NewController creates a new ClusterTrustBundleController
-func NewController(kubeClient kube.Client, caBundleWatcher
*keycertbundle.Watcher) *Controller {
- c := &Controller{
- caBundleWatcher: caBundleWatcher,
- }
-
- c.queue = controllers.NewQueue("clustertrustbundle controller",
- controllers.WithReconciler(c.reconcileClusterTrustBundle),
- controllers.WithMaxAttempts(maxRetries))
-
- c.clustertrustbundles =
kclient.NewFiltered[*certificatesv1beta1.ClusterTrustBundle](kubeClient,
kclient.Filter{
- FieldSelector: "metadata.name=" + dubboClusterTrustBundleName,
- ObjectFilter: kubeClient.ObjectFilter(),
- })
-
-
c.clustertrustbundles.AddEventHandler(controllers.FilteredObjectSpecHandler(c.queue.AddObject,
func(o controllers.Object) bool { return true }))
-
- return c
-}
-
-func (c *Controller) Run(stopCh <-chan struct{}) {
- if !kube.WaitForCacheSync("clustertrustbundle controller", stopCh,
c.clustertrustbundles.HasSynced) {
- return
- }
- go c.startCaBundleWatcher(stopCh)
-
- // queue an initial event
- c.queue.AddObject(&certificatesv1beta1.ClusterTrustBundle{
- ObjectMeta: metav1.ObjectMeta{
- Name: dubboClusterTrustBundleName,
- },
- })
-
- c.queue.Run(stopCh)
- controllers.ShutdownAll(c.clustertrustbundles)
-}
-
-// startCaBundleWatcher listens for updates to the CA bundle and queues a
reconciliation of the ClusterTrustBundle
-func (c *Controller) startCaBundleWatcher(stop <-chan struct{}) {
- id, watchCh := c.caBundleWatcher.AddWatcher()
- defer c.caBundleWatcher.RemoveWatcher(id)
- for {
- select {
- case <-watchCh:
-
c.queue.AddObject(&certificatesv1beta1.ClusterTrustBundle{
- ObjectMeta: metav1.ObjectMeta{
- Name: dubboClusterTrustBundleName,
- },
- })
- case <-stop:
- return
- }
- }
-}
-
-// Run starts the controller
-// updateClusterTrustBundle updates the root certificate in the
ClusterTrustBundle
-func (c *Controller) updateClusterTrustBundle(rootCert []byte) error {
- bundle := &certificatesv1beta1.ClusterTrustBundle{
- ObjectMeta: metav1.ObjectMeta{
- Name: dubboClusterTrustBundleName,
- },
- Spec: certificatesv1beta1.ClusterTrustBundleSpec{
- SignerName: dubboClusterTrustBundleSignerName,
- TrustBundle: string(rootCert),
- },
- }
-
- existing := c.clustertrustbundles.Get(dubboClusterTrustBundleName, "")
- if existing != nil {
- if existing.Spec.TrustBundle == string(rootCert) {
- // trustbundle is up to date. nothing to do
- return nil
- }
- // Update existing bundle
- existing.Spec.TrustBundle = string(rootCert)
- _, err := c.clustertrustbundles.Update(existing)
- return err
- }
-
- // Create new bundle
- _, err := c.clustertrustbundles.Create(bundle)
- return err
-}
-
-func (c *Controller) reconcileClusterTrustBundle(o types.NamespacedName) error
{
- if o.Name == dubboClusterTrustBundleName {
- return
c.updateClusterTrustBundle(c.caBundleWatcher.GetCABundle())
- }
- return nil
-}
diff --git a/dubbod/planet/pkg/config/kube/crdclient/types.go
b/dubbod/planet/pkg/config/kube/crdclient/types.go
index c3eb0968..1b9e2ce4 100644
--- a/dubbod/planet/pkg/config/kube/crdclient/types.go
+++ b/dubbod/planet/pkg/config/kube/crdclient/types.go
@@ -91,12 +91,12 @@ func create(c kube.Client, cfg config.Config, objMeta
metav1.ObjectMeta) (metav1
u := &unstructured.Unstructured{Object: uObj}
u.SetGroupVersionKind(schema.GroupVersionKind{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Kind: "PeerAuthentication",
})
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "peerauthentications",
}).Namespace(cfg.Namespace).Create(context.TODO(), u,
metav1.CreateOptions{})
case gvk.VirtualService:
@@ -114,12 +114,12 @@ func create(c kube.Client, cfg config.Config, objMeta
metav1.ObjectMeta) (metav1
u := &unstructured.Unstructured{Object: uObj}
u.SetGroupVersionKind(schema.GroupVersionKind{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Kind: "VirtualService",
})
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "virtualservices",
}).Namespace(cfg.Namespace).Create(context.TODO(), u,
metav1.CreateOptions{})
case gvk.Gateway:
@@ -181,12 +181,12 @@ func update(c kube.Client, cfg config.Config, objMeta
metav1.ObjectMeta) (metav1
u := &unstructured.Unstructured{Object: uObj}
u.SetGroupVersionKind(schema.GroupVersionKind{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Kind: "PeerAuthentication",
})
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "peerauthentications",
}).Namespace(cfg.Namespace).Update(context.TODO(), u,
metav1.UpdateOptions{})
case gvk.VirtualService:
@@ -204,12 +204,12 @@ func update(c kube.Client, cfg config.Config, objMeta
metav1.ObjectMeta) (metav1
u := &unstructured.Unstructured{Object: uObj}
u.SetGroupVersionKind(schema.GroupVersionKind{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Kind: "VirtualService",
})
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "virtualservices",
}).Namespace(cfg.Namespace).Update(context.TODO(), u,
metav1.UpdateOptions{})
case gvk.GatewayClass:
@@ -276,7 +276,7 @@ func updateStatus(c kube.Client, cfg config.Config, objMeta
metav1.ObjectMeta) (
})
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "peerauthentications",
}).Namespace(cfg.Namespace).UpdateStatus(context.TODO(), u,
metav1.UpdateOptions{})
case gvk.VirtualService:
@@ -299,7 +299,7 @@ func updateStatus(c kube.Client, cfg config.Config, objMeta
metav1.ObjectMeta) (
})
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "virtualservices",
}).Namespace(cfg.Namespace).UpdateStatus(context.TODO(), u,
metav1.UpdateOptions{})
case gvk.Gateway:
@@ -369,7 +369,7 @@ func patch(c kube.Client, orig config.Config, origMeta
metav1.ObjectMeta, mod co
}
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "peerauthentications",
}).Namespace(orig.Namespace).Patch(context.TODO(), orig.Name,
typ, patchBytes, metav1.PatchOptions{FieldManager: "planet-discovery"})
case gvk.VirtualService:
@@ -392,7 +392,7 @@ func patch(c kube.Client, orig config.Config, origMeta
metav1.ObjectMeta, mod co
}
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "virtualservices",
}).Namespace(orig.Namespace).Patch(context.TODO(), orig.Name,
typ, patchBytes, metav1.PatchOptions{FieldManager: "planet-discovery"})
case gvk.GatewayClass:
@@ -461,14 +461,14 @@ func delete(c kube.Client, typ config.GroupVersionKind,
name, namespace string,
case gvk.PeerAuthentication:
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "security.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "peerauthentications",
}).Namespace(namespace).Delete(context.TODO(), name,
deleteOptions)
case gvk.VirtualService:
// VirtualService uses networking.dubbo.apache.org API group,
use Dynamic client
return c.Dynamic().Resource(schema.GroupVersionResource{
Group: "networking.dubbo.apache.org",
- Version: "v1",
+ Version: "v1alpha3",
Resource: "virtualservices",
}).Namespace(namespace).Delete(context.TODO(), name,
deleteOptions)
case gvk.GatewayClass:
diff --git a/dubbod/planet/pkg/credentials/model.go
b/dubbod/planet/pkg/credentials/model.go
index b4e3bc91..49e01b1d 100644
--- a/dubbod/planet/pkg/credentials/model.go
+++ b/dubbod/planet/pkg/credentials/model.go
@@ -22,8 +22,6 @@ type CertInfo struct {
Cert []byte
// The private key
Key []byte
- // The oscp staple
- Staple []byte
// Certificate Revocation List information
CRL []byte
}
diff --git a/dubbod/planet/pkg/features/planet.go
b/dubbod/planet/pkg/features/planet.go
index 83efcef1..f3178e17 100644
--- a/dubbod/planet/pkg/features/planet.go
+++ b/dubbod/planet/pkg/features/planet.go
@@ -27,8 +27,6 @@ var (
"Only works in kubernetes environment.").Get()
SharedMeshGlobalConfig = env.Register("SHARED_MESH_CONFIG", "",
"Additional config map to load for shared MeshGlobalConfig
settings. The standard mesh config will take precedence.").Get()
- MultiRootMesh = env.Register("DUBBO_MULTIROOT_MESH", false,
- "If enabled, mesh will support certificates signed by more than
one trustAnchor for DUBBO_MUTUAL mTLS").Get()
InformerWatchNamespace = env.Register("DUBBO_WATCH_NAMESPACE", "",
"If set, limit Kubernetes watches to a single namespace. "+
"Warning: only a single namespace can be set.").Get()
@@ -56,14 +54,6 @@ var (
"Multiple custom host names are supported, and multiple
values are separated by commas.").Get()
InjectionWebhookConfigName =
env.Register("INJECTION_WEBHOOK_CONFIG_NAME", "dubbo-grpcxds-injector",
"Name of the mutatingwebhookconfiguration to patch, if dubboctl
is not used.").Get()
- EnableUnsafeAssertions = env.Register(
- "UNSAFE_PLANET_ENABLE_RUNTIME_ASSERTIONS",
- false,
- "If enabled, addition runtime asserts will be performed. "+
- "These checks are both expensive and panic on failure.
As a result, this should be used only for testing.",
- ).Get()
- EnableClusterTrustBundles =
env.Register("ENABLE_CLUSTER_TRUST_BUNDLE_API", false,
- "If enabled, uses the ClusterTrustBundle API instead of
ConfigMaps to store the root certificate in the cluster.").Get()
ResolveHostnameGateways = env.Register("RESOLVE_HOSTNAME_GATEWAYS",
true,
"If true, hostnames in the LoadBalancer addresses of a Service
will be resolved at the control plane for use in cross-network gateways.").Get()
ManagedGatewayController =
env.Register("PLANET_GATEWAY_API_CONTROLLER_NAME",
"dubbo.apache.org/gateway-controller",
diff --git a/dubbod/planet/pkg/leaderelection/k8sleaderelection/metrics.go
b/dubbod/planet/pkg/leaderelection/k8sleaderelection/metrics.go
index f685e446..5a96507c 100644
--- a/dubbod/planet/pkg/leaderelection/k8sleaderelection/metrics.go
+++ b/dubbod/planet/pkg/leaderelection/k8sleaderelection/metrics.go
@@ -101,9 +101,3 @@ func (f *leaderMetricsFactory) newLeaderMetrics()
leaderMetricsAdapter {
leader: mp.NewLeaderMetric(),
}
}
-
-// SetProvider sets the metrics provider for all subsequently created work
-// queues. Only the first call has an effect.
-func SetProvider(metricsProvider MetricsProvider) {
- globalMetricsFactory.setProvider(metricsProvider)
-}
diff --git a/dubbod/planet/pkg/model/kstatus/helper.go
b/dubbod/planet/pkg/model/kstatus/helper.go
index 39d38941..85f59248 100644
--- a/dubbod/planet/pkg/model/kstatus/helper.go
+++ b/dubbod/planet/pkg/model/kstatus/helper.go
@@ -22,8 +22,7 @@ import (
)
const (
- StatusTrue = "True"
- StatusFalse = "False"
+ StatusTrue = "True"
)
func UpdateConditionIfChanged(conditions []metav1.Condition, condition
metav1.Condition) []metav1.Condition {
diff --git a/dubbod/planet/pkg/model/typed_xds_cache.go
b/dubbod/planet/pkg/model/typed_xds_cache.go
index 880f454f..ae5b46ef 100644
--- a/dubbod/planet/pkg/model/typed_xds_cache.go
+++ b/dubbod/planet/pkg/model/typed_xds_cache.go
@@ -25,9 +25,7 @@ import (
"github.com/apache/dubbo-kubernetes/pkg/slices"
"github.com/apache/dubbo-kubernetes/pkg/util/sets"
discovery
"github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
- "github.com/google/go-cmp/cmp"
"github.com/hashicorp/golang-lru/v2/simplelru"
- "google.golang.org/protobuf/testing/protocmp"
)
type CacheToken uint64
@@ -60,13 +58,12 @@ type evictKeyConfigs[K comparable] struct {
}
type lruCache[K comparable] struct {
- enableAssertions bool
- store simplelru.LRUCache[K, cacheValue]
- token CacheToken
- mu sync.RWMutex
- configIndex map[ConfigHash]sets.Set[K]
- evictQueue []evictKeyConfigs[K]
- evictedOnClear bool
+ store simplelru.LRUCache[K, cacheValue]
+ token CacheToken
+ mu sync.RWMutex
+ configIndex map[ConfigHash]sets.Set[K]
+ evictQueue []evictKeyConfigs[K]
+ evictedOnClear bool
}
func (l *lruCache[K]) onEvict(k K, v cacheValue) {
@@ -86,9 +83,8 @@ type typedXdsCache[K comparable] interface {
func newTypedXdsCache[K comparable]() typedXdsCache[K] {
cache := &lruCache[K]{
- enableAssertions: features.EnableUnsafeAssertions,
- configIndex: map[ConfigHash]sets.Set[K]{},
- evictQueue: make([]evictKeyConfigs[K], 0, 1000),
+ configIndex: map[ConfigHash]sets.Set[K]{},
+ evictQueue: make([]evictKeyConfigs[K], 0, 1000),
}
cache.store = newLru(cache.onEvict)
return cache
@@ -147,9 +143,6 @@ func (l *lruCache[K]) Add(k K, entry dependents, pushReq
*PushRequest, value *di
if token <= cur.token {
return
}
- if l.enableAssertions {
- l.assertUnchanged(k, cur.value, value)
- }
}
dependentConfigs := entry.DependentConfigs()
@@ -165,26 +158,6 @@ func (l *lruCache[K]) Add(k K, entry dependents, pushReq
*PushRequest, value *di
}
}
-func (l *lruCache[K]) assertUnchanged(key K, existing *discovery.Resource,
replacement *discovery.Resource) {
- if l.enableAssertions {
- if existing == nil {
- // This is a new addition, not an update
- return
- }
- // Record time so that we can correlate when the error actually
happened, since the async reporting
- // may be delayed
- t0 := time.Now()
- // This operation is really slow, which makes tests fail for
unrelated reasons, so we process it async.
- go func() {
- if !cmp.Equal(existing, replacement,
protocmp.Transform()) {
- warning := fmt.Errorf("assertion failed at %v,
cache entry changed but not cleared for key %v: %v\n%v\n%v",
- t0, key, cmp.Diff(existing,
replacement, protocmp.Transform()), existing, replacement)
- panic(warning)
- }
- }()
- }
-}
-
func (l *lruCache[K]) updateConfigIndex(k K, dependentConfigs []ConfigHash) {
for _, cfg := range dependentConfigs {
sets.InsertOrNew(l.configIndex, cfg, k)
diff --git a/dubbod/planet/pkg/networking/core/cluster.go
b/dubbod/planet/pkg/networking/core/cluster.go
deleted file mode 100644
index 097504ce..00000000
--- a/dubbod/planet/pkg/networking/core/cluster.go
+++ /dev/null
@@ -1,32 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package core
-
-import (
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
- discovery
"github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
-)
-
-func (configgen *ConfigGeneratorImpl) BuildClusters(proxy *model.Proxy, req
*model.PushRequest) ([]*discovery.Resource, model.XdsLogDetails) {
- return nil, model.XdsLogDetails{}
-}
-
-func (configgen *ConfigGeneratorImpl) BuildDeltaClusters(proxy *model.Proxy,
updates *model.PushRequest,
- watched *model.WatchedResource,
-) ([]*discovery.Resource, []string, model.XdsLogDetails, bool) {
- return nil, nil, model.XdsLogDetails{}, false
-}
diff --git a/dubbod/planet/pkg/networking/core/configgen.go
b/dubbod/planet/pkg/networking/core/configgen.go
index 157b50db..0dba49f0 100644
--- a/dubbod/planet/pkg/networking/core/configgen.go
+++ b/dubbod/planet/pkg/networking/core/configgen.go
@@ -19,19 +19,9 @@ package core
import (
serviceRouteIndex "github.com/apache/dubbo-kubernetes/api/mesh/v1alpha1"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
- core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
- listener
"github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
- discovery
"github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
)
type ConfigGenerator interface {
- BuildListeners(node *model.Proxy, push *model.PushContext)
[]*listener.Listener
- BuildClusters(node *model.Proxy, req *model.PushRequest)
([]*discovery.Resource, model.XdsLogDetails)
- BuildDeltaClusters(proxy *model.Proxy, updates *model.PushRequest,
- watched *model.WatchedResource) ([]*discovery.Resource,
[]string, model.XdsLogDetails, bool)
- BuildHTTPRoutes(node *model.Proxy, req *model.PushRequest, routeNames
[]string) ([]*discovery.Resource, model.XdsLogDetails)
- BuildExtensionConfiguration(node *model.Proxy, push *model.PushContext,
extensionConfigNames []string,
- pullSecrets map[string][]byte) []*core.TypedExtensionConfig
serviceRouteIndexChanged(mesh *serviceRouteIndex.MeshGlobalConfig)
}
diff --git a/dubbod/planet/pkg/networking/core/extension_config_builder.go
b/dubbod/planet/pkg/networking/core/extension_config_builder.go
deleted file mode 100644
index d655ac27..00000000
--- a/dubbod/planet/pkg/networking/core/extension_config_builder.go
+++ /dev/null
@@ -1,26 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package core
-
-import (
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
- core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-)
-
-func (configgen *ConfigGeneratorImpl) BuildExtensionConfiguration(proxy
*model.Proxy, push *model.PushContext, extensionConfigNames []string,
pullSecrets map[string][]byte) []*core.TypedExtensionConfig {
- return nil
-}
diff --git a/dubbod/planet/pkg/networking/core/httproute.go
b/dubbod/planet/pkg/networking/core/httproute.go
deleted file mode 100644
index 299b812a..00000000
--- a/dubbod/planet/pkg/networking/core/httproute.go
+++ /dev/null
@@ -1,26 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package core
-
-import (
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
- discovery
"github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
-)
-
-func (configgen *ConfigGeneratorImpl) BuildHTTPRoutes(node *model.Proxy, req
*model.PushRequest, routeNames []string) ([]*discovery.Resource,
model.XdsLogDetails) {
- return nil, model.XdsLogDetails{}
-}
diff --git a/dubbod/planet/pkg/networking/core/listener.go
b/dubbod/planet/pkg/networking/core/listener.go
deleted file mode 100644
index c91e82c0..00000000
--- a/dubbod/planet/pkg/networking/core/listener.go
+++ /dev/null
@@ -1,26 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package core
-
-import (
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
- listener
"github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
-)
-
-func (configgen *ConfigGeneratorImpl) BuildListeners(node *model.Proxy, push
*model.PushContext) []*listener.Listener {
- return nil
-}
diff --git a/dubbod/planet/pkg/networking/networking.go
b/dubbod/planet/pkg/networking/networking.go
deleted file mode 100644
index 390dc545..00000000
--- a/dubbod/planet/pkg/networking/networking.go
+++ /dev/null
@@ -1,45 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package networking
-
-import core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
-
-type TransportProtocol uint8
-
-const (
- // TransportProtocolTCP is a TCP listener
- TransportProtocolTCP = iota
- // TransportProtocolQUIC is a QUIC listener
- TransportProtocolQUIC
-)
-
-func (tp TransportProtocol) String() string {
- switch tp {
- case TransportProtocolTCP:
- return "tcp"
- case TransportProtocolQUIC:
- return "quic"
- }
- return "unknown"
-}
-
-func (tp TransportProtocol) ToEnvoySocketProtocol()
core.SocketAddress_Protocol {
- if tp == TransportProtocolQUIC {
- return core.SocketAddress_UDP
- }
- return core.SocketAddress_TCP
-}
diff --git a/dubbod/planet/pkg/networking/util/util.go
b/dubbod/planet/pkg/networking/util/util.go
index 29405066..a186f3f8 100644
--- a/dubbod/planet/pkg/networking/util/util.go
+++ b/dubbod/planet/pkg/networking/util/util.go
@@ -22,7 +22,6 @@ import (
"strings"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
- dubbonetworking
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/networking"
core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
listener
"github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
)
@@ -49,7 +48,7 @@ func BuildAdditionalAddresses(extrAddresses []string,
listenPort uint32) []*list
}
func BuildAddress(bind string, port uint32) *core.Address {
- address := BuildNetworkAddress(bind, port,
dubbonetworking.TransportProtocolTCP)
+ address := BuildNetworkAddress(bind, port)
if address != nil {
return address
}
@@ -63,15 +62,14 @@ func BuildAddress(bind string, port uint32) *core.Address {
}
}
-func BuildNetworkAddress(bind string, port uint32, transport
dubbonetworking.TransportProtocol) *core.Address {
+func BuildNetworkAddress(bind string, port uint32) *core.Address {
if port == 0 {
return nil
}
return &core.Address{
Address: &core.Address_SocketAddress{
SocketAddress: &core.SocketAddress{
- Address: bind,
- Protocol: transport.ToEnvoySocketProtocol(),
+ Address: bind,
PortSpecifier: &core.SocketAddress_PortValue{
PortValue: port,
},
diff --git a/dubbod/planet/pkg/security/model/authentication.go
b/dubbod/planet/pkg/security/model/authentication.go
deleted file mode 100644
index 14a88c79..00000000
--- a/dubbod/planet/pkg/security/model/authentication.go
+++ /dev/null
@@ -1,21 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package model
-
-const (
- ThirdPartyJwtPath = "/var/run/secrets/tokens/dubbo-token"
-)
diff --git a/dubbod/planet/pkg/serviceregistry/kube/controller/controller.go
b/dubbod/planet/pkg/serviceregistry/kube/controller/controller.go
index a208dc77..92ca62b2 100644
--- a/dubbod/planet/pkg/serviceregistry/kube/controller/controller.go
+++ b/dubbod/planet/pkg/serviceregistry/kube/controller/controller.go
@@ -38,7 +38,6 @@ import (
"github.com/apache/dubbo-kubernetes/pkg/kube/controllers"
"github.com/apache/dubbo-kubernetes/pkg/kube/kclient"
"github.com/apache/dubbo-kubernetes/pkg/kube/krt"
- "github.com/apache/dubbo-kubernetes/pkg/network"
"github.com/apache/dubbo-kubernetes/pkg/queue"
"github.com/apache/dubbo-kubernetes/pkg/slices"
"github.com/hashicorp/go-multierror"
@@ -52,10 +51,6 @@ import (
dubbolog "github.com/apache/dubbo-kubernetes/pkg/log"
)
-type controllerInterface interface {
- Network(endpointIP string, labels labels.Instance) network.ID
-}
-
var (
log = dubbolog.RegisterScope("controller",
"kube controller debugging")
_ serviceregistry.Instance = &Controller{}
@@ -77,7 +72,6 @@ type Controller struct {
meshWatcher mesh.Watcher
handlers model.ControllerHandlers
pods *PodCache
- *networkManager
}
func NewController(kubeClient kubelib.Client, options Options) *Controller {
@@ -90,7 +84,6 @@ func NewController(kubeClient kubelib.Client, options
Options) *Controller {
configCluster: options.ConfigCluster,
}
- c.networkManager = initNetworkManager(c, options)
c.namespaces = kclient.New[*v1.Namespace](kubeClient)
if c.opts.SystemNamespace != "" {
@@ -130,26 +123,9 @@ func (c *Controller) onSystemNamespaceEvent(_, ns
*v1.Namespace, ev model.Event)
if ev == model.EventDelete {
return nil
}
- if c.setNetworkFromNamespace(ns) {
- // network changed, rarely happen
- // refresh pods/endpoints/services
- c.onNetworkChange()
- }
return nil
}
-func (c *Controller) onNetworkChange() {
- // the network for endpoints are computed when we process the events;
this will fix the cache
- // NOTE: this must run before the other network watcher handler that
creates a force push
- if err := c.syncPods(); err != nil {
- log.Errorf("one or more errors force-syncing pods: %v", err)
- }
- if err := c.endpoints.initializeNamespace(metav1.NamespaceAll, true);
err != nil {
- log.Errorf("one or more errors force-syncing endpoints: %v",
err)
- }
-
-}
-
func (c *Controller) syncPods() error {
var err *multierror.Error
pods := c.podsClient.List(metav1.NamespaceAll, klabels.Everything())
@@ -488,8 +464,7 @@ func (c *Controller) informersSynced() bool {
return c.namespaces.HasSynced() &&
c.pods.pods.HasSynced() &&
c.services.HasSynced() &&
- c.endpoints.slices.HasSynced() &&
- c.networkManager.HasSynced()
+ c.endpoints.slices.HasSynced()
}
func (c *Controller) hostNamesForNamespacedName(name types.NamespacedName)
[]host.Name {
diff --git a/dubbod/planet/pkg/serviceregistry/kube/controller/multicluster.go
b/dubbod/planet/pkg/serviceregistry/kube/controller/multicluster.go
index 5a4d52d1..bf66b1af 100644
--- a/dubbod/planet/pkg/serviceregistry/kube/controller/multicluster.go
+++ b/dubbod/planet/pkg/serviceregistry/kube/controller/multicluster.go
@@ -17,8 +17,6 @@
package controller
import (
-
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/config/kube/clustertrustbundle"
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/features"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/keycertbundle"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/leaderelection"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
@@ -112,50 +110,29 @@ func (m *Multicluster) initializeCluster(cluster
*multicluster.Cluster, kubeCont
}
if m.distributeCACert && (shouldLead || configCluster) {
- if features.EnableClusterTrustBundles {
- // Block server exit on graceful termination of
the leader controller.
-
m.s.RunComponentAsyncAndWait("clustertrustbundle controller", func(_ <-chan
struct{}) error {
- election := leaderelection.
-
NewLeaderElectionMulticluster(options.SystemNamespace, m.serverID,
leaderelection.NamespaceController, m.revision, !configCluster, client)
- // For config cluster (single-node
deployment), disable leader election even if globally enabled
- // because there's only one instance
and no need for election.
- if configCluster {
- election.SetEnabled(false)
- }
- election.AddRunFunction(func(leaderStop
<-chan struct{}) {
- log.Infof("starting
clustertrustbundle controller for cluster %s", cluster.ID)
- c :=
clustertrustbundle.NewController(client, m.caBundleWatcher)
- client.RunAndWait(clusterStopCh)
- c.Run(leaderStop)
- })
- election.Run(clusterStopCh)
- return nil
+ // Block server exit on graceful termination of the
leader controller.
+ m.s.RunComponentAsyncAndWait("namespace controller",
func(_ <-chan struct{}) error {
+ election := leaderelection.
+
NewLeaderElectionMulticluster(options.SystemNamespace, m.serverID,
leaderelection.NamespaceController, m.revision, !configCluster, client)
+ // For config cluster (single-node deployment),
disable leader election even if globally enabled
+ // because there's only one instance and no
need for election.
+ if configCluster {
+ election.SetEnabled(false)
+ }
+ election.AddRunFunction(func(leaderStop <-chan
struct{}) {
+ log.Infof("starting namespace
controller for cluster %s", cluster.ID)
+ nc := NewNamespaceController(client,
m.caBundleWatcher)
+ // Start informers again. This fixes
the case where informers for namespace do not start,
+ // as we create them only after
acquiring the leader lock
+ // Note: stop here should be the
overall planet stop, NOT the leader election stop. We are
+ // basically lazy loading the informer,
if we stop it when we lose the lock we will never
+ // recreate it again.
+ client.RunAndWait(clusterStopCh)
+ nc.Run(leaderStop)
})
- } else {
- // Block server exit on graceful termination of
the leader controller.
- m.s.RunComponentAsyncAndWait("namespace
controller", func(_ <-chan struct{}) error {
- election := leaderelection.
-
NewLeaderElectionMulticluster(options.SystemNamespace, m.serverID,
leaderelection.NamespaceController, m.revision, !configCluster, client)
- // For config cluster (single-node
deployment), disable leader election even if globally enabled
- // because there's only one instance
and no need for election.
- if configCluster {
- election.SetEnabled(false)
- }
- election.AddRunFunction(func(leaderStop
<-chan struct{}) {
- log.Infof("starting namespace
controller for cluster %s", cluster.ID)
- nc :=
NewNamespaceController(client, m.caBundleWatcher)
- // Start informers again. This
fixes the case where informers for namespace do not start,
- // as we create them only after
acquiring the leader lock
- // Note: stop here should be
the overall planet stop, NOT the leader election stop. We are
- // basically lazy loading the
informer, if we stop it when we lose the lock we will never
- // recreate it again.
- client.RunAndWait(clusterStopCh)
- nc.Run(leaderStop)
- })
- election.Run(clusterStopCh)
- return nil
- })
- }
+ election.Run(clusterStopCh)
+ return nil
+ })
}
}()
}
diff --git a/dubbod/planet/pkg/serviceregistry/kube/controller/network.go
b/dubbod/planet/pkg/serviceregistry/kube/controller/network.go
deleted file mode 100644
index 581e5993..00000000
--- a/dubbod/planet/pkg/serviceregistry/kube/controller/network.go
+++ /dev/null
@@ -1,60 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controller
-
-import (
- "sync"
-
- "github.com/apache/dubbo-kubernetes/pkg/cluster"
- "github.com/apache/dubbo-kubernetes/pkg/network"
- v1 "k8s.io/api/core/v1"
-)
-
-type networkManager struct {
- sync.RWMutex
- clusterID cluster.ID
- network network.ID
- networkFromMeshGlobalConfig network.ID
-}
-
-func initNetworkManager(c *Controller, options Options) *networkManager {
- n := &networkManager{
- clusterID: options.ClusterID,
- network: "",
- networkFromMeshGlobalConfig: "",
- }
- return n
-}
-
-func (n *networkManager) networkFromSystemNamespace() network.ID {
- n.RLock()
- defer n.RUnlock()
- return n.network
-}
-
-func (n *networkManager) HasSynced() bool {
- return true
-}
-
-func (n *networkManager) setNetworkFromNamespace(ns *v1.Namespace) bool {
- nw := ns.Labels["topology.dubbo.apache.org/network"]
- n.Lock()
- defer n.Unlock()
- oldDefaultNetwork := n.network
- n.network = network.ID(nw)
- return oldDefaultNetwork != n.network
-}
diff --git a/dubbod/planet/pkg/serviceregistry/util/label/label.go
b/dubbod/planet/pkg/serviceregistry/util/label/label.go
deleted file mode 100644
index 7b2db81e..00000000
--- a/dubbod/planet/pkg/serviceregistry/util/label/label.go
+++ /dev/null
@@ -1,47 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package label
-
-import (
- "github.com/apache/dubbo-kubernetes/pkg/cluster"
- "github.com/apache/dubbo-kubernetes/pkg/config/labels"
- "github.com/apache/dubbo-kubernetes/pkg/network"
-)
-
-const (
- LabelTopologyCluster = "topology.dubbo.apache.org/cluster"
- LabelTopologyNetwork = "topology.dubbo.apache.org/network"
-)
-
-func AugmentLabels(in labels.Instance, clusterID cluster.ID, locality, k8sNode
string, networkID network.ID) labels.Instance {
- // Copy the original labels to a new map.
- out := make(labels.Instance, len(in)+2)
- for k, v := range in {
- out[k] = v
- }
-
- // In proxyless mesh, locality is not used, so we skip
region/zone/subzone labels
- if len(clusterID) > 0 {
- out[LabelTopologyCluster] = clusterID.String()
- }
- // In c.Network(), we already set the network label in priority order
pod labels > namespace label
- // We won't let proxy.Metadata.Network override the above.
- if len(networkID) > 0 && out[LabelTopologyNetwork] == "" {
- out[LabelTopologyNetwork] = networkID.String()
- }
- return out
-}
diff --git a/dubbod/planet/pkg/status/resource.go
b/dubbod/planet/pkg/status/resource.go
index 3c445544..17697561 100644
--- a/dubbod/planet/pkg/status/resource.go
+++ b/dubbod/planet/pkg/status/resource.go
@@ -18,7 +18,6 @@ package status
import (
"context"
- "strconv"
"strings"
"k8s.io/apimachinery/pkg/runtime/schema"
@@ -48,19 +47,6 @@ func (r *Resource) ToModelKey() string {
r.Name, r.Namespace)
}
-func ResourceFromModelConfig(c config.Config) Resource {
- gvr, ok := gvk.ToGVR(c.GroupVersionKind)
- if !ok {
- return Resource{}
- }
- return Resource{
- GroupVersionResource: gvr,
- Namespace: c.Namespace,
- Name: c.Name,
- Generation: strconv.FormatInt(c.Generation, 10),
- }
-}
-
func GetStatusManipulator(in any) (out Manipulator) {
return &NopStatusManipulator{in}
}
diff --git a/dubbod/planet/pkg/trustbundle/trustbundle.go
b/dubbod/planet/pkg/trustbundle/trustbundle.go
deleted file mode 100644
index e84afce6..00000000
--- a/dubbod/planet/pkg/trustbundle/trustbundle.go
+++ /dev/null
@@ -1,294 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package trustbundle
-
-import (
- "crypto/x509"
- "encoding/pem"
- "fmt"
- "sort"
- "strings"
- "sync"
- "time"
-
- "github.com/apache/dubbo-kubernetes/pkg/slices"
-
- meshv1alpha1 "github.com/apache/dubbo-kubernetes/api/mesh/v1alpha1"
- "github.com/apache/dubbo-kubernetes/pkg/config/mesh"
- "github.com/apache/dubbo-kubernetes/pkg/spiffe"
- "github.com/apache/dubbo-kubernetes/pkg/util/sets"
-
- dubbolog "github.com/apache/dubbo-kubernetes/pkg/log"
-)
-
-var log = dubbolog.RegisterScope("trustbundle", "trust bundle debugging")
-
-// Source is all possible sources of MeshGlobalConfig
-type Source int
-
-const (
- SourceDubboCA Source = iota
- SourceMeshGlobalConfig
- SourceDubboRA
- sourceSpiffeEndpoints
-)
-
-func (s Source) String() string {
- switch s {
- case SourceDubboCA:
- return "DubboCA"
- case SourceMeshGlobalConfig:
- return "MeshGlobalConfig"
- case SourceDubboRA:
- return "DubboRA"
- case sourceSpiffeEndpoints:
- return "SpiffeEndpoints"
- default:
- return "Unknown"
- }
-}
-
-type TrustAnchorConfig struct {
- Certs []string
-}
-
-type TrustAnchorUpdate struct {
- TrustAnchorConfig
- Source Source
-}
-
-type TrustBundle struct {
- sourceConfig map[Source]TrustAnchorConfig
- mutex sync.RWMutex
- mergedCerts []string
- updatecb func()
- endpointMutex sync.RWMutex
- endpoints []string
- endpointUpdateChan chan struct{}
- remoteCaCertPool *x509.CertPool
- meshWatcher mesh.Watcher
-}
-
-var (
- // trustBundleLog = log.RegisterScope("trustBundle", "Workload mTLS
trust bundle logs")
- remoteTimeout = 10 * time.Second
-)
-
-// NewTrustBundle returns a new trustbundle
-func NewTrustBundle(remoteCaCertPool *x509.CertPool, meshwatcher mesh.Watcher)
*TrustBundle {
- var err error
- tb := &TrustBundle{
- sourceConfig: map[Source]TrustAnchorConfig{
- SourceDubboCA: {Certs: []string{}},
- SourceMeshGlobalConfig: {Certs: []string{}},
- SourceDubboRA: {Certs: []string{}},
- sourceSpiffeEndpoints: {Certs: []string{}},
- },
- mergedCerts: []string{},
- updatecb: nil,
- endpointUpdateChan: make(chan struct{}, 1),
- endpoints: []string{},
- meshWatcher: meshwatcher,
- }
- if remoteCaCertPool == nil {
- tb.remoteCaCertPool, err = x509.SystemCertPool()
- if err != nil {
- // trustBundleLog.Errorf("failed to initialize remote
Cert pool: %v", err)
- }
- } else {
- tb.remoteCaCertPool = remoteCaCertPool
- }
- return tb
-}
-
-func (tb *TrustBundle) UpdateCb(updatecb func()) {
- tb.updatecb = updatecb
-}
-
-// GetTrustBundle : Retrieves all the trustAnchors for current Spiffee Trust
Domain
-func (tb *TrustBundle) GetTrustBundle() []string {
- tb.mutex.RLock()
- defer tb.mutex.RUnlock()
- trustedCerts := make([]string, len(tb.mergedCerts))
- copy(trustedCerts, tb.mergedCerts)
- return trustedCerts
-}
-
-func verifyTrustAnchor(trustAnchor string) error {
- block, _ := pem.Decode([]byte(trustAnchor))
- if block == nil {
- return fmt.Errorf("failed to decode pem certificate")
- }
- cert, err := x509.ParseCertificate(block.Bytes)
- if err != nil {
- return fmt.Errorf("failed to parse X.509 certificate: %v", err)
- }
- if !cert.IsCA {
- return fmt.Errorf("certificate is not a CA certificate")
- }
- return nil
-}
-
-func (tb *TrustBundle) mergeInternal() {
- var mergeCerts []string
- certMap := sets.New[string]()
-
- tb.mutex.Lock()
- defer tb.mutex.Unlock()
-
- for _, configSource := range tb.sourceConfig {
- for _, cert := range configSource.Certs {
- if !certMap.InsertContains(cert) {
- mergeCerts = append(mergeCerts, cert)
- }
- }
- }
- tb.mergedCerts = mergeCerts
- sort.Strings(tb.mergedCerts)
-}
-
-// UpdateTrustAnchor : External Function to merge a TrustAnchor config with
the existing TrustBundle
-func (tb *TrustBundle) UpdateTrustAnchor(anchorConfig *TrustAnchorUpdate)
error {
- var ok bool
- var err error
-
- tb.mutex.RLock()
- cachedConfig, ok := tb.sourceConfig[anchorConfig.Source]
- tb.mutex.RUnlock()
- if !ok {
- return fmt.Errorf("invalid source of TrustBundle configuration
%v", anchorConfig.Source)
- }
-
- // Check if anything needs to be changed at all
- if slices.Equal(anchorConfig.Certs, cachedConfig.Certs) {
- // trustBundleLog.Debugf("no change to trustAnchor
configuration after recent update")
- return nil
- }
-
- for _, cert := range anchorConfig.Certs {
- err = verifyTrustAnchor(cert)
- if err != nil {
- return err
- }
- }
- tb.mutex.Lock()
- tb.sourceConfig[anchorConfig.Source] = anchorConfig.TrustAnchorConfig
- tb.mutex.Unlock()
- tb.mergeInternal()
-
- log.Infof("updating Source %v with certs %v",
- anchorConfig.Source,
- strings.Join(anchorConfig.TrustAnchorConfig.Certs, "\n"))
-
- if tb.updatecb != nil {
- tb.updatecb()
- }
- return nil
-}
-
-func (tb *TrustBundle) updateRemoteEndpoint(spiffeEndpoints []string) {
- tb.endpointMutex.RLock()
- remoteEndpoints := tb.endpoints
- tb.endpointMutex.RUnlock()
-
- if slices.Equal(spiffeEndpoints, remoteEndpoints) {
- return
- }
- log.Infof("updated remote endpoints :%v", spiffeEndpoints)
- tb.endpointMutex.Lock()
- tb.endpoints = spiffeEndpoints
- tb.endpointMutex.Unlock()
- tb.endpointUpdateChan <- struct{}{}
-}
-
-func (tb *TrustBundle) AddMeshGlobalConfigUpdate(cfg
*meshv1alpha1.MeshGlobalConfig) error {
- var err error
- if cfg != nil {
- certs := []string{}
- endpoints := []string{}
- for _, pemCert := range cfg.GetCaCertificates() {
- cert := pemCert.GetPem()
- if cert != "" {
- certs = append(certs, cert)
- } else if pemCert.GetSpiffeBundleUrl() != "" {
- endpoints = append(endpoints,
pemCert.GetSpiffeBundleUrl())
- }
- }
-
- err = tb.UpdateTrustAnchor(&TrustAnchorUpdate{
- TrustAnchorConfig: TrustAnchorConfig{Certs: certs},
- Source: SourceMeshGlobalConfig,
- })
- if err != nil {
- log.Errorf("failed to update meshWatcher PEM
trustAnchors: %v", err)
- return err
- }
-
- tb.updateRemoteEndpoint(endpoints)
- }
- return nil
-}
-
-func (tb *TrustBundle) fetchRemoteTrustAnchors() {
- var err error
-
- tb.endpointMutex.RLock()
- remoteEndpoints := tb.endpoints
- tb.endpointMutex.RUnlock()
- remoteCerts := []string{}
-
- currentTrustDomain := tb.meshWatcher.Mesh().GetTrustDomain()
- for _, endpoint := range remoteEndpoints {
- trustDomainAnchorMap, err :=
spiffe.RetrieveSpiffeBundleRootCerts(
- map[string]string{currentTrustDomain: endpoint},
tb.remoteCaCertPool, remoteTimeout)
- if err != nil {
- log.Errorf("unable to fetch trust Anchors from endpoint
%s: %s", endpoint, err)
- continue
- }
- certs := trustDomainAnchorMap[currentTrustDomain]
- for _, cert := range certs {
- certStr := string(pem.EncodeToMemory(&pem.Block{Type:
"CERTIFICATE", Bytes: cert.Raw}))
- log.Debugf("from endpoint %v, fetched trust anchor
cert: %v", endpoint, certStr)
- remoteCerts = append(remoteCerts, certStr)
- }
- }
- err = tb.UpdateTrustAnchor(&TrustAnchorUpdate{
- TrustAnchorConfig: TrustAnchorConfig{Certs: remoteCerts},
- Source: sourceSpiffeEndpoints,
- })
- if err != nil {
- log.Errorf("failed to update meshWatcher Spiffe trustAnchors:
%v", err)
- }
-}
-
-func (tb *TrustBundle) ProcessRemoteTrustAnchors(stop <-chan struct{},
pollInterval time.Duration) {
- ticker := time.NewTicker(pollInterval)
- defer ticker.Stop()
- for {
- select {
- case <-ticker.C:
- log.Infof("waking up to perform periodic checks")
- tb.fetchRemoteTrustAnchors()
- case <-stop:
- log.Infof("stop processing endpoint trustAnchor
updates")
- return
- case <-tb.endpointUpdateChan:
- tb.fetchRemoteTrustAnchors()
- log.Infof("processing endpoint trustAnchor Updates for
config change")
- }
- }
-}
diff --git a/dubbod/planet/pkg/xds/cds.go b/dubbod/planet/pkg/xds/cds.go
index cbcbee72..8640e6a0 100644
--- a/dubbod/planet/pkg/xds/cds.go
+++ b/dubbod/planet/pkg/xds/cds.go
@@ -55,8 +55,7 @@ func (c CdsGenerator) Generate(proxy *model.Proxy, w
*model.WatchedResource, req
if !needsPush {
return nil, model.DefaultXdsLogDetails, nil
}
- clusters, logs := c.ConfigGenerator.BuildClusters(proxy, req)
- return clusters, logs, nil
+ return nil, model.DefaultXdsLogDetails, nil
}
// GenerateDeltas for CDS currently only builds deltas when services change.
todo implement changes for DestinationRule, etc
@@ -67,6 +66,6 @@ func (c CdsGenerator) GenerateDeltas(proxy *model.Proxy, req
*model.PushRequest,
if !needsPush {
return nil, nil, model.DefaultXdsLogDetails, false, nil
}
- updatedClusters, removedClusters, logs, usedDelta :=
c.ConfigGenerator.BuildDeltaClusters(proxy, req, w)
- return updatedClusters, removedClusters, logs, usedDelta, nil
+
+ return nil, nil, model.DefaultXdsLogDetails, false, nil
}
diff --git a/dubbod/planet/pkg/xds/lds.go b/dubbod/planet/pkg/xds/lds.go
index 66c0fc31..41310a93 100644
--- a/dubbod/planet/pkg/xds/lds.go
+++ b/dubbod/planet/pkg/xds/lds.go
@@ -19,8 +19,6 @@ package xds
import (
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/model"
"github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/networking/core"
- "github.com/apache/dubbo-kubernetes/dubbod/planet/pkg/util/protoconv"
- discovery
"github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3"
)
type LdsGenerator struct {
@@ -44,21 +42,6 @@ func (l LdsGenerator) Generate(proxy *model.Proxy, w
*model.WatchedResource, req
if !ldsNeedsPush(proxy, req) {
return nil, model.DefaultXdsLogDetails, nil
}
- // For standard ConfigGenerator (Envoy), BuildListeners doesn't take
names parameter
- // The names filtering is handled by the resource filtering logic in
pushXds
- listeners := l.ConfigGenerator.BuildListeners(proxy, req.Push)
resources := model.Resources{}
- for _, c := range listeners {
- // Filter resources based on WatchedResource.ResourceNames if
specified
- if w != nil && w.ResourceNames != nil && len(w.ResourceNames) >
0 {
- if !w.ResourceNames.Contains(c.Name) {
- continue
- }
- }
- resources = append(resources, &discovery.Resource{
- Name: c.Name,
- Resource: protoconv.MessageToAny(c),
- })
- }
return resources, model.DefaultXdsLogDetails, nil
}
diff --git a/dubbod/planet/pkg/xds/rds.go b/dubbod/planet/pkg/xds/rds.go
index ff5ae488..95a3a086 100644
--- a/dubbod/planet/pkg/xds/rds.go
+++ b/dubbod/planet/pkg/xds/rds.go
@@ -60,7 +60,6 @@ func (c RdsGenerator) Generate(proxy *model.Proxy, w
*model.WatchedResource, req
log.Debugf("RDS Generate: skipping push for node=%s
(rdsNeedsPush=false)", proxy.ID)
return nil, model.DefaultXdsLogDetails, nil
}
- resources, logDetails := c.ConfigGenerator.BuildHTTPRoutes(proxy, req,
w.ResourceNames.UnsortedList())
- log.Infof("RDS Generate: built %d resources for node=%s",
len(resources), proxy.ID)
- return resources, logDetails, nil
+ resources := model.Resources{}
+ return resources, model.DefaultXdsLogDetails, nil
}
diff --git a/manifests/charts/base/templates/crds.yaml
b/manifests/charts/base/templates/crds.yaml
index 82357671..46ad2172 100644
--- a/manifests/charts/base/templates/crds.yaml
+++ b/manifests/charts/base/templates/crds.yaml
@@ -14,7 +14,7 @@
# limitations under the License.
{{- $file := .Files }}
-{{- range $path, $_ := .Files.Glob "files/crd-all.yaml" }}
+{{- range $path, $_ := .Files.Glob "files/crd-all.gen.yaml" }}
{{- $file.Get $path }}
{{- end -}}
diff --git a/pkg/adsc/adsc.go b/pkg/adsc/adsc.go
index b9be6ef6..54b98cd8 100644
--- a/pkg/adsc/adsc.go
+++ b/pkg/adsc/adsc.go
@@ -483,7 +483,6 @@ func (a *ADSC) handleReceive() {
func (a *ADSC) handleLDS(ll []*listener.Listener) {
lh := map[string]*listener.Listener{}
- lt := map[string]*listener.Listener{}
routes := []string{}
ldsSize := 0
@@ -508,11 +507,6 @@ func (a *ADSC) handleLDS(ll []*listener.Listener) {
}
switch filter.Name {
- case wellknown.TCPProxy:
- lt[l.Name] = l
- config, _ :=
protomarshal.MessageToStructSlow(filter.GetTypedConfig())
- c := config.Fields["cluster"].GetStringValue()
- log.Debugf("TCP: %s -> %s", l.Name, c)
case wellknown.HTTPConnectionManager:
lh[l.Name] = l
@@ -528,7 +522,7 @@ func (a *ADSC) handleLDS(ll []*listener.Listener) {
}
}
- log.Infof("LDS: http=%d tcp=%d size=%d", len(lh), len(lt), ldsSize)
+ log.Infof("LDS: http=%d size=%d", len(lh), ldsSize)
a.mutex.Lock()
defer a.mutex.Unlock()
@@ -536,7 +530,6 @@ func (a *ADSC) handleLDS(ll []*listener.Listener) {
a.sendResources(v3.RouteType, routes)
}
a.httpListeners = lh
- a.tcpListeners = lt
select {
case a.Updates <- v3.ListenerType:
diff --git a/pkg/config/kube/conversion.go b/pkg/config/kube/conversion.go
index 51324056..91b21814 100644
--- a/pkg/config/kube/conversion.go
+++ b/pkg/config/kube/conversion.go
@@ -20,7 +20,6 @@ import (
"strings"
"github.com/apache/dubbo-kubernetes/pkg/config/protocol"
- "github.com/apache/dubbo-kubernetes/pkg/util/sets"
)
const (
@@ -32,8 +31,6 @@ var (
grpcWebLen = len(grpcWeb)
)
-var wellKnownPorts = sets.New[int32](DNS)
-
func ConvertProtocol(port int32, portName string, appProto *string)
protocol.Instance {
// If application protocol is set, we will use that
// If not, use the port name
diff --git a/pkg/config/labels/instance.go b/pkg/config/labels/instance.go
index 7829b6ad..a502eee8 100644
--- a/pkg/config/labels/instance.go
+++ b/pkg/config/labels/instance.go
@@ -30,9 +30,6 @@ import (
const (
DNS1123LabelMaxLength = 63 // Public for testing only.
dns1123LabelFmt = "[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?"
- // a wild-card prefix is an '*', a normal DNS1123 label with a leading
'*' or '*-', or a normal DNS1123 label
- wildcardPrefix = `(\*|(\*|\*-)?` + dns1123LabelFmt + `)`
-
// Using kubernetes requirement, a valid key must be a non-empty string
consist
// of alphanumeric characters, '-', '_' or '.', and must start and end
with an
// alphanumeric character (e.g. 'MyValue', or 'my_value', or '12345'
@@ -44,10 +41,9 @@ const (
)
var (
- tagRegexp = regexp.MustCompile("^(" + dnsNamePrefixFmt +
")?(" + qualifiedNameFmt + ")$") // label value can be an empty string
- labelValueRegexp = regexp.MustCompile("^" + "(" + qualifiedNameFmt
+ ")?" + "$")
- dns1123LabelRegexp = regexp.MustCompile("^" + dns1123LabelFmt + "$")
- wildcardPrefixRegexp = regexp.MustCompile("^" + wildcardPrefix + "$")
+ tagRegexp = regexp.MustCompile("^(" + dnsNamePrefixFmt + ")?("
+ qualifiedNameFmt + ")$") // label value can be an empty string
+ labelValueRegexp = regexp.MustCompile("^" + "(" + qualifiedNameFmt +
")?" + "$")
+ dns1123LabelRegexp = regexp.MustCompile("^" + dns1123LabelFmt + "$")
)
// Instance is a non empty map of arbitrary strings. Each version of a service
can
@@ -114,12 +110,6 @@ func IsDNS1123Label(value string) bool {
return len(value) <= DNS1123LabelMaxLength &&
dns1123LabelRegexp.MatchString(value)
}
-// IsWildcardDNS1123Label tests for a string that conforms to the definition
of a label in DNS (RFC 1123), but allows
-// the wildcard label (`*`), and typical labels with a leading astrisk instead
of alphabetic character (e.g. "*-foo")
-func IsWildcardDNS1123Label(value string) bool {
- return len(value) <= DNS1123LabelMaxLength &&
wildcardPrefixRegexp.MatchString(value)
-}
-
// validateTagKey checks that a string is valid as a Kubernetes label name.
func validateTagKey(k string) error {
match := tagRegexp.FindStringSubmatch(k)
diff --git a/pkg/config/model.go b/pkg/config/model.go
index 0a66ebfa..a3391b35 100644
--- a/pkg/config/model.go
+++ b/pkg/config/model.go
@@ -35,7 +35,6 @@ import (
kubetypes "k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/yaml"
- "github.com/apache/dubbo-kubernetes/pkg/cluster"
"github.com/apache/dubbo-kubernetes/pkg/maps"
"github.com/apache/dubbo-kubernetes/pkg/util/gogoprotomarshal"
"github.com/apache/dubbo-kubernetes/pkg/util/sets"
@@ -111,20 +110,6 @@ type Config struct {
Extra map[string]any
}
-type ObjectWithCluster[T any] struct {
- ClusterID cluster.ID
- Object *T
-}
-
-// We can't refer to krt directly without causing an import cycle, but this
function
-// implements an interface that allows the krt helper to know how to get the
object key
-func (o ObjectWithCluster[T]) GetObjectKeyable() any {
- if o.Object == nil {
- return nil
- }
- return *o.Object
-}
-
func LabelsInRevision(lbls map[string]string, rev string) bool {
configEnv, f := lbls["dubbo.apache.org/rev"]
if !f {
@@ -397,7 +382,6 @@ func (c Config) DeepCopy() Config {
if c.Status != nil {
clone.Status = DeepCopy(c.Status)
}
- // Note that this is effectively a shallow clone, but this is fine as
it is not manipulated.
if c.Extra != nil {
clone.Extra = maps.Clone(c.Extra)
}
@@ -467,14 +451,10 @@ func CanonicalGroup(group string) string {
return "core"
}
-// CanonicalGroup returns the group with defaulting applied. This means an
empty group will
-// be treated as "core", following Kubernetes API standards
func (g GroupVersionKind) CanonicalGroup() string {
return CanonicalGroup(g.Group)
}
-// PatchFunc provides the cached config as a base for modification. Only diff
the between the cfg
-// parameter and the returned Config will be applied.
type PatchFunc func(cfg Config) (Config, kubetypes.PatchType)
type Namer interface {
diff --git a/pkg/config/types/duration.go b/pkg/config/types/duration.go
deleted file mode 100644
index 98024be3..00000000
--- a/pkg/config/types/duration.go
+++ /dev/null
@@ -1,64 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package types
-
-import (
- "encoding/json"
- "time"
-)
-
-import (
- "github.com/pkg/errors"
-)
-
-type Duration struct {
- time.Duration
-}
-
-func (d Duration) MarshalJSON() ([]byte, error) {
- return json.Marshal(d.String())
-}
-
-func (d *Duration) UnmarshalJSON(b []byte) error {
- var v interface{}
- if err := json.Unmarshal(b, &v); err != nil {
- return err
- }
- switch value := v.(type) {
- case float64:
- d.Duration = time.Duration(value)
- return nil
- case string:
- var err error
- d.Duration, err = time.ParseDuration(value)
- if err != nil {
- return err
- }
- return nil
- default:
- return errors.New("invalid duration")
- }
-}
-
-func (d *Duration) Decode(value string) error {
- var err error
- d.Duration, err = time.ParseDuration(value)
- if err != nil {
- return err
- }
- return nil
-}
diff --git a/pkg/config/types/keys.go b/pkg/config/types/keys.go
deleted file mode 100644
index ab3b7cef..00000000
--- a/pkg/config/types/keys.go
+++ /dev/null
@@ -1,55 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package types
-
-import (
- "github.com/pkg/errors"
-)
-
-type PublicKey struct {
- // ID of key used to issue token.
- KID string `json:"kid"`
- // File with a public key encoded in PEM format.
- KeyFile string `json:"keyFile,omitempty"`
- // Public key encoded in PEM format.
- Key string `json:"key,omitempty"`
-}
-
-type MeshedPublicKey struct {
- PublicKey
- Mesh string `json:"mesh"`
-}
-
-func (p PublicKey) Validate() error {
- if p.KID == "" {
- return errors.New(".KID is required")
- }
- if p.KeyFile == "" && p.Key == "" {
- return errors.New("either .KeyFile or .Key has to be defined")
- }
- if p.KeyFile != "" && p.Key != "" {
- return errors.New("both .KeyFile or .Key cannot be defined")
- }
- return nil
-}
-
-func (m MeshedPublicKey) Validate() error {
- if err := m.PublicKey.Validate(); err != nil {
- return err
- }
- return nil
-}
diff --git a/pkg/config/types/tls.go b/pkg/config/types/tls.go
deleted file mode 100644
index f4461a0f..00000000
--- a/pkg/config/types/tls.go
+++ /dev/null
@@ -1,52 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package types
-
-import (
- "crypto/tls"
- "sort"
-)
-
-var versions = map[string]uint16{
- "TLSv1_2": tls.VersionTLS12,
- "TLSv1_3": tls.VersionTLS13,
-}
-
-var (
- versionNames []string
- secureCiphers map[string]uint16
- secureCiphersNames []string
- insecureCiphers map[string]uint16
- insecureCiphersNames []string
-)
-
-func init() {
- secureCiphers = map[string]uint16{}
- for _, v := range tls.CipherSuites() {
- secureCiphers[v.Name] = v.ID
- secureCiphersNames = append(secureCiphersNames, v.Name)
- }
- insecureCiphers = map[string]uint16{}
- for _, v := range tls.InsecureCipherSuites() {
- insecureCiphers[v.Name] = v.ID
- insecureCiphersNames = append(insecureCiphersNames, v.Name)
- }
- for k := range versions {
- versionNames = append(versionNames, k)
- }
- sort.Strings(versionNames)
-}
diff --git a/pkg/env/var.go b/pkg/env/var.go
index 3f326546..a359d7dd 100644
--- a/pkg/env/var.go
+++ b/pkg/env/var.go
@@ -20,7 +20,6 @@ import (
"encoding/json"
"fmt"
"os"
- "sort"
"strconv"
"sync"
"time"
@@ -40,8 +39,6 @@ const (
FLOAT
// Variable holds a time duration.
DURATION
- // Variable holds a dynamic unknown type.
- OTHER
)
// Var describes a single environment variable
@@ -98,22 +95,6 @@ var (
mutex sync.Mutex
)
-// VarDescriptions returns a description of this process' environment
variables, sorted by name.
-func VarDescriptions() []Var {
- mutex.Lock()
- sorted := make([]Var, 0, len(allVars))
- for _, v := range allVars {
- sorted = append(sorted, v)
- }
- mutex.Unlock()
-
- sort.Slice(sorted, func(i, j int) bool {
- return sorted[i].Name < sorted[j].Name
- })
-
- return sorted
-}
-
type Parseable interface {
comparable
}
diff --git a/pkg/kube/controllers/queue.go b/pkg/kube/controllers/queue.go
index d3c9a2b7..8c4a683d 100644
--- a/pkg/kube/controllers/queue.go
+++ b/pkg/kube/controllers/queue.go
@@ -53,10 +53,7 @@ func NewQueue(name string, options ...func(*Queue)) Queue {
q.queue = workqueue.NewTypedRateLimitingQueueWithConfig[any](
workqueue.DefaultTypedControllerRateLimiter[any](),
workqueue.TypedRateLimitingQueueConfig[any]{
- Name: name,
- MetricsProvider: nil,
- Clock: nil,
- DelayingQueue: nil,
+ Name: name,
},
)
}
diff --git a/pkg/queue/instance.go b/pkg/queue/instance.go
index b10f85cd..91259461 100644
--- a/pkg/queue/instance.go
+++ b/pkg/queue/instance.go
@@ -21,7 +21,6 @@ import (
"time"
"go.uber.org/atomic"
- "k8s.io/apimachinery/pkg/util/rand"
)
// Task to be performed.
@@ -63,11 +62,6 @@ type queueImpl struct {
syncCallback func()
}
-// NewQueue instantiates a queue with a processing function
-func NewQueue(errorDelay time.Duration) Instance {
- return NewQueueWithID(errorDelay, rand.String(10))
-}
-
// NewQueue instantiates a queue with a processing function
func NewWithSync(f func(), name string) Instance {
q := NewQueueWithID(time.Second, name)
diff --git a/pkg/queue/util.go b/pkg/queue/util.go
deleted file mode 100644
index ab646da9..00000000
--- a/pkg/queue/util.go
+++ /dev/null
@@ -1,41 +0,0 @@
-//
-// Licensed to the Apache Software Foundation (ASF) under one or more
-// contributor license agreements. See the NOTICE file distributed with
-// this work for additional information regarding copyright ownership.
-// The ASF licenses this file to You under the Apache License, Version 2.0
-// (the "License"); you may not use this file except in compliance with
-// the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package queue
-
-import (
- "fmt"
- "time"
-)
-
-// WaitForClose blocks until the Instance has stopped processing tasks or the
timeout expires.
-// If the timeout is zero, it will wait until the queue is done processing.
-// WaitForClose an error if the timeout expires.
-func WaitForClose(q Instance, timeout time.Duration) error {
- closed := q.Closed()
- if timeout == 0 {
- <-closed
- return nil
- }
- timer := time.NewTimer(timeout)
- defer timer.Stop()
- select {
- case <-closed:
- return nil
- case <-timer.C:
- return fmt.Errorf("timeout waiting for queue to close after
%v", timeout)
- }
-}
diff --git a/pkg/typemap/map.go b/pkg/typemap/map.go
index a1d9802d..bbc2a431 100644
--- a/pkg/typemap/map.go
+++ b/pkg/typemap/map.go
@@ -29,11 +29,6 @@ func NewTypeMap() TypeMap {
return TypeMap{make(map[reflect.Type]any)}
}
-func Set[T any](t TypeMap, v T) {
- interfaceType := reflect.TypeOf((*T)(nil)).Elem()
- t.inner[interfaceType] = v
-}
-
func Get[T any](t TypeMap) *T {
v, f := t.inner[reflect.TypeFor[T]()]
if f {
diff --git a/pkg/util/net/ip.go b/pkg/util/net/ip.go
index c4c3bcc3..94344856 100644
--- a/pkg/util/net/ip.go
+++ b/pkg/util/net/ip.go
@@ -17,14 +17,9 @@
package net
import (
- "net"
- "net/http"
"net/netip"
-
- "github.com/apache/dubbo-kubernetes/pkg/log"
)
-// IsValidIPAddress Tell whether the given IP address is valid or not
func IsValidIPAddress(ip string) bool {
ipa, err := netip.ParseAddr(ip)
if err != nil {
@@ -32,70 +27,3 @@ func IsValidIPAddress(ip string) bool {
}
return ipa.IsValid()
}
-
-// IsIPv6Address returns if ip is IPv6.
-func IsIPv6Address(ip string) bool {
- ipa, err := netip.ParseAddr(ip)
- if err != nil {
- return false
- }
- return ipa.Is6()
-}
-
-// IsIPv4Address returns if ip is IPv4.
-func IsIPv4Address(ip string) bool {
- ipa, err := netip.ParseAddr(ip)
- if err != nil {
- return false
- }
- return ipa.Is4()
-}
-
-// IPsSplitV4V6 returns two slice of ipv4 and ipv6 string slice.
-func IPsSplitV4V6(ips []string) (ipv4 []string, ipv6 []string) {
- for _, i := range ips {
- ip, err := netip.ParseAddr(i)
- if err != nil {
- log.Debugf("ignoring un-parsable IP address: %v", err)
- continue
- }
- if ip.Is4() {
- ipv4 = append(ipv4, ip.String())
- } else if ip.Is6() {
- ipv6 = append(ipv6, ip.String())
- } else {
- log.Debugf("ignoring un-parsable IP address: %v", ip)
- }
- }
- return
-}
-
-// ParseIPsSplitToV4V6 returns two slice of ipv4 and ipv6 netip.Addr.
-func ParseIPsSplitToV4V6(ips []string) (ipv4 []netip.Addr, ipv6 []netip.Addr) {
- for _, i := range ips {
- ip, err := netip.ParseAddr(i)
- if err != nil {
- log.Debugf("ignoring un-parsable IP address: %v", err)
- continue
- }
- if ip.Is4() {
- ipv4 = append(ipv4, ip)
- } else if ip.Is6() {
- ipv6 = append(ipv6, ip)
- } else {
- log.Debugf("ignoring un-parsable IP address: %v", ip)
- }
- }
- return
-}
-
-// IsRequestFromLocalhost returns true if request is from localhost address.
-func IsRequestFromLocalhost(r *http.Request) bool {
- ip, _, err := net.SplitHostPort(r.RemoteAddr)
- if err != nil {
- return false
- }
-
- userIP := net.ParseIP(ip)
- return userIP.IsLoopback()
-}
diff --git a/pkg/wellknown/wellknown.go b/pkg/wellknown/wellknown.go
index 6b6baf0c..58f1b06b 100644
--- a/pkg/wellknown/wellknown.go
+++ b/pkg/wellknown/wellknown.go
@@ -16,14 +16,8 @@
package wellknown
-// Package wellknown contains common names for filters, listeners, etc.
-// copied from envoyproxy/go-control-plane.
-// TODO: remove this package
-
// Network filter names
const (
// HTTPConnectionManager network filter
HTTPConnectionManager = "envoy.filters.network.http_connection_manager"
- // TCPProxy network filter
- TCPProxy = "envoy.filters.network.tcp_proxy"
)
