feat: Add Nacos 3.x support

README.md

@@ -75,9 +75,13 @@ docker compose
 
     用于加密敏感配置数据的密钥。长度必须为 32 个字符。若未设置，Higress 将自动生成一个随机的密钥。若需集群部署，此项必须设置。
 
-  * --nacos-port=NACOS-PORT
+  * --nacos-service-port=NACOS-SERVICE-PORT
 
-    内置 NACOS 服务在服务器本地监听的端口。默认值为 8848。
+    内置 Nacos API 在服务器本地监听的端口。默认值为 8848。
+
+  * --nacos-console-port=NACOS-CONSOLE-PORT
+
+    内置 Nacos Console 在服务器本地监听的端口。默认值为 8888。
 
   * --gateway-http-port=GATEAWY-HTTP-PORT
 

all-in-one/config/configmaps/higress-config.yaml

@@ -7,6 +7,16 @@ metadata:
   resourceVersion: "1"
 data:
   higress: |-
+    mcpServer:
+      enable: false
+      sse_path_suffix: /sse
+      redis:
+        address: redis-address:6379
+        username: ""
+        password: ""
+        db: 0
+      match_list: []
+      servers: []
     downstream:
       connectionBufferLimits: 32768
       http2:

bin/configure.sh

@@ -16,6 +16,7 @@
 
 BUILTIN_NACOS_SERVER_URL=nacos://nacos:8848
 DEFAULT_NACOS_NS=higress-system
+DEFAULT_NACOS_CONSOLE_PORT=8888
 DEFAULT_NACOS_HTTP_PORT=8848
 DEFAULT_GATEWAY_HTTP_PORT=80
 DEFAULT_GATEWAY_HTTPS_PORT=443
@@ -135,6 +136,16 @@ parseArgs() {
       MODE="params"
       shift
       ;;
+    --nacos-console-port=*)
+      NACOS_CONSOLE_PORT="${1#*=}"
+      MODE="params"
+      shift
+      ;;
+    --nacos-service-port=*)
+      NACOS_CONSOLE_PORT="${1#*=}"
+      MODE="params"
+      shift
+      ;;
     --nacos-port=*)
       NACOS_HTTP_PORT="${1#*=}"
       MODE="params"
@@ -225,6 +236,7 @@ resetEnv() {
   # Not to reset the encryption key to avoid accidental key losts.
   # NACOS_DATA_ENC_KEY=""
 
+  NACOS_CONSOLE_PORT=$DEFAULT_NACOS_CONSOLE_PORT
   NACOS_HTTP_PORT=$DEFAULT_NACOS_HTTP_PORT
   NACOS_GRPC_PORT=$(($DEFAULT_NACOS_HTTP_PORT + 1000))
   GATEWAY_HTTP_PORT=$DEFAULT_GATEWAY_HTTP_PORT
@@ -329,10 +341,12 @@ configureFileStorageByArgs() {
 configurePortsByArgs() {
   if [ "$CONFIG_STORAGE" == "nacos" ]; then
     if [ "$USE_BUILTIN_NACOS" == "Y" ]; then
-      validatePort $NACOS_HTTP_PORT "Invalid --nacos-port value." 1
+      validatePort $NACOS_CONSOLE_PORT "Invalid --nacos-console-port value." 1
+      validatePort $NACOS_HTTP_PORT "Invalid --nacos-port/--nacos-service-port value." 1
       NACOS_GRPC_PORT=$(($NACOS_HTTP_PORT + 1000))
       validatePort $NACOS_GRPC_PORT "--nacos-port value must be less than 64536." 1
     else
+      NACOS_CONSOLE_PORT=$DEFAULT_NACOS_CONSOLE_PORT
       NACOS_HTTP_PORT=$DEFAULT_NACOS_HTTP_PORT
       NACOS_GRPC_PORT=$(($DEFAULT_NACOS_HTTP_PORT + 1000))
     fi
@@ -495,13 +509,15 @@ configurePorts() {
 
   if [ "$USE_BUILTIN_NACOS" == "Y" ]; then
     while true; do
-      readPortWithDefault "Please input the local HTTP port to access the built-in Nacos [${DEFAULT_NACOS_HTTP_PORT}]: " ${DEFAULT_NACOS_HTTP_PORT}
+      readPortWithDefault "Please input the local HTTP port to access the built-in Nacos service [${DEFAULT_NACOS_HTTP_PORT}]: " ${DEFAULT_NACOS_HTTP_PORT}
       NACOS_HTTP_PORT=$input
       NACOS_GRPC_PORT=$(($NACOS_HTTP_PORT + 1000))
       validatePort $NACOS_GRPC_PORT "The HTTP port of Nacos must be less than 64536." 0
       if [ $? -eq 0 ]; then
         break
       fi
+      readPortWithDefault "Please input the local HTTP port to access the built-in Nacos console [${DEFAULT_NACOS_CONSOLE_PORT}]: " ${DEFAULT_NACOS_CONSOLE_PORT}
+      NACOS_CONSOLE_PORT=$input
     done
   fi
   readPortWithDefault "Please input the local HTTP port to access Higress Gateway [${DEFAULT_GATEWAY_HTTP_PORT}]: " ${DEFAULT_GATEWAY_HTTP_PORT}
@@ -535,9 +551,12 @@ outputUsage() {
  -k, --data-enc-key=KEY     the key used to encrypt sensitive configurations
                             MUST contain 32 characters
                             A random key will be generated if unspecified
-     --nacos-port=NACOS-PORT
-                            the HTTP port used to access the built-in Nacos
+     --nacos-service-port=NACOS-SERVICE-PORT
+                            the HTTP port used to access the built-in Nacos service
                             default to 8848 if unspecified
+     --nacos-console-port=NACOS-CONSOLE-PORT
+                            the HTTP port used to access the built-in Nacos console
+                            default to 8888 if unspecified
      --gateway-http-port=GATEWAY-HTTP-PORT
                             the HTTP port to be listened by the gateway
                             default to 80 if unspecified
@@ -614,6 +633,7 @@ PROMETHEUS_TAG='${PROMETHEUS_TAG}'
 PROMTAIL_TAG='${PROMTAIL_TAG}'
 LOKI_TAG='${LOKI_TAG}'
 GRAFANA_TAG='${GRAFANA_TAG}'
+NACOS_CONSOLE_PORT='${NACOS_CONSOLE_PORT}'
 NACOS_HTTP_PORT='${NACOS_HTTP_PORT}'
 NACOS_GRPC_PORT='${NACOS_GRPC_PORT}'
 GATEWAY_HTTP_PORT='${GATEWAY_HTTP_PORT}'

compose/.env

@@ -6,7 +6,7 @@ NACOS_NS='higress-system'
 NACOS_USERNAME=''
 NACOS_PASSWORD=''
 NACOS_DATA_ENC_KEY=''
-NACOS_SERVER_TAG='v2.5.1'
+NACOS_SERVER_TAG='v3.0.1'
 HIGRESS_RUNNER_TAG='0.0.3'
 HIGRESS_API_SERVER_TAG='0.0.22'
 HIGRESS_CONTROLLER_TAG='2.1.3'

compose/docker-compose.yml

@@ -6,7 +6,8 @@ networks:
 
 services:
   nacos:
-    image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/nacos-server:${NACOS_SERVER_TAG:-v2.5.1}
+    hostname: higress-nacos
+    image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/nacos-server:${NACOS_SERVER_TAG}
     profiles: [ "nacos" ]
     env_file:
       - ./env/nacos.env
@@ -22,11 +23,13 @@ services:
     volumes:
       - ./volumes/nacos:/home/nacos/data
     ports:
+      - "${NACOS_CONSOLE_PORT:-8888}:8080/tcp"
       - "${NACOS_HTTP_PORT:-8848}:8848/tcp"
       - "${NACOS_GRPC_PORT:-9848}:9848/tcp"
     restart: always
 
   initializer:
+    hostname: higress-initializer
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/runner:${HIGRESS_RUNNER_TAG}
     command:
       - ./init.sh
@@ -41,6 +44,7 @@ services:
       - ${FILE_ROOT_DIR:-./volumes/dummy}:/opt/data/:rw
 
   precheck:
+    hostname: higress-precheck
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/runner:${HIGRESS_RUNNER_TAG}
     command:
       - ./precheck.sh
@@ -55,6 +59,7 @@ services:
       - ${FILE_ROOT_DIR:-./volumes/dummy}:/opt/data/:ro
 
   apiserver:
+    hostname: higress-apiserver
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/api-server:${HIGRESS_API_SERVER_TAG}
     command:
       - --secure-port
@@ -97,6 +102,7 @@ services:
       - ${FILE_ROOT_DIR:-./volumes/dummy}:/opt/data/:rw
 
   prepare:
+    hostname: higress-prepare
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/runner:${HIGRESS_RUNNER_TAG}
     command:
       - ./prepare.sh
@@ -114,6 +120,7 @@ services:
       - ${FILE_ROOT_DIR:-./volumes/dummy}:/opt/data/:ro
 
   controller:
+    hostname: higress-controller
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/higress:${HIGRESS_CONTROLLER_TAG}
     command:
       - serve
@@ -141,6 +148,7 @@ services:
       - ./volumes/controller/log/nacos:/var/log/nacos:rw
 
   pilot:
+    hostname: higress-pilot
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/pilot:${HIGRESS_PILOT_TAG}
     command:
       - discovery
@@ -173,6 +181,7 @@ services:
       - ./volumes/pilot/config:/etc/istio/config:ro
 
   gateway:
+    hostname: higress-gateway
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/gateway:${HIGRESS_GATEWAY_TAG}
     command:
       - proxy
@@ -216,6 +225,7 @@ services:
       - ./volumes/gateway/log:/var/log/proxy:rw
 
   console:
+    hostname: higress-console
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/console:${HIGRESS_CONSOLE_TAG}
     env_file:
       - ./env/console.env
@@ -244,6 +254,7 @@ services:
       - ./volumes/kube:/home/higress/.kube:ro
 
   prometheus:
+    hostname: higress-prometheus
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/prometheus:${PROMETHEUS_TAG}
     command:
       - "--config.file=/etc/prometheus/prometheus.yaml"
@@ -276,6 +287,7 @@ services:
       - ./volumes/prometheus/data:/prometheus:rw
 
   promtail:
+    hostname: higress-promtail
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/promtail:${PROMTAIL_TAG}
     command:
       - -config.file=/etc/promtail/promtail.yaml
@@ -310,6 +322,7 @@ services:
       - ./volumes/gateway/log:/var/log/proxy:ro
 
   loki:
+    hostname: higress-loki
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/loki:${LOKI_TAG}
     command:
       - -config.file=/etc/loki/config/config.yaml
@@ -340,6 +353,7 @@ services:
       - ./volumes/loki/data:/var/loki:rw
 
   grafana:
+    hostname: higress-grafana
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/grafana:${GRAFANA_TAG}
     depends_on:
       prometheus:
@@ -369,6 +383,7 @@ services:
       - ./volumes/grafana/lib:/var/lib/grafana:rw
 
   postcheck:
+    hostname: higress-postcheck
     image: higress-registry.cn-hangzhou.cr.aliyuncs.com/higress/runner:${HIGRESS_RUNNER_TAG}
     command:
       - ./postcheck.sh

compose/env/nacos.env

@@ -1,8 +1,17 @@
 MODE=standalone
 PREFER_HOST_MODE=hostname
-NACOS_AUTH_ENABLE=false
 # Enlarge DB connection timeout to give the embedded storage enough time to finish initialization
 JAVA_OPT=-Ddb.pool.config.connectionTimeout=60000
 NACOS_AUTH_IDENTITY_KEY=serveridentity
 NACOS_AUTH_IDENTITY_VALUE=security
-NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789
+NACOS_AUTH_TOKEN=SecretKey012345678901234567890123456789012345678901234567890123456789
+# Disable auth in Nacos 2.x
+NACOS_AUTH_ENABLE=false
+# Disable auth in Nacos 3.x
+NACOS_CORE_AUTH_ENABLED=false
+NACOS_CORE_AUTH_ADMIN_ENABLED=false
+NACOS_CORE_AUTH_CONSOLE_ENABLED=false
+# Enable API compatibility in Nacos 3.x
+NACOS_CORE_API_COMPATIBILITY_CONSOLE_ENABLED=true
+NACOS_CORE_API_COMPATIBILITY_CORE_ENABLED=true
+NACOS_CORE_API_COMPATIBILITY_ADMIN_ENABLED=true