Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: helm charts support installing gateway in daemonset mod. #1054

Merged
merged 2 commits into from
Jun 26, 2024
Merged

feat: helm charts support installing gateway in daemonset mod. #1054

merged 2 commits into from
Jun 26, 2024

Conversation

lingdie
Copy link
Contributor

@lingdie lingdie commented Jun 25, 2024
edited
Loading

Ⅰ. Describe what this PR did

helm charts support installing gateway in daemonset mod.

Ⅱ. Does this pull request fix one issue?

Ⅲ. Why don't you add test cases (unit test/integration test)?

# use --dry-run or `template` sub-command to see what will happen.
helm install -n higress-system higress helm/core --set gateway.kind=Daemonset --create-namespace

Ⅳ. Describe how to verify it

use this command to get daemonset manifest.

helm template higress helm/core --set gateway.kind=DaemonSet
Output 
# Source: higress-core/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: higress-gateway
  namespace: default
  labels:
    helm.sh/chart: higress-core-1.4.1
    app: higress-gateway
    higress: default-higress-gateway
    app.kubernetes.io/version: "1.4.1"
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: higress-gateway
  annotations:
    {}
spec:
  selector:
    matchLabels:
      app: higress-gateway
      higress: default-higress-gateway
  template:
    metadata:
      annotations:
        prometheus.io/path: /stats/prometheus
        prometheus.io/port: "15020"
        prometheus.io/scrape: "true"
        sidecar.istio.io/inject: "false"
      labels:
        sidecar.istio.io/inject: "false"
        app: higress-gateway
        higress: default-higress-gateway
    spec:
      serviceAccountName: higress-gateway
      securityContext:
        # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326
        sysctls:
        - name: net.ipv4.ip_unprivileged_port_start
          value: "0"
      containers:
        - name: higress-gateway
          image: "higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/gateway:1.4.1"
          args:
            - proxy
            - router
            - --domain
            - $(POD_NAMESPACE).svc.cluster.local
            - --proxyLogLevel=warning
            - --proxyComponentLogLevel=misc:error
            - --log_output_level=all:info
            - --serviceCluster=higress-gateway
          securityContext:
            # Safe since 1.22: https://github.com/kubernetes/kubernetes/pull/103326
            capabilities:
              drop:
              - ALL
            allowPrivilegeEscalation: false
            privileged: false
          # When enabling lite metrics, the configuration template files need to be replaced.
            runAsUser: 1337
            runAsGroup: 1337
            runAsNonRoot: true
          env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: spec.nodeName
          - name: POD_NAME
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.name
          - name: POD_NAMESPACE
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: metadata.namespace
          - name: INSTANCE_IP
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: status.podIP
          - name: HOST_IP
            valueFrom:
              fieldRef:
                apiVersion: v1
                fieldPath: status.hostIP
          - name: SERVICE_ACCOUNT
            valueFrom:
              fieldRef:
                fieldPath: spec.serviceAccountName
          - name: PILOT_XDS_SEND_TIMEOUT
            value: 60s
          - name: PROXY_XDS_VIA_AGENT
            value: "true"
          - name: ENABLE_INGRESS_GATEWAY_SDS
            value: "false"
          - name: JWT_POLICY
            value: third-party-jwt
          - name: ISTIO_META_HTTP10
            value: "1"
          - name: ISTIO_META_CLUSTER_ID
            value: "Kubernetes"
          - name: INSTANCE_NAME
            value: "higress-gateway"
          - name: LITE_METRICS
            value: "on"
          ports:
          - containerPort: 15090
            protocol: TCP
            name: http-envoy-prom
          readinessProbe:
            failureThreshold: 30
            httpGet:
              path: /healthz/ready
              port: 15021
              scheme: HTTP
            initialDelaySeconds: 1
            periodSeconds: 2
            successThreshold: 1
            timeoutSeconds: 3
          resources:
            limits:
              cpu: 2000m
              memory: 2048Mi
            requests:
              cpu: 2000m
              memory: 2048Mi
          volumeMounts:
          - name: istio-token
            mountPath: /var/run/secrets/tokens
            readOnly: true
          - name: config
            mountPath: /etc/istio/config
          - name: istio-ca-root-cert
            mountPath: /var/run/secrets/istio
          - name: istio-data
            mountPath: /var/lib/istio/data
          - name: podinfo
            mountPath: /etc/istio/pod
          - name: proxy-socket
            mountPath: /etc/istio/proxy
      volumes:
      - name: istio-token
        projected:
          sources:
            - serviceAccountToken:
                audience: istio-ca
                expirationSeconds: 43200
                path: istio-token
      - name: istio-ca-root-cert
        configMap:
          name: higress-ca-root-cert
      - name: config
        configMap:
          name: higress-config
      - name: istio-data
        emptyDir: {}
      - name: proxy-socket
        emptyDir: {}
      - name: podinfo
        downwardAPI:
          defaultMode: 420
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.labels
            path: labels
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.annotations
            path: annotations
          - path: cpu-request
            resourceFieldRef:
              containerName: higress-gateway
              divisor: 1m
              resource: requests.cpu
          - path: cpu-limit
            resourceFieldRef:
              containerName: higress-gateway
              divisor: 1m
              resource: limits.cpu

Ⅴ. Special notes for reviews

Maybe you need to update the README docs and the Helm lockfile before this PR is merged

@CLAassistant
Copy link

CLAassistant commented Jun 25, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@johnlanni johnlanni requested review from CH3CHO and 2456868764 June 25, 2024 07:46
@johnlanni
Copy link
Collaborator

https://higress.io/zh-cn/docs/user/configurations
@lingdie 谢谢🙏 请帮忙更新下这份文档

@lingdie
Copy link
Contributor Author

lingdie commented Jun 25, 2024

https://higress.io/zh-cn/docs/user/configurations @lingdie 谢谢🙏 请帮忙更新下这份文档

ok, higress-group/higress-group.github.io#243

@johnlanni johnlanni merged commit 4ca2d23 into alibaba:main Jun 26, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CH3CHO CH3CHO Awaiting requested review from CH3CHO

@2456868764 2456868764 Awaiting requested review from 2456868764

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lingdie @CLAassistant @johnlanni