Merge pull request #148 from River-sh/enhance/raven_proxy

Remove the dependency on the openyurt project and rely on the openyur…

charts/raven-agent/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.1
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.0"
+appVersion: "0.4.0"

charts/raven-agent/templates/config.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 data:
-  enable-l3-tunnel: "true"
-  enable-l7-proxy: "false"
+  enable-l3-tunnel: {{.Values.controller.enableTunnel | quote}}
+  enable-l7-proxy: {{.Values.controller.enableProxy | quote}}
 kind: ConfigMap
 metadata:
   name: raven-cfg

charts/raven-agent/templates/daemonset.yaml

@@ -27,7 +27,16 @@ spec:
           {{- toYaml . | nindent 8 }}
         {{- end }}
         args:
-          - --v=4
+          - --v=2
+          - --vpn-driver={{.Values.vpn.driver}}
+          - --forward-node-ip={{.Values.vpn.forwardNodeIP}}
+          - --metric-bind-addr={{.Values.vpn.metricBindAddr}}
+          - --vpn-bind-port={{.Values.vpn.tunnelAddr}}
+          - --proxy-metric-bind-addr={{.Values.proxy.metricsBindAddr}}
+          - --proxy-internal-secure-addr={{.Values.proxy.internalSecureAddr}}
+          - --proxy-internal-insecure-addr={{.Values.proxy.internalInsecureAddr}}
+          - --proxy-external-addr={{.Values.proxy.externalAddr}}
+
       hostNetwork: true
       {{- with .Values.nodeSelector }}
       nodeSelector:

charts/raven-agent/templates/rbac.yaml

@@ -25,6 +25,7 @@ rules:
       - configmaps
       - services
       - nodes
+      - pods
     verbs:
       - get
       - list

charts/raven-agent/values.yaml

@@ -6,7 +6,7 @@ image:
   repository: openyurt/raven-agent
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: latest
+  tag: v0.4.0
 
 imagePullSecrets: []
 nameOverride: ""
@@ -58,41 +58,7 @@ containerEnv:
         secretKeyRef:
           key: vpn-connection-psk
           name: raven-agent-secret
-    - name: VPN_DRIVER
-      valueFrom:
-        configMapKeyRef:
-          key: vpn-driver
-          name: raven-agent-config
-    - name: FORWARD_NODE_IP
-      valueFrom:
-        configMapKeyRef:
-          key: forward-node-ip
-          name: raven-agent-config
-    - name: METRIC_BIND_ADDR
-      valueFrom:
-        configMapKeyRef:
-          key: metric-bind-addr
-          name: raven-agent-config
-    - name: VPN_BIND_ADDRESS
-      valueFrom:
-        configMapKeyRef:
-          key: tunnel-bind-addr
-          name: raven-agent-config
-    - name: PROXY_SERVER_INTERNAL_SECURE_ADDRESS
-      valueFrom:
-        configMapKeyRef:
-          key: proxy-internal-secure-addr
-          name: raven-agent-config
-    - name: PROXY_SERVER_INTERNAL_INSECURE_ADDRESS
-      valueFrom:
-        configMapKeyRef:
-          key: proxy-internal-insecure-addr
-          name: raven-agent-config
-    - name: PROXY_SERVER_EXTERNAL_ADDRESS
-      valueFrom:
-        configMapKeyRef:
-          key: proxy-external-addr
-          name: raven-agent-config
+
 vpn:
   driver: libreswan
   forwardNodeIP: true
@@ -104,11 +70,16 @@ vpn:
   psk: OPENYURT-RAVEN-AGENT-VPN-PSK
   metricBindAddr: ":10265"
   tunnelAddr: ":4500"
+
+controller:
+  enableProxy: true
+  enableTunnel: true
+
 proxy:
   externalAddr: ":10262"
   internalInsecureAddr: ":10264"
   internalSecureAddr: ":10263"
-
+  metricsBindAddr: ":10266"
 
 rollingUpdate:
   maxUnavailable: 5%

cmd/agent/app/options/options.go

@@ -18,7 +18,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 
-	"github.com/openyurtio/openyurt/pkg/apis/raven/v1beta1"
+	"github.com/openyurtio/api/raven/v1beta1"
 	"github.com/openyurtio/raven/cmd/agent/app/config"
 	"github.com/openyurtio/raven/pkg/networkengine/routedriver/vxlan"
 	"github.com/openyurtio/raven/pkg/networkengine/vpndriver"
@@ -73,30 +73,6 @@ func (o *AgentOptions) Validate() error {
 			return errors.New("either --node-name or $NODE_NAME has to be set")
 		}
 	}
-	if o.VPNPort == "" {
-		o.VPNPort = os.Getenv("VPN_BIND_ADDRESS")
-		if o.VPNPort == "" {
-			return errors.New("either --vpn-bind-address or $VPN_BIND_PORT has to be set")
-		}
-	}
-	if o.InternalSecureAddress == "" {
-		o.InternalSecureAddress = os.Getenv("PROXY_SERVER_INTERNAL_SECURE_ADDRESS")
-		if o.InternalSecureAddress == "" {
-			return errors.New("either --proxy-internal-secure-address or PROXY_SERVER_INTERNAL_SECURE_ADDRESS has to be set")
-		}
-	}
-	if o.InternalInsecureAddress == "" {
-		o.InternalInsecureAddress = os.Getenv("PROXY_SERVER_INTERNAL_INSECURE_ADDRESS")
-		if o.InternalInsecureAddress == "" {
-			return errors.New("either --proxy-internal-insecure-address or PROXY_SERVER_INTERNAL_INSECURE_ADDRESS has to be set")
-		}
-	}
-	if o.ExternalAddress == "" {
-		o.ExternalAddress = os.Getenv("PROXY_SERVER_EXTERNAL_ADDRESS")
-		if o.ExternalAddress == "" {
-			return errors.New("either --proxy-external-address or $PROXY_SERVER_EXTERNAL_ADDRESS has to be set")
-		}
-	}
 	return nil
 }
 
@@ -154,6 +130,12 @@ func (o *AgentOptions) Config() (*config.Config, error) {
 		InternalInsecureAddress: o.InternalInsecureAddress,
 		InternalSecureAddress:   o.InternalSecureAddress,
 		ExternalAddress:         o.ExternalAddress,
+
+		ProxyServerCertDNSNames:  o.ProxyServerCertDNSNames,
+		ProxyServerCertIPs:       o.ProxyServerCertIPs,
+		ProxyClientCertDir:       o.ProxyClientCertDir,
+		ProxyServerCertDir:       o.ProxyServerCertDir,
+		InterceptorServerUDSFile: o.InterceptorServerUDSFile,
 	}
 	if err != nil {
 		return nil, fmt.Errorf("failed to create manager: %s", err)

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/coreos/go-iptables v0.6.0
 	github.com/gorilla/mux v1.8.0
 	github.com/lorenzosaino/go-sysctl v0.3.1
-	github.com/openyurtio/openyurt v1.3.1-0.20230920090905-424dcc283167
+	github.com/openyurtio/api v0.0.0-20231116122426-dfc46506cdb0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.15.1
 	github.com/spf13/cobra v1.7.0

go.sum

@@ -439,10 +439,10 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
+github.com/openyurtio/api v0.0.0-20231116122426-dfc46506cdb0 h1:zH7jnLVvAKVPr8WleYOhGG5yAiXoUYu2M2nqqk10/yM=
+github.com/openyurtio/api v0.0.0-20231116122426-dfc46506cdb0/go.mod h1:IIVOJ8bnLSzqPB3VHBuQ3wELW4gjRKJ2aSyLhaLxdOA=
 github.com/openyurtio/apiserver-network-proxy v0.1.1-0.20231007082056-cecf4c454651 h1:pBjrj95WZ7NkaIQvvb7hveI5fd8fXxlX7OtKRcciamY=
 github.com/openyurtio/apiserver-network-proxy v0.1.1-0.20231007082056-cecf4c454651/go.mod h1:yPrw5zKs7BVVCuQUaY4MzSmsYPKXWnZsrjKUWQrZX3w=
-github.com/openyurtio/openyurt v1.3.1-0.20230920090905-424dcc283167 h1:gbjh0njlthM0mM9Z6LHURdKpovLXReleT5GUwaksyFE=
-github.com/openyurtio/openyurt v1.3.1-0.20230920090905-424dcc283167/go.mod h1:c77rs9s+ztXyyHNf2EB+lMHuDfSWwel6dhP2ZVi5cvM=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=

pkg/engine/engine.go

@@ -16,7 +16,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
-	"github.com/openyurtio/openyurt/pkg/apis/raven/v1beta1"
+	"github.com/openyurtio/api/raven/v1beta1"
 	"github.com/openyurtio/raven/cmd/agent/app/config"
 	"github.com/openyurtio/raven/pkg/utils"
 )
@@ -27,7 +27,7 @@ type Engine struct {
 	context  context.Context
 	manager  manager.Manager
 	client   client.Client
-	option   StatusOption
+	option   *Option
 
 	tunnelQueue  workqueue.RateLimitingInterface
 	tunnelEngine *TunnelEngine