欢迎关注我的公众号:
目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:
istio防故障利器,你知道几个,istio新手不要读,太难!
不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限
不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs
不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了
不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization
不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs
不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs
不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr
不懂envoyfilter也敢说精通istio系列-08-连接池和断路器
不懂envoyfilter也敢说精通istio系列-09-http-route filter
不懂envoyfilter也敢说精通istio系列-network filter-redis proxy
不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager
不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册
————————————————
type TaintOptions struct {//taint结构体
PrintFlags *genericclioptions.PrintFlags
ToPrinter func(string) (printers.ResourcePrinter, error)
resources []string
taintsToAdd []v1.Taint
taintsToRemove []v1.Taint
builder *resource.Builder
selector string
overwrite bool
all bool
ClientForMapping func(*meta.RESTMapping) (resource.RESTClient, error)
genericclioptions.IOStreams
}
//创建taint命令
func NewCmdTaint(f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command {
options := &TaintOptions{//初始化结构体
PrintFlags: genericclioptions.NewPrintFlags("tainted").WithTypeSetter(scheme.Scheme),
IOStreams: streams,
}
validArgs := []string{"node"}
cmd := &cobra.Command{//创建cobra命令
Use: "taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N",
DisableFlagsInUseLine: true,
Short: i18n.T("Update the taints on one or more nodes"),
Long: fmt.Sprintf(taintLong, validation.DNS1123SubdomainMaxLength, validation.LabelValueMaxLength),
Example: taintExample,
Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(options.Complete(f, cmd, args))//准备
cmdutil.CheckErr(options.Validate())//校验
cmdutil.CheckErr(options.RunTaint())//运行
},
ValidArgs: validArgs,//有效参数
}
options.PrintFlags.AddFlags(cmd)//打印选项
cmdutil.AddValidateFlags(cmd)//校验选项
cmd.Flags().StringVarP(&options.selector, "selector", "l", options.selector, "Selector (label query) to filter on, supports '=', '==', and '!='.(e.g. -l key1=value1,key2=value2)")//selector选项
cmd.Flags().BoolVar(&options.overwrite, "overwrite", options.overwrite, "If true, allow taints to be overwritten, otherwise reject taint updates that overwrite existing taints.")//overwrite选项
cmd.Flags().BoolVar(&options.all, "all", options.all, "Select all nodes in the cluster")//all选项
return cmd
}
//准备方法
func (o *TaintOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, args []string) (err error) {
namespace, _, err := f.ToRawKubeConfigLoader().Namespace()//获取namespace
if err != nil {
return err
}
// retrieves resource and taint args from args
// also checks args to verify that all resources are specified before taints
taintArgs := []string{}//taint参数
metTaintArg := false
for _, s := range args {//区分taint和资源
isTaint := strings.Contains(s, "=") || strings.HasSuffix(s, "-")
switch {
case !metTaintArg && isTaint:
metTaintArg = true
fallthrough
case metTaintArg && isTaint:
taintArgs = append(taintArgs, s)
case !metTaintArg && !isTaint:
o.resources = append(o.resources, s)
case metTaintArg && !isTaint:
return fmt.Errorf("all resources must be specified before taint changes: %s", s)
}
}
o.ToPrinter = func(operation string) (printers.ResourcePrinter, error) {//printflag转printer
o.PrintFlags.NamePrintFlags.Operation = operation
return o.PrintFlags.ToPrinter()
}
if len(o.resources) < 1 {//资源小于1个报错
return fmt.Errorf("one or more resources must be specified as <resource> <name>")
}
if len(taintArgs) < 1 {//taint参数小于1个报错
return fmt.Errorf("at least one taint update is required")
}
if o.taintsToAdd, o.taintsToRemove, err = parseTaints(taintArgs); err != nil {//解析taint,区分添加和删除
return cmdutil.UsageErrorf(cmd, err.Error())
}
o.builder = f.NewBuilder().
WithScheme(scheme.Scheme, scheme.Scheme.PrioritizedVersionsAllGroups()...).
ContinueOnError().
NamespaceParam(namespace).DefaultNamespace()//构造result对象
if o.selector != "" {
o.builder = o.builder.LabelSelectorParam(o.selector).ResourceTypes("node")
}
if o.all {
o.builder = o.builder.SelectAllParam(o.all).ResourceTypes("node").Flatten().Latest()
}
if !o.all && o.selector == "" && len(o.resources) >= 2 {
o.builder = o.builder.ResourceNames("node", o.resources[1:]...)
}
o.builder = o.builder.LabelSelectorParam(o.selector).
Flatten().
Latest()
o.ClientForMapping = f.ClientForMapping//设置clientFormapping
return nil
}
//校验选项
func (o TaintOptions) validateFlags() error {
// Cannot have a non-empty selector and all flag set. They are mutually exclusive.
if o.all && o.selector != "" {//all和selector不能同时指定
return fmt.Errorf("setting 'all' parameter with a non empty selector is prohibited.")
}
// If both selector and all are not set.
if !o.all && o.selector == "" {//如果没有指定all和selector,资源数量不能小于2个
if len(o.resources) < 2 {
return fmt.Errorf("at least one resource name must be specified since 'all' parameter is not set")
} else {
return nil
}
}
return nil
}
// Validate checks to the TaintOptions to see if there is sufficient information run the command.
//校验
func (o TaintOptions) Validate() error {
resourceType := strings.ToLower(o.resources[0])
validResources, isValidResource := []string{"node", "nodes"}, false
for _, validResource := range validResources {//验证资源是否有效
if resourceType == validResource {
isValidResource = true
break
}
}
if !isValidResource {
return fmt.Errorf("invalid resource type %s, only %q are supported", o.resources[0], validResources)
}
// check the format of taint args and checks removed taints aren't in the new taints list
var conflictTaints []string
for _, taintAdd := range o.taintsToAdd {//判断taintadd和remove是否冲突
for _, taintRemove := range o.taintsToRemove {
if taintAdd.Key != taintRemove.Key {
continue
}
if len(taintRemove.Effect) == 0 || taintAdd.Effect == taintRemove.Effect {
conflictTaint := fmt.Sprintf("{\"%s\":\"%s\"}", taintRemove.Key, taintRemove.Effect)
conflictTaints = append(conflictTaints, conflictTaint)
}
}
}
if len(conflictTaints) > 0 {
return fmt.Errorf("can not both modify and remove the following taint(s) in the same command: %s", strings.Join(conflictTaints, ", "))
}
return o.validateFlags()//校验选项
}
//运行
func (o TaintOptions) RunTaint() error {
r := o.builder.Do()//获取result对象
if err := r.Err(); err != nil {
return err
}
return r.Visit(func(info *resource.Info, err error) error {//visit result对象
if err != nil {
return err
}
obj := info.Object//得到obj
name, namespace := info.Name, info.Namespace//得到name和namespace
oldData, err := json.Marshal(obj)//保存改变前的json
if err != nil {
return err
}
operation, err := o.updateTaints(obj)//执行更新
if err != nil {
return err
}
newData, err := json.Marshal(obj)//保存改变后的json
if err != nil {
return err
}
patchBytes, err := strategicpatch.CreateTwoWayMergePatch(oldData, newData, obj)//创建patch
createdPatch := err == nil
if err != nil {
klog.V(2).Infof("couldn't compute patch: %v", err)
}
mapping := info.ResourceMapping()//获取mapping
client, err := o.ClientForMapping(mapping)//获取client
if err != nil {
return err
}
helper := resource.NewHelper(client, mapping)//获取helper
var outputObj runtime.Object
if createdPatch {
outputObj, err = helper.Patch(namespace, name, types.StrategicMergePatchType, patchBytes, nil)//应用patch到服务端
} else {
outputObj, err = helper.Replace(namespace, name, false, obj)//执行替换
}
if err != nil {
return err
}
printer, err := o.ToPrinter(operation)// print flag转printer
if err != nil {
return err
}
return printer.PrintObj(outputObj, o.Out)//打印结果
})
}
//更新taint
func (o TaintOptions) updateTaints(obj runtime.Object) (string, error) {
node, ok := obj.(*v1.Node)//把对象转为node
if !ok {
return "", fmt.Errorf("unexpected type %T, expected Node", obj)
}
if !o.overwrite {//如果没有指定ovrewrite,检查是否有冲突
if exists := checkIfTaintsAlreadyExists(node.Spec.Taints, o.taintsToAdd); len(exists) != 0 {
return "", fmt.Errorf("Node %s already has %v taint(s) with same effect(s) and --overwrite is false", node.Name, exists)
}
}
operation, newTaints, err := reorganizeTaints(node, o.overwrite, o.taintsToAdd, o.taintsToRemove)//重新组织taint
if err != nil {
return "", err
}
node.Spec.Taints = newTaints//更新taint
return operation, nil
}
//重新组织taint
func reorganizeTaints(node *corev1.Node, overwrite bool, taintsToAdd []corev1.Taint, taintsToRemove []corev1.Taint) (string, []corev1.Taint, error) {
newTaints := append([]corev1.Taint{}, taintsToAdd...)//新的taint
oldTaints := node.Spec.Taints//老的taint
// add taints that already existing but not updated to newTaints
added := addTaints(oldTaints, &newTaints)//添加后的taint
allErrs, deleted := deleteTaints(taintsToRemove, &newTaints)//删除后的taint
if (added && deleted) || overwrite {
return MODIFIED, newTaints, utilerrors.NewAggregate(allErrs)//返回
} else if added {
return TAINTED, newTaints, utilerrors.NewAggregate(allErrs)
}
return UNTAINTED, newTaints, utilerrors.NewAggregate(allErrs)
}