-
Notifications
You must be signed in to change notification settings - Fork 468
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
4,235 additions
and
12 deletions.
There are no files selected for viewing
1,311 changes: 1,311 additions & 0 deletions
1,311
envoy/1.20/patches/envoy/20240201-virtual-host-allow-server-name.patch
Large diffs are not rendered by default.
Oops, something went wrong.
2,738 changes: 2,738 additions & 0 deletions
2,738
envoy/1.20/patches/go-control-plane/20240201-virtual-host-allow-server-name.patch
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
istio/1.12/patches/istio/20240201-optimize-default-arg.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
diff -Naur istio/pilot/cmd/pilot-agent/status/util/stats.go istio-new/pilot/cmd/pilot-agent/status/util/stats.go | ||
--- istio/pilot/cmd/pilot-agent/status/util/stats.go 2024-02-01 10:20:13.000000000 +0800 | ||
+++ istio-new/pilot/cmd/pilot-agent/status/util/stats.go 2024-01-31 22:44:53.000000000 +0800 | ||
@@ -73,7 +73,7 @@ | ||
localHostAddr = "localhost" | ||
} | ||
|
||
- readinessURL := fmt.Sprintf("http://%s:%d/stats?usedonly&filter=%s", localHostAddr, adminPort, readyStatsRegex) | ||
+ readinessURL := fmt.Sprintf("http://%s:%d/stats?usedonly", localHostAddr, adminPort) | ||
stats, err := http.DoHTTPGetWithTimeout(readinessURL, readinessTimeout) | ||
if err != nil { | ||
return nil, false, err | ||
@@ -105,7 +105,7 @@ | ||
localHostAddr = "localhost" | ||
} | ||
|
||
- stats, err := http.DoHTTPGet(fmt.Sprintf("http://%s:%d/stats?usedonly&filter=%s", localHostAddr, adminPort, updateStatsRegex)) | ||
+ stats, err := http.DoHTTPGet(fmt.Sprintf("http://%s:%d/stats?usedonly", localHostAddr, adminPort)) | ||
if err != nil { | ||
return nil, err | ||
} | ||
diff -Naur istio/pilot/pkg/features/pilot.go istio-new/pilot/pkg/features/pilot.go | ||
--- istio/pilot/pkg/features/pilot.go 2024-02-01 10:20:17.000000000 +0800 | ||
+++ istio-new/pilot/pkg/features/pilot.go 2024-02-01 10:16:18.000000000 +0800 | ||
@@ -575,6 +575,8 @@ | ||
"If enabled, each host in virtualservice will have an independent RDS, which is used with SRDS").Get() | ||
OnDemandRDS = env.RegisterBoolVar("ON_DEMAND_RDS", false, | ||
"If enabled, the on demand filter will be added to the HCM filters").Get() | ||
+ DefaultUpstreamConcurrencyThreshold = env.RegisterIntVar("DEFAULT_UPSTREAM_CONCURRENCY_THRESHOLD", 1000000, | ||
+ "The default threshold of max_requests/max_pending_requests/max_connections of circuit breaker").Get() | ||
// End added by ingress | ||
) | ||
|
||
diff -Naur istio/pilot/pkg/networking/core/v1alpha3/cluster.go istio-new/pilot/pkg/networking/core/v1alpha3/cluster.go | ||
--- istio/pilot/pkg/networking/core/v1alpha3/cluster.go 2024-02-01 10:20:17.000000000 +0800 | ||
+++ istio-new/pilot/pkg/networking/core/v1alpha3/cluster.go 2024-02-01 10:16:05.000000000 +0800 | ||
@@ -61,6 +61,7 @@ | ||
|
||
// getDefaultCircuitBreakerThresholds returns a copy of the default circuit breaker thresholds for the given traffic direction. | ||
func getDefaultCircuitBreakerThresholds() *cluster.CircuitBreakers_Thresholds { | ||
+ // Modified by ingress | ||
return &cluster.CircuitBreakers_Thresholds{ | ||
// DefaultMaxRetries specifies the default for the Envoy circuit breaker parameter max_retries. This | ||
// defines the maximum number of parallel retries a given Envoy will allow to the upstream cluster. Envoy defaults | ||
@@ -68,11 +69,12 @@ | ||
// where multiple endpoints in a cluster are terminated. In these scenarios the circuit breaker can kick | ||
// in before Pilot is able to deliver an updated endpoint list to Envoy, leading to client-facing 503s. | ||
MaxRetries: &wrappers.UInt32Value{Value: math.MaxUint32}, | ||
- MaxRequests: &wrappers.UInt32Value{Value: math.MaxUint32}, | ||
- MaxConnections: &wrappers.UInt32Value{Value: math.MaxUint32}, | ||
- MaxPendingRequests: &wrappers.UInt32Value{Value: math.MaxUint32}, | ||
+ MaxRequests: &wrappers.UInt32Value{Value: uint32(features.DefaultUpstreamConcurrencyThreshold)}, | ||
+ MaxConnections: &wrappers.UInt32Value{Value: uint32(features.DefaultUpstreamConcurrencyThreshold)}, | ||
+ MaxPendingRequests: &wrappers.UInt32Value{Value: uint32(features.DefaultUpstreamConcurrencyThreshold)}, | ||
TrackRemaining: true, | ||
} | ||
+ // End modified by ingress | ||
} | ||
|
||
// BuildClusters returns the list of clusters for the given proxy. This is the CDS output |
88 changes: 88 additions & 0 deletions
88
istio/1.12/patches/istio/20240201-virtual-host-allow-server-name.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
diff -Naur istio/pilot/pkg/networking/core/v1alpha3/gateway.go istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go | ||
--- istio/pilot/pkg/networking/core/v1alpha3/gateway.go 2024-02-01 13:53:17.000000000 +0800 | ||
+++ istio-new/pilot/pkg/networking/core/v1alpha3/gateway.go 2024-02-01 13:52:11.000000000 +0800 | ||
@@ -501,6 +501,16 @@ | ||
gatewayVirtualServices[gatewayName] = virtualServices | ||
} | ||
for _, virtualService := range virtualServices { | ||
+ virtualServiceHosts := host.NewNames(virtualService.Spec.(*networking.VirtualService).Hosts) | ||
+ serverHosts := host.NamesForNamespace(server.Hosts, virtualService.Namespace) | ||
+ | ||
+ // We have two cases here: | ||
+ // 1. virtualService hosts are 1.foo.com, 2.foo.com, 3.foo.com and server hosts are ns/*.foo.com | ||
+ // 2. virtualService hosts are *.foo.com, and server hosts are ns/1.foo.com, ns/2.foo.com, ns/3.foo.com | ||
+ intersectingHosts := serverHosts.Intersection(virtualServiceHosts) | ||
+ if len(intersectingHosts) == 0 { | ||
+ continue | ||
+ } | ||
listenerVirtualServices = append(listenerVirtualServices, virtualServiceContext{ | ||
virtualService: virtualService, | ||
server: server, | ||
@@ -615,22 +625,24 @@ | ||
|
||
// check all hostname if is not exist with HttpsRedirect set to true | ||
// create VirtualHost to redirect | ||
- for _, hostname := range server.Hosts { | ||
- if !server.GetTls().GetHttpsRedirect() { | ||
- continue | ||
- } | ||
- if vHost != nil && host.Name(hostname) == host.Name(hostRDSHost) { | ||
+ if server.GetTls().GetHttpsRedirect() { | ||
+ if vHost != nil { | ||
vHost.RequireTls = route.VirtualHost_ALL | ||
- continue | ||
+ } else { | ||
+ vHost = &route.VirtualHost{ | ||
+ Name: util.DomainName(hostRDSHost, port), | ||
+ Domains: buildGatewayVirtualHostDomains(hostRDSHost, port), | ||
+ IncludeRequestAttemptCount: true, | ||
+ RequireTls: route.VirtualHost_ALL, | ||
+ } | ||
} | ||
- vHost = &route.VirtualHost{ | ||
- Name: util.DomainName(hostname, port), | ||
- Domains: buildGatewayVirtualHostDomains(hostname, port), | ||
- IncludeRequestAttemptCount: true, | ||
- RequireTls: route.VirtualHost_ALL, | ||
+ } else if vHost != nil { | ||
+ mode := server.GetTls().GetMode() | ||
+ if mode == networking.ServerTLSSettings_MUTUAL || | ||
+ mode == networking.ServerTLSSettings_ISTIO_MUTUAL { | ||
+ vHost.AllowServerNames = append(vHost.AllowServerNames, server.Hosts...) | ||
} | ||
} | ||
- | ||
} | ||
var virtualHosts []*route.VirtualHost | ||
if vHost == nil { | ||
@@ -642,6 +654,30 @@ | ||
Routes: []*route.Route{}, | ||
}} | ||
} else { | ||
+ sort.SliceStable(vHost.AllowServerNames, func(i, j int) bool { | ||
+ hostI := vHost.AllowServerNames[i] | ||
+ hostJ := vHost.AllowServerNames[j] | ||
+ if host.Name(hostI).SubsetOf(host.Name(hostJ)) { | ||
+ return true | ||
+ } | ||
+ return hostI < hostJ | ||
+ }) | ||
+ var uniqueServerNames []string | ||
+ hasAllCatch := false | ||
+ for i, name := range vHost.AllowServerNames { | ||
+ if name == "*" { | ||
+ hasAllCatch = true | ||
+ break | ||
+ } | ||
+ if i == 0 || vHost.AllowServerNames[i-1] != name { | ||
+ uniqueServerNames = append(uniqueServerNames, name) | ||
+ } | ||
+ } | ||
+ if hasAllCatch { | ||
+ vHost.AllowServerNames = nil | ||
+ } else { | ||
+ vHost.AllowServerNames = uniqueServerNames | ||
+ } | ||
vHost.Routes = istio_route.CombineVHostRoutes(vHost.Routes) | ||
virtualHosts = append(virtualHosts, vHost) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters