diff --git a/cmd/aeraki/main.go b/cmd/aeraki/main.go index fe0f08ac1..a744c645d 100644 --- a/cmd/aeraki/main.go +++ b/cmd/aeraki/main.go @@ -72,7 +72,7 @@ func main() { args.PodName = env.RegisterStringVar("POD_NAME", args.ServerID, "").Get() args.RootNamespace = env.RegisterStringVar("AERAKI_NAMESPACE", args.RootNamespace, "").Get() - args.EnableEnvoyFilterNSScope = env.RegisterBoolVar("AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE", + args.EnableEnvoyFilterNSScope = env.RegisterBoolVar(constants.DefaultAerakiEnableEnvoyFilterNsScope, args.EnableEnvoyFilterNSScope, "").Get() args.IstiodAddr = env.RegisterStringVar("AERAKI_ISTIOD_ADDR", args.IstiodAddr, "").Get() args.AerakiXdsAddr = env.RegisterStringVar("AERAKI_XDS_ADDR", constants.DefaultAerakiXdsAddr, "").Get() diff --git a/pkg/bootstrap/server.go b/pkg/bootstrap/server.go index c728c7cb3..744f11a1a 100644 --- a/pkg/bootstrap/server.go +++ b/pkg/bootstrap/server.go @@ -220,11 +220,11 @@ func createSingletonControllers(args *AerakiArgs, kubeConfig *rest.Config) (mana if err != nil { return nil, err } - err = kube.AddServiceEntryController(mgr) + err = kube.AddServiceEntryController(mgr, args.RootNamespace) if err != nil { aerakiLog.Fatalf("could not add ServiceEntryController: %e", err) } - err = kube.AddNamespaceController(mgr, args.AerakiXdsAddr, args.AerakiXdsPort) + err = kube.AddNamespaceController(mgr, args.RootNamespace, args.AerakiXdsAddr, args.AerakiXdsPort) if err != nil { aerakiLog.Fatalf("could not add NamespaceController: %e", err) } diff --git a/pkg/config/constants/constants.go b/pkg/config/constants/constants.go index e6fec3928..1041fb55d 100644 --- a/pkg/config/constants/constants.go +++ b/pkg/config/constants/constants.go @@ -21,4 +21,8 @@ const ( DefaultAerakiXdsPort = ":15010" // DefaultAerakiXdsAddr is the default value for Aeraki xds address DefaultAerakiXdsAddr = "aeraki.istio-system" + // DefaultAerakiEnableEnvoyFilterNsScope is the name for Aeraki to place envoyFilters scope + // False(Default): The generated envoyFilters will be placed under Istio root namespace + // True: The generated envoyFilters will be placed under the service namespace + DefaultAerakiEnableEnvoyFilterNsScope = "AERAKI_ENABLE_ENVOY_FILTER_NS_SCOPE" ) diff --git a/pkg/controller/kube/namesapce.go b/pkg/controller/kube/namesapce.go index 5a589694d..7e0542a8f 100644 --- a/pkg/controller/kube/namesapce.go +++ b/pkg/controller/kube/namesapce.go @@ -50,8 +50,9 @@ var ( // namespaceController creates bootstrap configMap for sidecar proxies type namespaceController struct { controllerclient.Client - AerakiAddr string - AerakiPort string + rootNamespace string + AerakiAddr string + AerakiPort string } // Reconcile watch namespace change and create bootstrap configmap for sidecar proxies @@ -75,11 +76,12 @@ func (c *namespaceController) Reconcile(ctx context.Context, request reconcile.R } // AddNamespaceController adds namespaceController -func AddNamespaceController(mgr manager.Manager, aerakiAddr, aerakiPort string) error { +func AddNamespaceController(mgr manager.Manager, rootNamespace, aerakiAddr, aerakiPort string) error { namespaceCtrl := &namespaceController{ - Client: mgr.GetClient(), - AerakiAddr: aerakiAddr, - AerakiPort: aerakiPort, + Client: mgr.GetClient(), + rootNamespace: rootNamespace, + AerakiAddr: aerakiAddr, + AerakiPort: aerakiPort, } c, err := controller.New("aeraki-namespace-controller", mgr, controller.Options{Reconciler: namespaceCtrl}) @@ -105,7 +107,7 @@ func (c *namespaceController) createBootstrapConfigMap(ns string) { "custom_bootstrap.json": GetBootstrapConfig(c.AerakiAddr, c.AerakiPort), } if err := c.Client.Create(context.TODO(), cm, &controllerclient.CreateOptions{ - FieldManager: constants.AerakiFieldManager, + FieldManager: constants.AerakiFieldManager + "-" + c.rootNamespace, }); err != nil { if !errors.IsAlreadyExists(err) { namespaceLog.Errorf("failed to create configMap: %v", err) diff --git a/pkg/controller/kube/serviceentry.go b/pkg/controller/kube/serviceentry.go index e16faa11a..af6dedcca 100644 --- a/pkg/controller/kube/serviceentry.go +++ b/pkg/controller/kube/serviceentry.go @@ -69,8 +69,9 @@ var ( // serviceEntryController allocate VIPs to service entries type serviceEntryController struct { controllerclient.Client - serviceIPs map[string]controllerclient.ObjectKey - maxIP int + serviceIPs map[string]controllerclient.ObjectKey + maxIP int + rootNamespace string } // Reconcile will try to trigger once mcp push. @@ -94,10 +95,11 @@ func (c *serviceEntryController) Reconcile(ctx context.Context, request reconcil } // AddServiceEntryController adds serviceEntryController -func AddServiceEntryController(mgr manager.Manager) error { +func AddServiceEntryController(mgr manager.Manager, rootNamespace string) error { serviceEntryCtrl := &serviceEntryController{ - Client: mgr.GetClient(), - serviceIPs: make(map[string]controllerclient.ObjectKey), + Client: mgr.GetClient(), + serviceIPs: make(map[string]controllerclient.ObjectKey), + rootNamespace: rootNamespace, } c, err := controller.New("aeraki-service-entry-controller", mgr, controller.Options{Reconciler: serviceEntryCtrl}) @@ -158,7 +160,7 @@ func (c *serviceEntryController) autoAllocateIP(key controllerclient.ObjectKey, func (c *serviceEntryController) updateServiceEntry(s *networking.ServiceEntry, key controllerclient.ObjectKey) { err := c.Client.Update(context.TODO(), s, &controllerclient.UpdateOptions{ - FieldManager: constants.AerakiFieldManager, + FieldManager: constants.AerakiFieldManager + "-" + c.rootNamespace, }) if err == nil { c.serviceIPs[s.Spec.Addresses[0]] = key diff --git a/pkg/envoyfilter/controller.go b/pkg/envoyfilter/controller.go index 88bf1e34a..47e267330 100644 --- a/pkg/envoyfilter/controller.go +++ b/pkg/envoyfilter/controller.go @@ -131,9 +131,8 @@ func (c *Controller) pushEnvoyFilters2APIServer() error { return fmt.Errorf("failed to generate EnvoyFilter: %v", err) } - existingEnvoyFilters, _ := c.istioClientset.NetworkingV1alpha3().EnvoyFilters("").List(context.TODO(), v1.ListOptions{ - LabelSelector: "manager=" + constants.AerakiFieldManager, - }) + existingEnvoyFilters, _ := c.istioClientset.NetworkingV1alpha3().EnvoyFilters("").List(context.TODO(), + v1.ListOptions{LabelSelector: "manager=" + constants.AerakiFieldManager + "-" + c.namespace}) // Deleted envoyFilters for i := range existingEnvoyFilters.Items { @@ -157,7 +156,7 @@ func (c *Controller) pushEnvoyFilters2APIServer() error { newEnvoyFilter.Name, model.Struct2JSON(*newEnvoyFilter.Envoyfilter)) _, err = c.istioClientset.NetworkingV1alpha3().EnvoyFilters(newEnvoyFilter.Namespace).Update(context.TODO(), c.toEnvoyFilterCRD(newEnvoyFilter, oldEnvoyFilter), - v1.UpdateOptions{FieldManager: constants.AerakiFieldManager}) + v1.UpdateOptions{FieldManager: constants.AerakiFieldManager + "-" + c.namespace}) } else { controllerLog.Infof("envoyFilter: namespace: %s name: %s unchanged", oldEnvoyFilter.Namespace, oldEnvoyFilter.Name) @@ -171,9 +170,8 @@ func (c *Controller) pushEnvoyFilters2APIServer() error { controllerLog.Infof("creating EnvoyFilter: namespace: %s name: %s %v", wrapper.Namespace, wrapper.Name, model.Struct2JSON(wrapper.Envoyfilter)) _, err = c.istioClientset.NetworkingV1alpha3().EnvoyFilters(wrapper.Namespace).Create(context.TODO(), - c.toEnvoyFilterCRD(wrapper, - nil), - v1.CreateOptions{FieldManager: constants.AerakiFieldManager}) + c.toEnvoyFilterCRD(wrapper, nil), + v1.CreateOptions{FieldManager: constants.AerakiFieldManager + "-" + c.namespace}) } return err }