支持自定义注入 (#199)

* feat: 配置更新和黑白名单注入功能

* feat: 解析annotations注解

* feat: 支持使用k8s命名空间和工作负载注册服务

* feat: InjectedAnnotations自动注入

* fix: howeyc/fsnotify库已经废弃,更新到最新的fsnotify/fsnotify库

* build: fix build failed

* build: update helm files for javaagent

* test: update versions

* test: update helm webhook ca

* fix: identified service namespace and name

* fix: identified config

* test: add unit tests

* chore: 去掉无用的注释

* fix: fix mesh envoy yaml config

* fix: update mesh envoy yaml inject config

* test: 优化单测, map 的 for range 遍历顺序是随机的, 通过手动处理键值对的排序逻辑

* fix: 修正mesh envoy渲染模版的typo

---------

Co-authored-by: evelynwei <[email protected]>

Author: peerless1024

Makefile

@@ -3,7 +3,7 @@ ORG = polarismesh
 REPO = polaris-controller
 SIDECAR_INIT_REPO = polaris-sidecar-init
 ENVOY_SIDECAR_INIT_REPO = polaris-envoy-bootstrap-generator
-IMAGE_TAG = v1.7.2
+IMAGE_TAG = v1.7.3
 PLATFORMS = linux/amd64,linux/arm64
 
 .PHONY: all

build.sh

@@ -26,7 +26,11 @@ else
 fi
 workdir=$(dirname $(realpath $0))
 
-sed -i "s/##VERSION##/$version/g" "$workdir"/deploy/variables.txt
+if [ "$(uname)" == "Darwin" ]; then
+    sed -i "" "s/##VERSION##/$version/g" "$workdir"/deploy/variables.txt
+else
+    sed -i "s/##VERSION##/$version/g" "$workdir"/deploy/variables.txt
+fi
 cat "$workdir"/deploy/variables.txt
 
 function replaceVar() {

cmd/polaris-controller/app/config.go

@@ -21,18 +21,19 @@ import (
 	"gopkg.in/yaml.v2"
 
 	"github.com/polarismesh/polaris-controller/cmd/polaris-controller/app/options"
+	"github.com/polarismesh/polaris-controller/common"
 	"github.com/polarismesh/polaris-controller/common/log"
 )
 
-// ServiceSync controller 用到的配置
+// ProxyMetadata mesh envoy用到的配置
 type ProxyMetadata struct {
 	ServerAddress string `yaml:"serverAddress"`
 	ClusterName   string `yaml:"clusterName"`
 	OpenDemand    string `yaml:"openDemand"`
 	CAAddress     string `yaml:"caAddress"`
 }
 
-// DefaultConfig controller 用到的配置
+// DefaultConfig mesh envoy sidecar 用到的配置
 type DefaultConfig struct {
 	ProxyMetadata ProxyMetadata `yaml:"proxyMetadata"`
 }
@@ -56,16 +57,66 @@ type Server struct {
 }
 
 type controllerConfig struct {
-	Logger        map[string]*log.Options `yaml:"logger"`
-	ClusterName   string                  `yaml:"clusterName"`
-	Server        Server                  `yaml:"server"`
-	ServiceSync   *options.ServiceSync    `yaml:"serviceSync"`
-	ConfigSync    *options.ConfigSync     `yaml:"configSync"`
-	SidecarInject SidecarInject           `yaml:"sidecarInject"`
+	// 北极星服务端地址
+	ServerAddress string `yaml:"serverAddress"`
+	// 北极星服务端token(北极星开启鉴权时需要配置)
+	PolarisAccessToken string `yaml:"accessToken"`
+	// Operator 北极星主账户ID, 用于数据同步
+	Operator string `yaml:"operator"`
+	// 容器集群名称或ID
+	ClusterName string `yaml:"clusterName"`
+	// k8s服务同步配置
+	ServiceSync *options.ServiceSync `yaml:"serviceSync"`
+	// 配置同步配置
+	ConfigSync *options.ConfigSync `yaml:"configSync"`
+	// sidecar注入相关配置
+	SidecarInject SidecarInject `yaml:"sidecarInject"`
+	// mesh envoy 相关配置
+	DefaultConfig DefaultConfig `yaml:"defaultConfig"`
+	// 组件日志配置
+	Logger map[string]*log.Options `yaml:"logger"`
+	// 健康检查和对账配置
+	Server Server `yaml:"server"`
+}
+
+func (c *controllerConfig) getPolarisServerAddress() string {
+	// 新配置格式
+	if c.ServerAddress != "" {
+		return c.ServerAddress
+	}
+	// 老的配置格式
+	if c.ServiceSync.ServerAddress != "" {
+		return c.ServiceSync.ServerAddress
+	}
+	return common.PolarisServerAddress
+}
+
+func (c *controllerConfig) getPolarisAccessToken() string {
+	// 新配置格式
+	if c.PolarisAccessToken != "" {
+		return c.PolarisAccessToken
+	}
+	// 老的配置格式
+	if c.ServiceSync.PolarisAccessToken != "" {
+		return c.ServiceSync.PolarisAccessToken
+	}
+	return ""
+}
+
+func (c *controllerConfig) getPolarisOperator() string {
+	// 新配置格式
+	if c.Operator != "" {
+		return c.Operator
+	}
+	// 老的配置格式
+	if c.ServiceSync.Operator != "" {
+		return c.ServiceSync.Operator
+	}
+	return ""
 }
 
 func readConfFromFile() (*controllerConfig, error) {
-	buf, err := os.ReadFile(MeshFile)
+	buf, err := os.ReadFile(BootstrapConfigFile)
 	if err != nil {
 		log.Errorf("read file error, %v", err)
 		return nil, err

cmd/polaris-controller/app/options/polaris.go

@@ -29,7 +29,8 @@ type PolarisControllerOptions struct {
 
 // ServiceSync 服务同步相关配置
 type ServiceSync struct {
-	Mode          string `yaml:"mode"`
+	Mode string `yaml:"mode"`
+	// deprecated, use SyncMode instead
 	ServerAddress string `yaml:"serverAddress"`
 	// 以下配置仅 polaris-server 开启 console auth
 	// 调用 polaris-server OpenAPI 的凭据
@@ -40,15 +41,9 @@ type ServiceSync struct {
 	Enable bool `yaml:"enable"`
 }
 
-// ConfigSync 服务同步相关配置
+// ConfigSync 配置同步相关配置
 type ConfigSync struct {
-	Mode          string `yaml:"mode"`
-	ServerAddress string `yaml:"serverAddress"`
-	// 以下配置仅 polaris-server 开启 console auth
-	// 调用 polaris-server OpenAPI 的凭据
-	PolarisAccessToken string `yaml:"accessToken"`
-	// Operator 用于数据同步的帐户ID
-	Operator string `yaml:"operator"`
+	Mode string `yaml:"mode"`
 	// AllowDelete 允许向 Polaris 发起删除操作
 	AllowDelete bool `yaml:"allowDelete"`
 	// SyncDirection 配置同步方向, kubernetesToPolaris/polarisToKubernetes/both

cmd/polaris-controller/app/polaris-controller-manager.go

@@ -48,6 +48,7 @@ import (
 	"github.com/polarismesh/polaris-controller/common"
 	"github.com/polarismesh/polaris-controller/common/log"
 	polarisController "github.com/polarismesh/polaris-controller/pkg/controller"
+	"github.com/polarismesh/polaris-controller/pkg/inject/pkg/config"
 	"github.com/polarismesh/polaris-controller/pkg/inject/pkg/kube/inject"
 	_ "github.com/polarismesh/polaris-controller/pkg/inject/pkg/kube/inject/apply/javaagent"
 	_ "github.com/polarismesh/polaris-controller/pkg/inject/pkg/kube/inject/apply/mesh"
@@ -68,7 +69,7 @@ const (
 	DnsConfigFile       = "/etc/polaris-inject/inject/dns-config"
 	JavaAgentConfigFile = "/etc/polaris-inject/inject/java-agent-config"
 	ValuesFile          = "/etc/polaris-inject/inject/values"
-	MeshFile            = "/etc/polaris-inject/config/mesh"
+	BootstrapConfigFile = "/etc/polaris-inject/config/mesh"
 	CertFile            = "/etc/polaris-inject/certs/cert.pem"
 	KeyFile             = "/etc/polaris-inject/certs/key.pem"
 )
@@ -186,8 +187,7 @@ func initControllerConfig(s *options.KubeControllerManagerOptions) {
 	if flags.polarisServerAddress != "" {
 		polarisServerAddress = flags.polarisServerAddress
 	} else {
-		// 启动参数没有指定，取 mesh config 中的地址
-		polarisServerAddress = config.ServiceSync.ServerAddress
+		polarisServerAddress = config.getPolarisServerAddress()
 	}
 	// 去除前后的空格字符
 	polarisServerAddress = strings.TrimSpace(polarisServerAddress)
@@ -196,9 +196,8 @@ func initControllerConfig(s *options.KubeControllerManagerOptions) {
 	polarisapi.PolarisConfigGrpc = polarisServerAddress + ":8093"
 	log.Infof("[Manager] polaris http address %s, discover grpc address %s, config grpc address %s",
 		polarisapi.PolarisHttpURL, polarisapi.PolarisGrpc, polarisapi.PolarisConfigGrpc)
-	// 设置北极星开启鉴权之后，需要使用的访问token
-	polarisapi.PolarisAccessToken = config.ServiceSync.PolarisAccessToken
-	polarisapi.PolarisOperator = config.ServiceSync.Operator
+	polarisapi.PolarisAccessToken = config.getPolarisAccessToken()
+	polarisapi.PolarisOperator = config.getPolarisOperator()
 
 	// 2. 配置 polaris 同步模式
 	if s.PolarisController.SyncMode == "" {
@@ -247,15 +246,18 @@ func closeGrpcLog() {
 }
 
 func initPolarisSidecarInjector(c *options.CompletedConfig) error {
-	parameters := inject.WebhookParameters{
-		DefaultSidecarMode:  util.ParseSidecarMode(c.ComponentConfig.PolarisController.SidecarMode),
+	templateFilePath := config.TemplateFileConfig{
 		MeshConfigFile:      MeshConfigFile,
 		DnsConfigFile:       DnsConfigFile,
 		JavaAgentConfigFile: JavaAgentConfigFile,
 		ValuesFile:          ValuesFile,
-		MeshFile:            MeshFile,
+		BootstrapConfigFile: BootstrapConfigFile,
 		CertFile:            CertFile,
 		KeyFile:             KeyFile,
+	}
+	parameters := inject.WebhookParameters{
+		DefaultSidecarMode:  util.ParseSidecarMode(c.ComponentConfig.PolarisController.SidecarMode),
+		TemplateFileConfig:  templateFilePath,
 		Port:                flags.injectPort,
 		HealthCheckInterval: 3 * time.Second,
 		HealthCheckFile:     "/tmp/health",

deploy/kubernetes_v1.21/helm/templates/_helpers.tpl

@@ -55,6 +55,13 @@ Get specific image for sidecar init container
 {{- printf "%s:%s" .Values.sidecar.envoy.image.repo .Values.sidecar.envoy.image.tag -}}
 {{- end -}}
 
+{{/*
+Get specific image for javaagent init container
+*/}}
+{{- define "polaris-controller.sidecar.javaagent.image" -}}
+{{- printf "%s:%s" .Values.sidecar.javaagent.image.repo .Values.sidecar.javaagent.image.tag -}}
+{{- end -}}
+
 {{/*
 Get specific image for sidecar init container
 */}}

deploy/kubernetes_v1.21/helm/templates/_params.tpl

@@ -64,7 +64,7 @@ Define the cmd envs for the bootstrap init container.
 - name: CLUSTER_NAME
   value: {{ "{{" }}.ProxyConfig.ProxyMetadata.clusterName{{ "}}" }}
 - name: OPEN_DEMAND
-  value: {{ "{{" }}.ProxyConfig.ProxyMetadata.opemDemand{{ "}}" }}
+  value: {{ "{{" }}.ProxyConfig.ProxyMetadata.openDemand{{ "}}" }}
 {{- end -}}
 
 

deploy/kubernetes_v1.21/helm/templates/admission-webhooks/mutating-webhook.yaml

@@ -20,4 +20,40 @@ webhooks:
     failurePolicy: Fail
     namespaceSelector:
       matchLabels:
-        polaris-injection: enabled
+        polaris-injection: enabled
+  - name: ns.injector.polarismesh.cn
+    clientConfig:
+      service:
+        name: polaris-sidecar-injector
+        namespace: polaris-system
+        path: "/inject"
+      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpVENDQTNHZ0F3SUJBZ0lVSUJGZmZMeE84K2RNSTNrd3hOcXpibGg4Zm9Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRTBNRElHQTFVRUF3d3JjRzlzWVhKcGN5MXphV1JsWTJGeUxXbHVhbVZqZEc5eUxuQnZiR0Z5YVhNdApjM2x6ZEdWdExuTjJZekFnRncweU1qQTNNRFF3TXpFNU1UaGFHQTh5TVRJeE1EWXhNREF6TVRreE9Gb3dOakUwCk1ESUdBMVVFQXd3cmNHOXNZWEpwY3kxemFXUmxZMkZ5TFdsdWFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnQKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxMWmE4NzZkQnRmQlJ1cgpaSzZpK0UzRUs4UWJFWitlaG1lNWNhaXhsakRwTlJIdHFyb2I2NGExYldTUWQxU0IvMmVxbVdiY1ZXY24vVFRQCk45WFVHN2JsNExSaWRWQktYODE3ekdDWEYra3BqbTNOekFseEdEK3lteXhJeWhYS1U5K3A3VGk5SXpORXNPNE8KSlhaQm5iOVdzWGU2eGJJN0dlUUY5WXVCdit0ekNMNVJ0ZmRiUmtMVGQ2eWF3NlZYTFdEcDFrUUU4Q1pEc0g5ZApTZmxBeUhCUitaLzVqbzBtMnQzU3hiNTVPak9YcDhVNmV3bVRmdzZ0VXE1Z3dmZXBjWGNOUWlVTXJveFl0dXkxCkxnWGVBN3MvMFdCeDcrVlFPWXlGSGlaQUI0V1dkSEk1S0JIeFlpSFA3Y2N5aWEvM0gwQ2lYVSthYnd0NHk5TDQKdmVSMHQ5ZmMvbXZXUU01aFBjT1hwdzVJZU5sUG8wZE9vZ0NNdE1qaTkwTEFFS2RMQVNhemxDT0hzdVFqNkczaQp4Nk4rdzQrYy9VTGFxR1REUGc2K0c0UDl5UUVZNXVDNDRZWWpJSGxjQlhyR0YwVFFKTEZMM3F4dnU1VitpYXF1CnMvaWZyRzllY3RyY3lLczVWM0dESGlDdE93Y29MajI1TG1oYzF4MEdvT1RmWis3VFA1NjRyM1k3cVVhcUJ3WFgKMWREak4wREFtU1k1VW1tTGhhZ205bU9xcVo4T29XY0M2clFEVUJwbW1hTTUxVEVkeVEwbHNCc0g1T0Jvalp1UgpkeUZuTXkxWHdSRjVNenRrTW9nRnZKYWhnN1hVUTJBN1NBaUhxaUlCY1AyZTZKNDdUMVNqa0s4NUpwMU1WRW5PCjZhSFZxR29wQm9tUi9BNzBTUlRLeGp2UW52UC9BZ01CQUFHamdZd3dnWWt3SFFZRFZSME9CQllFRkNMTkZlMHUKd3Z3RGRiT0VRQWwxNFMwRTRBQzhNQjhHQTFVZEl3UVlNQmFBRkNMTkZlMHV3dndEZGJPRVFBbDE0UzBFNEFDOApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUkJDOHdMWUlyY0c5c1lYSnBjeTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnRMbk4yWXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWx5aXQKVjdYaHRqZTFXK3RBMUtiUUtBUi8rendiUW1RUHpRTHpRdEdqUERvbmk5VVYyK3A1OEF5YmtvVVo3cEhXb2hFcgoxUGI2WGpKVVYxNjhGb3FZMUR4OS9SRCtDeC9mOWZ1MkswTTEvc2pYTk9oVERuMHZwZ2VvMFZJOVdCcUMrK1EyCllORmZNM2ZhaDQyaXVaSTBZNldnRldJM3dGbUQ3MTBWTC8xOVhMQ0dpditUbmc0ZnRwcHhOZW9rWlI1dU1janAKM0hNeExnUkExbnFYQ2ZhT3VrRVZLbnhvQ1hoQmRySXErV1VsOUZjZ09iVGxaU0RMNEpkZTl2R1B3cFBFRS9pVgo5cHhsMkhxWWdUZEdXZjJXeWluSmhZazFXempmZzFRTEY0TnJIQ2o3alJNbDBFbXZHM0hTNDM0ME9PUURKTlptClBDVHVrODV6L2dwaml5b3RxUlorcmNXSThBbVZDdURWbkg0VHVqb2swU1RXdUlWUDM5c21DUE5kUElwUVIxblIKSnZ1L2szV0IrTmlZbU94QzJ5SjRvMWRtYnZvS2ZadGIxVVBObVRJcmxXNThlMDdmUGV4QmNwR3JSRk5yVS9kaQpJbEpMNytXVVBKQWluTC8zL0FLQm5md1ZaemtrOVlUdld0b2xZeElhRExTd3JsdEdvZjBQUkptYnI0UDdxbm56ClFDUXVlZDFsUjRaUHJnYUlnZEdHSjdac1lESlVZbS8xd2g3N3FmR3FlYlRFZmorV09JYzV2S09vcEZTY0ZXd3oKNGVZVmVMYjBZdkc0dmc3ZHhCNFArbElzaFNpdmRVUE5XMW5ZY05pcFIrNnI2Q3h0ZnIwWjZWSkFjZjdTR1FHNwpYZkNuQXdMdlJtMEs2Q1Z6WUhPTFVRR2ZVSjBEbGFEeUR3c0JOc009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    rules:
+      - operations: ["CREATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+    admissionReviewVersions: ["v1"]
+    sideEffects: "None"
+    failurePolicy: Fail
+    namespaceSelector:
+      matchLabels:
+        polarismesh.cn/inject: enabled
+  - name: allowlist.polarismesh.cn
+    clientConfig:
+      service:
+        name: polaris-sidecar-injector
+        namespace: polaris-system
+        path: "/inject"
+      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZpVENDQTNHZ0F3SUJBZ0lVSUJGZmZMeE84K2RNSTNrd3hOcXpibGg4Zm9Vd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRTBNRElHQTFVRUF3d3JjRzlzWVhKcGN5MXphV1JsWTJGeUxXbHVhbVZqZEc5eUxuQnZiR0Z5YVhNdApjM2x6ZEdWdExuTjJZekFnRncweU1qQTNNRFF3TXpFNU1UaGFHQTh5TVRJeE1EWXhNREF6TVRreE9Gb3dOakUwCk1ESUdBMVVFQXd3cmNHOXNZWEpwY3kxemFXUmxZMkZ5TFdsdWFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnQKTG5OMll6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxMWmE4NzZkQnRmQlJ1cgpaSzZpK0UzRUs4UWJFWitlaG1lNWNhaXhsakRwTlJIdHFyb2I2NGExYldTUWQxU0IvMmVxbVdiY1ZXY24vVFRQCk45WFVHN2JsNExSaWRWQktYODE3ekdDWEYra3BqbTNOekFseEdEK3lteXhJeWhYS1U5K3A3VGk5SXpORXNPNE8KSlhaQm5iOVdzWGU2eGJJN0dlUUY5WXVCdit0ekNMNVJ0ZmRiUmtMVGQ2eWF3NlZYTFdEcDFrUUU4Q1pEc0g5ZApTZmxBeUhCUitaLzVqbzBtMnQzU3hiNTVPak9YcDhVNmV3bVRmdzZ0VXE1Z3dmZXBjWGNOUWlVTXJveFl0dXkxCkxnWGVBN3MvMFdCeDcrVlFPWXlGSGlaQUI0V1dkSEk1S0JIeFlpSFA3Y2N5aWEvM0gwQ2lYVSthYnd0NHk5TDQKdmVSMHQ5ZmMvbXZXUU01aFBjT1hwdzVJZU5sUG8wZE9vZ0NNdE1qaTkwTEFFS2RMQVNhemxDT0hzdVFqNkczaQp4Nk4rdzQrYy9VTGFxR1REUGc2K0c0UDl5UUVZNXVDNDRZWWpJSGxjQlhyR0YwVFFKTEZMM3F4dnU1VitpYXF1CnMvaWZyRzllY3RyY3lLczVWM0dESGlDdE93Y29MajI1TG1oYzF4MEdvT1RmWis3VFA1NjRyM1k3cVVhcUJ3WFgKMWREak4wREFtU1k1VW1tTGhhZ205bU9xcVo4T29XY0M2clFEVUJwbW1hTTUxVEVkeVEwbHNCc0g1T0Jvalp1UgpkeUZuTXkxWHdSRjVNenRrTW9nRnZKYWhnN1hVUTJBN1NBaUhxaUlCY1AyZTZKNDdUMVNqa0s4NUpwMU1WRW5PCjZhSFZxR29wQm9tUi9BNzBTUlRLeGp2UW52UC9BZ01CQUFHamdZd3dnWWt3SFFZRFZSME9CQllFRkNMTkZlMHUKd3Z3RGRiT0VRQWwxNFMwRTRBQzhNQjhHQTFVZEl3UVlNQmFBRkNMTkZlMHV3dndEZGJPRVFBbDE0UzBFNEFDOApNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdOZ1lEVlIwUkJDOHdMWUlyY0c5c1lYSnBjeTF6YVdSbFkyRnlMV2x1CmFtVmpkRzl5TG5CdmJHRnlhWE10YzNsemRHVnRMbk4yWXpBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQWdFQWx5aXQKVjdYaHRqZTFXK3RBMUtiUUtBUi8rendiUW1RUHpRTHpRdEdqUERvbmk5VVYyK3A1OEF5YmtvVVo3cEhXb2hFcgoxUGI2WGpKVVYxNjhGb3FZMUR4OS9SRCtDeC9mOWZ1MkswTTEvc2pYTk9oVERuMHZwZ2VvMFZJOVdCcUMrK1EyCllORmZNM2ZhaDQyaXVaSTBZNldnRldJM3dGbUQ3MTBWTC8xOVhMQ0dpditUbmc0ZnRwcHhOZW9rWlI1dU1janAKM0hNeExnUkExbnFYQ2ZhT3VrRVZLbnhvQ1hoQmRySXErV1VsOUZjZ09iVGxaU0RMNEpkZTl2R1B3cFBFRS9pVgo5cHhsMkhxWWdUZEdXZjJXeWluSmhZazFXempmZzFRTEY0TnJIQ2o3alJNbDBFbXZHM0hTNDM0ME9PUURKTlptClBDVHVrODV6L2dwaml5b3RxUlorcmNXSThBbVZDdURWbkg0VHVqb2swU1RXdUlWUDM5c21DUE5kUElwUVIxblIKSnZ1L2szV0IrTmlZbU94QzJ5SjRvMWRtYnZvS2ZadGIxVVBObVRJcmxXNThlMDdmUGV4QmNwR3JSRk5yVS9kaQpJbEpMNytXVVBKQWluTC8zL0FLQm5md1ZaemtrOVlUdld0b2xZeElhRExTd3JsdEdvZjBQUkptYnI0UDdxbm56ClFDUXVlZDFsUjRaUHJnYUlnZEdHSjdac1lESlVZbS8xd2g3N3FmR3FlYlRFZmorV09JYzV2S09vcEZTY0ZXd3oKNGVZVmVMYjBZdkc0dmc3ZHhCNFArbElzaFNpdmRVUE5XMW5ZY05pcFIrNnI2Q3h0ZnIwWjZWSkFjZjdTR1FHNwpYZkNuQXdMdlJtMEs2Q1Z6WUhPTFVRR2ZVSjBEbGFEeUR3c0JOc009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    rules:
+      - operations: ["CREATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+    admissionReviewVersions: ["v1"]
+    sideEffects: "None"
+    failurePolicy: Fail
+    objectSelector:
+      matchLabels:
+        polarismesh.cn/inject: enabled

deploy/kubernetes_v1.21/helm/templates/controller-configmap-javaagent.yaml

@@ -16,7 +16,7 @@ data:
     # 启用 Java Agent 的 Spring Cloud Tencent 注册发现能力
     spring.cloud.discovery.enabled=true
     # 配置服务注册发现的命名空间信息
-    spring.cloud.polaris.discovery.namespace=default
+    spring.cloud.polaris.discovery.namespace={{ .MicroserviceNamespace }}
     # 启用从北极星
     spring.cloud.polaris.discovery.enabled=true
     spring.cloud.polaris.discovery.register=true
@@ -66,7 +66,7 @@ data:
     # 启用 Java Agent 的 Spring Cloud Tencent 注册发现能力
     spring.cloud.discovery.enabled=true
     # 配置服务注册发现的命名空间信息
-    spring.cloud.polaris.discovery.namespace=default
+    spring.cloud.polaris.discovery.namespace={{ .MicroserviceNamespace }}
     # 启用从北极星
     spring.cloud.polaris.discovery.enabled=true
     spring.cloud.polaris.discovery.register=true
@@ -116,7 +116,7 @@ data:
     # 启用 Java Agent 的 Spring Cloud Tencent 注册发现能力
     spring.cloud.discovery.enabled=true
     # 配置服务注册发现的命名空间信息
-    spring.cloud.polaris.discovery.namespace=default
+    spring.cloud.polaris.discovery.namespace={{ .MicroserviceNamespace }}
     # 启用从北极星
     spring.cloud.polaris.discovery.enabled=true
     spring.cloud.polaris.discovery.register=true

deploy/kubernetes_v1.21/helm/templates/controller-configmap-mesh.yaml

@@ -61,22 +61,22 @@ data:
           - stdout
         errorOutputPaths:
           - stderr
+    # 北极星服务端地址
+    serverAddress: {{ .Values.polaris.server.address }}
+    # 北极星服务端token(北极星开启鉴权时需要配置)
+    accessToken: {{ .Values.polaris.server.token }}
+    # 北极星主账户ID
+    operator: {{ .Values.polaris.server.operator }}
     # k8s cluster name
     clusterName: "{{ .Values.cluster.name }}"
-    # polaris-sidecar 注入的默认启动模式, 可以配置 mesh 或者 dns
+    # polaris-sidecar 注入的默认启动模式, 可以配置 java-agent, mesh 或者 dns
     sidecarInject:
-      mode: "{{ .Values.sidecar.mesh }}"
+      mode: "{{ .Values.sidecar.mode }}"
     # service sync
     serviceSync:
       mode: {{ .Values.polaris.sync.service.mode }}
-      serverAddress: {{ .Values.polaris.server.address }}
-      # 北极星开启鉴权时需要配置
-      accessToken: {{ .Values.polaris.server.token }}
     configSync:
       enable: {{ .Values.polaris.sync.config.enable }}
-      serverAddress: {{ .Values.polaris.server.address }}
-      # 北极星开启鉴权时需要配置
-      accessToken: {{ .Values.polaris.server.token }}
       allowDelete: {{ .Values.polaris.sync.config.allowDelete }}
       # 配置同步方向: kubernetesToPolaris|polarisToKubernetes|both
       syncDirection: {{ .Values.polaris.sync.config.direction }}

deploy/kubernetes_v1.21/helm/templates/controller-configmap-sidecar.yaml

@@ -15,7 +15,7 @@ data:
       []
 
     neverInjectSelector:
-      []
+      [{"matchLabels":{"polarismesh.cn/inject":"disabled"}}]
 
     template: |
       containers:
@@ -93,12 +93,12 @@ data:
       []
 
     neverInjectSelector:
-      []
+      [{"matchLabels":{"polarismesh.cn/inject":"disabled"}}]
 
     template: |
       initContainers:
       - name: polaris-javaagent-init
-        image: polarismesh/polaris-javaagent-init:#JAVA_AGENT_INIT#
+        image: {{ include "polaris-controller.sidecar.javaagent.image" . }}
         imagePullPolicy: Always
         env:
           - name: JAVA_AGENT_DIR
@@ -138,7 +138,7 @@ data:
       []
 
     neverInjectSelector:
-      []
+      [{"matchLabels":{"polarismesh.cn/inject":"disabled"}}]
 
     template: |
       containers:

deploy/kubernetes_v1.21/helm/values.yaml

@@ -31,12 +31,18 @@ sidecar:
     image:
       repo: polarismesh/polaris-envoy-bootstrap-generator
       tag: #CONTROLLER_VERSION#
+  javaagent:
+    image:
+      repo: polarismesh/polaris-javaagent-init
+      tag: #JAVA_AGENT_INIT#
+      pullPolicy: Always
 
 ## polaris server config
 polaris:
   server:
     address: #POLARIS_HOST#
     token: #POLARIS_TOKEN#
+    operator: #POLARIS_OPERATOR#
   sync:
     service:
       mode: all