Skip to content

Commit

Permalink
Merge pull request #134 from River-sh/featrue/support_raven_l7
Browse files Browse the repository at this point in the history
Feat: support raven l7
  • Loading branch information
njucjc authored Oct 20, 2023
2 parents 19b0053 + 59daf2d commit 3197c5d
Show file tree
Hide file tree
Showing 38 changed files with 2,907 additions and 491 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
uses: golangci/golangci-lint-action@v3
with:
version: v1.51.2
args: --timeout 300s --skip-dirs-use-default -v -E goconst -E gofmt -E ineffassign -E goimports -E revive -E misspell -E vet -E deadcode
args: --timeout 300s --skip-dirs-use-default -v -E goconst -E gofmt -E ineffassign -E goimports -E revive -E misspell -E vet -E unused

shellcheck:
name: Shellcheck
Expand Down
5 changes: 2 additions & 3 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@ RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
&& rc-update add ipsec

COPY --from=builder /workspace/raven-agent-ds /usr/local/bin/
COPY pluto raven.sh /usr/local/bin/
COPY pluto /usr/local/bin/

ENTRYPOINT raven.sh
ENTRYPOINT ["/usr/local/bin/raven-agent-ds"]
ENTRYPOINT ["/usr/local/bin/raven-agent-ds"]
13 changes: 13 additions & 0 deletions charts/raven-agent/templates/config.yaml
Original file line number Diff line number Diff line change
@@ -1,8 +1,21 @@
apiVersion: v1
data:
enable-l3-tunnel: "false"
enable-l7-proxy: "true"
kind: ConfigMap
metadata:
name: raven-cfg
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
data:
vpn-driver: {{ .Values.vpn.driver }}
forward-node-ip: {{ .Values.vpn.forwardNodeIP | quote }}
metric-bind-addr: {{ .Values.vpn.metricBindAddr }}
tunnel-bind-addr: {{ .Values.vpn.tunnelAddr }}
proxy-external-addr: {{ .Values.proxy.externalAddr }}
proxy-internal-insecure-addr: {{ .Values.proxy.internalInsecureAddr }}
proxy-internal-secure-addr: {{ .Values.proxy.internalSecureAddr }}
kind: ConfigMap
metadata:
name: raven-agent-config
Expand Down
2 changes: 2 additions & 0 deletions charts/raven-agent/templates/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ spec:
env:
{{- toYaml . | nindent 8 }}
{{- end }}
args:
- --v=4
hostNetwork: true
{{- with .Values.nodeSelector }}
nodeSelector:
Expand Down
61 changes: 60 additions & 1 deletion charts/raven-agent/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,26 @@ rules:
- watch
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
- services
- nodes
verbs:
- get
- list
- update
- watch
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
verbs:
- create
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -31,4 +51,43 @@ roleRef:
subjects:
- kind: ServiceAccount
name: raven-agent-account
namespace: {{ .Release.Namespace }}
namespace: {{ .Release.Namespace }}

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: raven-proxy-user
rules:
- apiGroups:
- ""
resources:
- nodes/stats
- nodes/metrics
- nodes/log
- nodes/spec
- nodes/proxy
verbs:
- create
- get
- list
- watch
- delete
- update
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: raven-proxy-user-binding
subjects:
- kind: User
name: tunnel-proxy-client
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: raven-proxy-user
apiGroup: rbac.authorization.k8s.io
---
34 changes: 32 additions & 2 deletions charts/raven-agent/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ securityContext:
privileged: true

nodeSelector:
kubernetes.io/arch: amd64
kubernetes.io/os: linux

tolerations: [{"operator": "Exists"}]
Expand All @@ -50,6 +49,10 @@ containerEnv:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: VPN_CONNECTION_PSK
valueFrom:
secretKeyRef:
Expand All @@ -70,6 +73,26 @@ containerEnv:
configMapKeyRef:
key: metric-bind-addr
name: raven-agent-config
- name: VPN_BIND_ADDRESS
valueFrom:
configMapKeyRef:
key: tunnel-bind-addr
name: raven-agent-config
- name: PROXY_SERVER_INTERNAL_SECURE_ADDRESS
valueFrom:
configMapKeyRef:
key: proxy-internal-secure-addr
name: raven-agent-config
- name: PROXY_SERVER_INTERNAL_INSECURE_ADDRESS
valueFrom:
configMapKeyRef:
key: proxy-internal-insecure-addr
name: raven-agent-config
- name: PROXY_SERVER_EXTERNAL_ADDRESS
valueFrom:
configMapKeyRef:
key: proxy-external-addr
name: raven-agent-config
vpn:
driver: libreswan
forwardNodeIP: false
Expand All @@ -79,6 +102,13 @@ vpn:
# Pass it to helm with '--set vpn.psk=`openssl rand -hex 64`'
# IMPORTANT: You should NOT use the example psk for a production deployment!
psk: OPENYURT-RAVEN-AGENT-VPN-PSK
metricBindAddr: ":8080"
metricBindAddr: ":10265"
tunnelAddr: ":4500"
proxy:
externalAddr: ":10262"
internalInsecureAddr: ":10264"
internalSecureAddr: ":10263"


rollingUpdate:
maxUnavailable: 5%
30 changes: 25 additions & 5 deletions cmd/agent/app/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,12 +24,32 @@ import (
// Config is the main context object for raven agent
type Config struct {
NodeName string
Kubeconfig *rest.Config
Manager manager.Manager
VPNDriver string
RouteDriver string
ForwardNodeIP bool
NodeIP string
MetricsBindAddress string
KubeConfig *rest.Config
Manager manager.Manager
Tunnel *TunnelConfig
Proxy *ProxyConfig
}

type TunnelConfig struct {
VPNDriver string
VPNPort string
RouteDriver string
ForwardNodeIP bool
}

type ProxyConfig struct {
ProxyMetricsAddress string
ProxyClientCertDir string

InternalInsecureAddress string
InternalSecureAddress string
ExternalAddress string
ProxyServerCertDNSNames string
ProxyServerCertIPs string
ProxyServerCertDir string
InterceptorServerUDSFile string
}

type completedConfig struct {
Expand Down
Loading

0 comments on commit 3197c5d

Please sign in to comment.