feat: support forward mode. (#221)

* fix dns searches.

* support forward mode.

fix: make codegen

Signed-off-by: Lin Yang <reaver@flomesh.io>

charts/fsm/README.md

@@ -346,7 +346,7 @@ The following table lists the configurable parameters of the fsm chart and their
 | fsm.injector.resource | object | `{"limits":{"cpu":"1","memory":"512M"},"requests":{"cpu":"0.5","memory":"128M"}}` | Sidecar injector's container resource parameters |
 | fsm.injector.tolerations | list | `[]` | Node tolerations applied to control plane pods. The specified tolerations allow pods to schedule onto nodes with matching taints. |
 | fsm.injector.webhookTimeoutSeconds | int | `20` | Mutating webhook timeout |
-| fsm.localDNSProxy | object | `{"enable":false,"wildcard":{"enable":false,"ipv4":["127.0.0.2"]}}` | Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers |
+| fsm.localDNSProxy | object | `{"enable":false,"searchesWithNamespace":true,"searchesWithTrustDomain":true,"wildcard":{"enable":false,"ipv4":["127.0.0.2"]}}` | Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers |
 | fsm.localProxyMode | string | `"Localhost"` | Proxy mode for the proxy sidecar. Acceptable values are ['Localhost', 'PodIP'] |
 | fsm.maxDataPlaneConnections | int | `0` | Sets the max data plane connections allowed for an instance of fsm-controller, set to 0 to not enforce limits |
 | fsm.meshName | string | `"fsm"` | Identifier for the instance of a service mesh within a cluster |

charts/fsm/values.schema.json

@@ -1180,6 +1180,8 @@
                   "description": "Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers.",
                   "required": [
                     "enable",
+                    "searchesWithNamespace",
+                    "searchesWithTrustDomain",
                     "wildcard"
                   ],
                   "properties": {
@@ -1192,6 +1194,24 @@
                         true
                       ]
                     },
+                    "searchesWithNamespace": {
+                      "$id": "#/properties/fsm/properties/localDNSProxy/properties/searchesWithNamespace",
+                      "type": "boolean",
+                      "title": "The enable schema for searches with Namespace",
+                      "description": "Indicates whether dns searches contains namespace or not",
+                      "examples": [
+                        true
+                      ]
+                    },
+                    "searchesWithTrustDomain": {
+                      "$id": "#/properties/fsm/properties/localDNSProxy/properties/searchesWithTrustDomain",
+                      "type": "boolean",
+                      "title": "The enable schema for searches with trust domain",
+                      "description": "Indicates whether dns searches contains trust domain or not",
+                      "examples": [
+                        true
+                      ]
+                    },
                     "primaryUpstreamDNSServerIPAddr": {
                       "$id": "#/properties/fsm/properties/localDNSProxy/properties/primaryUpstreamDNSServerIPAddr",
                       "type": "string",

charts/fsm/values.yaml

@@ -497,6 +497,8 @@ fsm:
   # -- Local DNS Proxy improves the performance of your computer by caching the responses coming from your DNS servers
   localDNSProxy:
     enable: false
+    searchesWithNamespace: true
+    searchesWithTrustDomain: true
     wildcard:
       enable: false
       ipv4:

cmd/fsm-bootstrap/crds/config.flomesh.io_meshconfigs.yaml

@@ -2061,6 +2061,12 @@ spec:
                         description: PrimaryUpstreamDNSServerIPAddr defines a primary
                           upstream DNS server for local DNS Proxy.
                         type: string
+                      searchesWithNamespace:
+                        default: true
+                        type: boolean
+                      searchesWithTrustDomain:
+                        default: true
+                        type: boolean
                       secondaryUpstreamDNSServerIPAddr:
                         description: SecondaryUpstreamDNSServerIPAddr defines a secondary
                           upstream DNS server for local DNS Proxy.

cmd/fsm-bootstrap/crds/connector.flomesh.io_consulconnectors.yaml

@@ -247,6 +247,12 @@ spec:
                   withGateway:
                     default: false
                     type: boolean
+                  withGatewayMode:
+                    default: forward
+                    enum:
+                    - proxy
+                    - forward
+                    type: string
                 required:
                 - enable
                 type: object

cmd/fsm-bootstrap/crds/connector.flomesh.io_eurekaconnectors.yaml

@@ -205,6 +205,12 @@ spec:
                   withGateway:
                     default: false
                     type: boolean
+                  withGatewayMode:
+                    default: forward
+                    enum:
+                    - proxy
+                    - forward
+                    type: string
                 required:
                 - enable
                 type: object

cmd/fsm-bootstrap/crds/connector.flomesh.io_nacosconnectors.yaml

@@ -232,6 +232,12 @@ spec:
                   withGateway:
                     default: false
                     type: boolean
+                  withGatewayMode:
+                    default: forward
+                    enum:
+                    - proxy
+                    - forward
+                    type: string
                 required:
                 - enable
                 type: object

pkg/apis/config/v1alpha3/mesh_config.go

@@ -109,6 +109,14 @@ type LocalDNSProxy struct {
 	// Enable defines a boolean indicating if the sidecars are enabled for local DNS Proxy.
 	Enable bool `json:"enable"`
 
+	// +kubebuilder:default=true
+	// +optional
+	SearchesWithNamespace bool `json:"searchesWithNamespace,omitempty"`
+
+	// +kubebuilder:default=true
+	// +optional
+	SearchesWithTrustDomain bool `json:"searchesWithTrustDomain,omitempty"`
+
 	// PrimaryUpstreamDNSServerIPAddr defines a primary upstream DNS server for local DNS Proxy.
 	// +optional
 	PrimaryUpstreamDNSServerIPAddr string `json:"primaryUpstreamDNSServerIPAddr,omitempty"`

pkg/apis/connector/v1alpha1/consul.go

@@ -139,6 +139,10 @@ type ConsulSyncFromK8SSpec struct {
 	// +optional
 	WithGateway bool `json:"withGateway,omitempty"`
 
+	// +kubebuilder:default=forward
+	// +optional
+	WithGatewayMode WithGatewayMode `json:"withGatewayMode,omitempty"`
+
 	// +optional
 	ConsulNodeName string `json:"consulNodeName,omitempty"`
 

pkg/apis/connector/v1alpha1/eureka.go

@@ -122,6 +122,10 @@ type EurekaSyncFromK8SSpec struct {
 	// +kubebuilder:default=false
 	// +optional
 	WithGateway bool `json:"withGateway,omitempty"`
+
+	// +kubebuilder:default=forward
+	// +optional
+	WithGatewayMode WithGatewayMode `json:"withGatewayMode,omitempty"`
 }
 
 // EurekaSpec is the type used to represent the Eureka Connector specification.

pkg/apis/connector/v1alpha1/nacos.go

@@ -144,6 +144,10 @@ type NacosSyncFromK8SSpec struct {
 	// +kubebuilder:default=false
 	// +optional
 	WithGateway bool `json:"withGateway,omitempty"`
+
+	// +kubebuilder:default=forward
+	// +optional
+	WithGatewayMode WithGatewayMode `json:"withGatewayMode,omitempty"`
 }
 
 // NacosSpec is the type used to represent the Nacos Connector specification.

pkg/apis/connector/v1alpha1/types.go

@@ -30,6 +30,14 @@ const (
 	ClusterIP  AddrSelector = "ClusterIP"
 )
 
+// +kubebuilder:validation:Enum=proxy;forward
+type WithGatewayMode string
+
+const (
+	Proxy   WithGatewayMode = "proxy"
+	Forward WithGatewayMode = "forward"
+)
+
 type Connector interface {
 	runtime.Object
 	metav1.Object

pkg/configurator/methods.go

@@ -103,6 +103,16 @@ func (c *Client) IsLocalDNSProxyEnabled() bool {
 	return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.Enable
 }
 
+// IsSearchesWithNamespace returns whether dns searches contains namespace
+func (c *Client) IsSearchesWithNamespace() bool {
+	return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.SearchesWithNamespace
+}
+
+// IsSearchesWithTrustDomain returns whether dns searches contains trust domain
+func (c *Client) IsSearchesWithTrustDomain() bool {
+	return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.SearchesWithTrustDomain
+}
+
 // IsWildcardDNSProxyEnabled returns whether wildcard DNS proxy is enabled
 func (c *Client) IsWildcardDNSProxyEnabled() bool {
 	return c.getMeshConfig().Spec.Sidecar.LocalDNSProxy.Wildcard.Enable

pkg/configurator/types.go

@@ -57,6 +57,12 @@ type Configurator interface {
 	// IsLocalDNSProxyEnabled returns whether local DNS proxy is enabled
 	IsLocalDNSProxyEnabled() bool
 
+	// IsSearchesWithNamespace returns whether dns searches contains namespace
+	IsSearchesWithNamespace() bool
+
+	// IsSearchesWithTrustDomain returns whether dns searches contains trust domain
+	IsSearchesWithTrustDomain() bool
+
 	// IsWildcardDNSProxyEnabled returns whether wildcard DNS proxy is enabled
 	IsWildcardDNSProxyEnabled() bool
 

pkg/connector/annotation.go

@@ -14,6 +14,7 @@ var (
 	CloudK8SRefValue = "fsm.connector.service.k8s.ref.name"
 	CloudK8SNodeName = "fsm.connector.service.k8s.node.name"
 	CloudK8SPort     = "fsm.connector.service.k8s.port"
+	CloudK8SVia      = "fsm.connector.service.via.gateway"
 )
 
 const (
@@ -29,6 +30,12 @@ const (
 	// AnnotationCloudServiceInheritedClusterID defines cloud service cluster id annotation
 	AnnotationCloudServiceInheritedClusterID = "flomesh.io/cloud-service-inherited-cluster-id"
 
+	// AnnotationCloudServiceViaGateway defines cloud service via gateway annotation
+	AnnotationCloudServiceViaGateway = "flomesh.io/cloud-service-via-gateway"
+
+	// AnnotationCloudServiceClusterSet defines cloud service cluster set annotation
+	AnnotationCloudServiceClusterSet = "flomesh.io/cloud-service-cluster-set"
+
 	// AnnotationMeshEndpointAddr defines mesh endpoint addr annotation
 	AnnotationMeshEndpointAddr = "flomesh.io/cloud-endpoint-addr"
 )

pkg/connector/cli/config.go

@@ -122,6 +122,8 @@ type config struct {
 
 		withGateway bool
 
+		withGatewayMode ctv1.WithGatewayMode
+
 		consulCfg struct {
 			// The Consul node name to register services with.
 			consulNodeName string
@@ -373,6 +375,12 @@ func (c *config) GetK2CWithGateway() bool {
 	return c.k2cCfg.withGateway
 }
 
+func (c *config) GetK2CWithGatewayMode() ctv1.WithGatewayMode {
+	c.flock.RLock()
+	defer c.flock.RUnlock()
+	return c.k2cCfg.withGatewayMode
+}
+
 func (c *config) GetConsulNodeName() string {
 	c.flock.RLock()
 	defer c.flock.RUnlock()
@@ -664,6 +672,7 @@ func (c *client) initNacosConnectorConfig(spec ctv1.NacosSpec) {
 	c.k2cCfg.allowK8sNamespacesSet = ToSet(spec.SyncFromK8S.AllowK8sNamespaces)
 	c.k2cCfg.denyK8sNamespacesSet = ToSet(spec.SyncFromK8S.DenyK8sNamespaces)
 	c.k2cCfg.withGateway = spec.SyncFromK8S.WithGateway
+	c.k2cCfg.withGatewayMode = spec.SyncFromK8S.WithGatewayMode
 
 	c.k2cCfg.nacosCfg.clusterId = spec.SyncFromK8S.ClusterId
 	c.k2cCfg.nacosCfg.groupId = spec.SyncFromK8S.GroupId
@@ -704,6 +713,7 @@ func (c *client) initEurekaConnectorConfig(spec ctv1.EurekaSpec) {
 	c.k2cCfg.allowK8sNamespacesSet = ToSet(spec.SyncFromK8S.AllowK8sNamespaces)
 	c.k2cCfg.denyK8sNamespacesSet = ToSet(spec.SyncFromK8S.DenyK8sNamespaces)
 	c.k2cCfg.withGateway = spec.SyncFromK8S.WithGateway
+	c.k2cCfg.withGatewayMode = spec.SyncFromK8S.WithGatewayMode
 
 	c.limiter.SetLimit(rate.Limit(spec.Limiter.Limit))
 	c.limiter.SetBurst(int(spec.Limiter.Limit))
@@ -746,6 +756,7 @@ func (c *client) initConsulConnectorConfig(spec ctv1.ConsulSpec) {
 	c.k2cCfg.allowK8sNamespacesSet = ToSet(spec.SyncFromK8S.AllowK8sNamespaces)
 	c.k2cCfg.denyK8sNamespacesSet = ToSet(spec.SyncFromK8S.DenyK8sNamespaces)
 	c.k2cCfg.withGateway = spec.SyncFromK8S.WithGateway
+	c.k2cCfg.withGatewayMode = spec.SyncFromK8S.WithGatewayMode
 
 	c.k2cCfg.consulCfg.consulNodeName = spec.SyncFromK8S.ConsulNodeName
 	c.k2cCfg.consulCfg.consulEnableNamespaces = spec.SyncFromK8S.ConsulEnableNamespaces

pkg/connector/controller.go

@@ -74,6 +74,7 @@ type ConnectController interface {
 	GetDenyK8SNamespaceSet() mapset.Set
 
 	GetK2CWithGateway() bool
+	GetK2CWithGatewayMode() ctv1.WithGatewayMode
 
 	GetConsulNodeName() string
 	GetConsulEnableNamespaces() bool

pkg/connector/ctok/endpoint.go

@@ -78,6 +78,12 @@ func (t *endpointsResource) Upsert(key string, raw interface{}) error {
 			if clusterId, clusterIDExists := service.Annotations[connector.AnnotationCloudServiceInheritedClusterID]; clusterIDExists {
 				endpoints.Annotations[connector.AnnotationCloudServiceInheritedClusterID] = clusterId
 			}
+			if clusterSet, clusterSetyExists := service.Annotations[connector.AnnotationCloudServiceClusterSet]; clusterSetyExists {
+				endpoints.Annotations[connector.AnnotationCloudServiceClusterSet] = clusterSet
+			}
+			if viaGateway, viaGatewayExists := service.Annotations[connector.AnnotationCloudServiceViaGateway]; viaGatewayExists {
+				endpoints.Annotations[connector.AnnotationCloudServiceViaGateway] = viaGateway
+			}
 			if t.controller.GetC2KWithGateway() {
 				if syncer.discClient.IsInternalServices() {
 					endpoints.Annotations[connector.AnnotationMeshServiceInternalSync] = True
@@ -164,15 +170,34 @@ func (t *endpointsResource) updateGatewayEndpointSlice(ctx context.Context, endp
 		}
 		var ports []discoveryv1.EndpointPort
 		var epts []discoveryv1.Endpoint
+		var viaAddr string
+		var viaPort int32
+		if viaGateway, viaGatewayExists := endpointsDup.Annotations[connector.AnnotationCloudServiceViaGateway]; viaGatewayExists {
+			if segs := strings.Split(viaGateway, ":"); len(segs) == 2 {
+				if port, convErr := strconv.Atoi(segs[1]); convErr == nil {
+					viaPort = int32(port & 0xFFFF)
+					viaAddr = segs[0]
+				}
+			}
+		}
 		for _, subsets := range endpointsDup.Subsets {
 			for _, port := range subsets.Ports {
 				shadow := port
-				ports = append(ports, discoveryv1.EndpointPort{
-					Name:        &shadow.Name,
-					Protocol:    &shadow.Protocol,
-					Port:        &shadow.Port,
-					AppProtocol: shadow.AppProtocol,
-				})
+				if viaPort > 0 {
+					ports = append(ports, discoveryv1.EndpointPort{
+						Name:        &shadow.Name,
+						Protocol:    &shadow.Protocol,
+						Port:        &viaPort,
+						AppProtocol: shadow.AppProtocol,
+					})
+				} else {
+					ports = append(ports, discoveryv1.EndpointPort{
+						Name:        &shadow.Name,
+						Protocol:    &shadow.Protocol,
+						Port:        &shadow.Port,
+						AppProtocol: shadow.AppProtocol,
+					})
+				}
 			}
 			if len(subsets.Addresses) > 0 {
 				var ready = true
@@ -182,9 +207,14 @@ func (t *endpointsResource) updateGatewayEndpointSlice(ctx context.Context, endp
 						Ready: &ready,
 					},
 				}
-				for _, addr := range subsets.Addresses {
-					addrs = append(addrs, addr.IP)
+				if len(viaAddr) > 0 {
+					addrs = append(addrs, viaAddr)
+				} else {
+					for _, addr := range subsets.Addresses {
+						addrs = append(addrs, addr.IP)
+					}
 				}
+
 				ept.Addresses = addrs
 				epts = append(epts, ept)
 			}

pkg/connector/ctok/source.go

@@ -130,6 +130,21 @@ func (s *CtoKSource) Aggregate(ctx context.Context, svcName MicroSvcName) map[Mi
 			svcMeta.Addresses[MicroEndpointAddr(instance.Address)] = 1
 			svcMeta.ClusterId = instance.ClusterId
 			svcMeta.HealthCheck = instance.HealthCheck
+			if viaGateway, ok := instance.Meta[connector.CloudK8SVia]; ok {
+				if viaGateway, str := viaGateway.(string); str {
+					if len(viaGateway) > 0 {
+						svcMeta.ViaGateway = viaGateway
+					}
+				}
+			}
+			if clusterSet, ok := instance.Meta[connector.ClusterSetKey]; ok {
+				if clusterSet, str := clusterSet.(string); str {
+					if len(clusterSet) > 0 {
+						svcMeta.ClusterSet = clusterSet
+						svcMeta.ClusterId = clusterSet
+					}
+				}
+			}
 		}
 	}
 	return svcMetaMap