feat: ProxyTag Filter (#365)

* feat: ProxyTag Filter Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: generate ProxyTag Config Signed-off-by: Lin Yang <reaver@flomesh.io> * feat: priority of ListenerFilter (#366) * feat: priority of ListenerFilter Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: golang lint Signed-off-by: Lin Yang <reaver@flomesh.io> --------- Signed-off-by: Lin Yang <reaver@flomesh.io> * build(deps): Bump docker/build-push-action from 6.7.0 to 6.9.0 (#367) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.7.0 to 6.9.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.7.0...v6.9.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * feat: build image on runner of target platform (#368) * feat: build image in runner of target platform Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: runs on Signed-off-by: Lin Yang <reaver@flomesh.io> --------- Signed-off-by: Lin Yang <reaver@flomesh.io> * build(deps): Bump docker/setup-buildx-action from 3.6.1 to 3.7.0 (#369) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.6.1 to 3.7.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.6.1...v3.7.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): Bump docker/setup-buildx-action from 3.7.0 to 3.7.1 (#370) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.0 to 3.7.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.7.0...v3.7.1) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: filter aspect Signed-off-by: Lin Yang <reaver@flomesh.io> * fixed isolation policy with fgw. (#375) * fixed isolation policy with fgw. * fixed isolation policy with fgw. * feat: ProxyTag Filter Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: generate ProxyTag Config Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: filter aspect Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: script Signed-off-by: Lin Yang <reaver@flomesh.io> * fix: make codegen Signed-off-by: Lin Yang <reaver@flomesh.io> * refactor: sort listener filters Signed-off-by: Lin Yang <reaver@flomesh.io> --------- Signed-off-by: Lin Yang <reaver@flomesh.io> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> fix: make codegen Signed-off-by: Lin Yang <reaver@flomesh.io> fix: make package-scripts Signed-off-by: Lin Yang <reaver@flomesh.io>
flomesh-io · Oct 8, 2024 · a9e3ded · a9e3ded
1 parent 55d98e8
commit a9e3ded
Show file tree

Hide file tree

Showing 35 changed files with 986 additions and 36 deletions.
diff --git a/charts/fsm/components/scripts.tar.gz b/charts/fsm/components/scripts.tar.gz
diff --git a/charts/fsm/components/scripts/gateways/filters/tcp/ProxyTag.js b/charts/fsm/components/scripts/gateways/filters/tcp/ProxyTag.js
@@ -0,0 +1,24 @@
+export default function (config) {
+  var proxyTag = (config.proxyTag?.dstHostHeader || 'proxy-tag').toLowerCase()
+  var origHost = (config.proxyTag?.srcHostHeader || 'orig-host').toLowerCase()
+
+  return pipeline($=>$
+    .demuxHTTP().to($=>$
+      .handleMessageStart(
+        msg => {
+          var headers = msg.head.headers
+          var tag = headers[proxyTag]
+          if (tag) {
+            headers[origHost] = headers.host
+            headers.host = tag
+          } else if (headers['fgw-target-service']) {
+            headers[proxyTag] = headers['fgw-target-service']
+          } else {
+            headers[proxyTag] = headers.host
+          }
+        }
+      )
+      .pipeNext()
+    )
+  )
+}
diff --git a/charts/fsm/templates/fsm-rbac.yaml b/charts/fsm/templates/fsm-rbac.yaml
@@ -156,13 +156,13 @@ rules:
 
   # GatewayAPI Extension
   - apiGroups: [ "extension.gateway.flomesh.io" ]
-    resources: [ "filters", "filterdefinitions", "listenerfilters", "circuitbreakers", "faultinjections", "ratelimits", "httplogs", "metrics", "zipkins", "filterconfigs" ]
+    resources: [ "filters", "filterdefinitions", "listenerfilters", "circuitbreakers", "faultinjections", "ratelimits", "httplogs", "metrics", "zipkins", "filterconfigs", "proxytags" ]
     verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
   - apiGroups: [ "extension.gateway.flomesh.io" ]
-    resources: [ "filters/finalizers", "filterdefinitions/finalizers", "listenerfilters/finalizers", "circuitbreakers/finalizers", "faultinjections/finalizers", "ratelimits/finalizers", "httplogs/finalizers", "metrics/finalizers", "zipkins/finalizers", "filterconfigs/finalizers" ]
+    resources: [ "filters/finalizers", "filterdefinitions/finalizers", "listenerfilters/finalizers", "circuitbreakers/finalizers", "faultinjections/finalizers", "ratelimits/finalizers", "httplogs/finalizers", "metrics/finalizers", "zipkins/finalizers", "filterconfigs/finalizers", "proxytags/finalizers" ]
     verbs: [ "update" ]
   - apiGroups: [ "extension.gateway.flomesh.io" ]
-    resources: [ "filters/status", "filterdefinitions/status", "listenerfilters/status", "circuitbreakers/status", "faultinjections/status", "ratelimits/status", "httplogs/status", "metrics/status", "zipkins/status", "filterconfigs/status" ]
+    resources: [ "filters/status", "filterdefinitions/status", "listenerfilters/status", "circuitbreakers/status", "faultinjections/status", "ratelimits/status", "httplogs/status", "metrics/status", "zipkins/status", "filterconfigs/status", "proxytags/status" ]
     verbs: [ "get", "patch", "update" ]
 
   # PolicyAttachment

diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_listenerfilters.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_listenerfilters.yaml
@@ -48,6 +48,16 @@ spec:
           spec:
             description: Spec defines the desired state of ListenerFilter.
             properties:
+              aspect:
+                default: Listener
+                description: |-
+                  Aspect is the aspect of the ListenerFilter, default is Listener
+                  If the aspect is Route, the ListenerFilter is applied to all Routes attached to this listener and is executed before any Route level filters
+                  If the aspect is Listener, the ListenerFilter is executed when request is received by the listener
+                enum:
+                - Route
+                - Listener
+                type: string
               configRef:
                 description: ConfigRef is the reference to the Configurations
                 nullable: true

diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_proxytags.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_proxytags.yaml
@@ -0,0 +1,149 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.15.0
+  labels:
+    app.kubernetes.io/name: flomesh.io
+  name: proxytags.extension.gateway.flomesh.io
+spec:
+  group: extension.gateway.flomesh.io
+  names:
+    categories:
+    - gateway-api
+    kind: ProxyTag
+    listKind: ProxyTagList
+    plural: proxytags
+    singular: proxytag
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ProxyTag is the Schema for the ProxyTag API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ProxyTagSpec defines the desired state of ProxyTag
+            properties:
+              dstHostHeader:
+                default: proxy-tag
+                description: DestinationHostHeader is the header name to be used for
+                  the destination host, default is "proxy-tag"
+                maxLength: 256
+                minLength: 1
+                pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+                type: string
+              srcHostHeader:
+                default: orig-host
+                description: SourceHostHeader is the header name to be used for the
+                  source host, default is "orig-host"
+                maxLength: 256
+                minLength: 1
+                pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+                type: string
+            type: object
+          status:
+            description: ProxyTagStatus defines the observed state of ProxyTag
+            properties:
+              conditions:
+                description: Conditions describe the current conditions of the ProxyTag.
+                items:
+                  description: "Condition contains details for one aspect of the current
+                    state of this API Resource.\n---\nThis struct is intended for
+                    direct use as an array at the field path .status.conditions.  For
+                    example,\n\n\n\ttype FooStatus struct{\n\t    // Represents the
+                    observations of a foo's current state.\n\t    // Known .status.conditions.type
+                    are: \"Available\", \"Progressing\", and \"Degraded\"\n\t    //
+                    +patchMergeKey=type\n\t    // +patchStrategy=merge\n\t    // +listType=map\n\t
+                    \   // +listMapKey=type\n\t    Conditions []metav1.Condition `json:\"conditions,omitempty\"
+                    patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+                    \   // other fields\n\t}"
+                  properties:
+                    lastTransitionTime:
+                      description: |-
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
+                      format: date-time
+                      type: string
+                    message:
+                      description: |-
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
+                      maxLength: 32768
+                      type: string
+                    observedGeneration:
+                      description: |-
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+                        with respect to the current state of the instance.
+                      format: int64
+                      minimum: 0
+                      type: integer
+                    reason:
+                      description: |-
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
+                        Producers of specific condition types may define expected values and meanings for this field,
+                        and whether the values are considered a guaranteed API.
+                        The value should be a CamelCase string.
+                        This field may not be empty.
+                      maxLength: 1024
+                      minLength: 1
+                      pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+                      type: string
+                    status:
+                      description: status of the condition, one of True, False, Unknown.
+                      enum:
+                      - "True"
+                      - "False"
+                      - Unknown
+                      type: string
+                    type:
+                      description: |-
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
+                        ---
+                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+                        useful (see .node.status.conditions), the ability to deconflict is important.
+                        The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+                      maxLength: 316
+                      pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+                      type: string
+                  required:
+                  - lastTransitionTime
+                  - message
+                  - reason
+                  - status
+                  - type
+                  type: object
+                maxItems: 8
+                type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
diff --git a/pkg/announcements/types.go b/pkg/announcements/types.go
@@ -644,6 +644,17 @@ const (
 
 	// GatewayZipkinUpdated is the type of announcement emitted when we observe an update to zipkins.extension.gateway.flomesh.io
 	GatewayZipkinUpdated Kind = "gatewayzipkin-updated"
+
+	// --
+
+	// GatewayProxyTagAdded is the type of announcement emitted when we observe an addition of proxytags.extension.gateway.flomesh.io
+	GatewayProxyTagAdded Kind = "gatewayproxytag-added"
+
+	// GatewayProxyTagDeleted the type of announcement emitted when we observe a deletion of proxytags.extension.gateway.flomesh.io
+	GatewayProxyTagDeleted Kind = "gatewayproxytag-deleted"
+
+	// GatewayProxyTagUpdated is the type of announcement emitted when we observe an update to proxytags.extension.gateway.flomesh.io
+	GatewayProxyTagUpdated Kind = "gatewayproxytag-updated"
 )
 
 // Announcement is a struct for messages between various components of FSM signaling a need for a change in Sidecar proxy configuration

diff --git a/pkg/apis/extension/v1alpha1/listenerfilter.go b/pkg/apis/extension/v1alpha1/listenerfilter.go
@@ -17,6 +17,14 @@ type ListenerFilterSpec struct {
 	// Priority is the priority of the ListenerFilter, it is used to determine the order of the ListenerFilters, the ListenerFilter with the lowest priority is applied first
 	Priority *int32 `json:"priority,omitempty"`
 
+	// +optional
+	// +kubebuilder:default=Listener
+	// +kubebuilder:validation:Enum=Route;Listener
+	// Aspect is the aspect of the ListenerFilter, default is Listener
+	// If the aspect is Route, the ListenerFilter is applied to all Routes attached to this listener and is executed before any Route level filters
+	// If the aspect is Listener, the ListenerFilter is executed when request is received by the listener
+	Aspect *FilterAspect `json:"aspect,omitempty"`
+
 	// +listType=map
 	// +listMapKey=group
 	// +listMapKey=kind

diff --git a/pkg/apis/extension/v1alpha1/proxytag.go b/pkg/apis/extension/v1alpha1/proxytag.go
@@ -0,0 +1,58 @@
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	gwv1 "sigs.k8s.io/gateway-api/apis/v1"
+)
+
+// ProxyTagSpec defines the desired state of ProxyTag
+type ProxyTagSpec struct {
+	// +optional
+	// +kubebuilder:default="proxy-tag"
+	// DestinationHostHeader is the header name to be used for the destination host, default is "proxy-tag"
+	DestinationHostHeader *gwv1.HeaderName `json:"dstHostHeader,omitempty"`
+
+	// +optional
+	// +kubebuilder:default="orig-host"
+	// SourceHostHeader is the header name to be used for the source host, default is "orig-host"
+	SourceHostHeader *gwv1.HeaderName `json:"srcHostHeader,omitempty"`
+}
+
+// ProxyTagStatus defines the observed state of ProxyTag
+type ProxyTagStatus struct {
+	// Conditions describe the current conditions of the ProxyTag.
+	//
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	// +kubebuilder:validation:MaxItems=8
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// +genclient
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:storageversion
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Namespaced,categories=gateway-api
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
+// +kubebuilder:metadata:labels={app.kubernetes.io/name=flomesh.io}
+
+// ProxyTag is the Schema for the ProxyTag API
+type ProxyTag struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   ProxyTagSpec   `json:"spec,omitempty"`
+	Status ProxyTagStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// ProxyTagList contains a list of ProxyTag
+type ProxyTagList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []ProxyTag `json:"items"`
+}
diff --git a/pkg/apis/extension/v1alpha1/shared_types.go b/pkg/apis/extension/v1alpha1/shared_types.go
@@ -90,3 +90,13 @@ const (
 	// policy is attached to an invalid target resource.
 	FilterReasonTargetNotFound FilterConditionReason = "TargetNotFound"
 )
+
+type FilterAspect string
+
+const (
+	// FilterAspectListener is the aspect of filter for listener
+	FilterAspectListener FilterAspect = "Listener"
+
+	// FilterAspectRoute is the aspect of filter for route
+	FilterAspectRoute FilterAspect = "Route"
+)