Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: sync conf via gRPC #8450

Merged
merged 1 commit into from
Dec 7, 2022
Merged

feat: sync conf via gRPC #8450

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,8 @@ luac.out
*.orig
*.rej
t/servroot
t/certs/*.csr
t/certs/*.srl
t/xds-library/libxds.h
conf/apisix.uid
conf/nginx.conf
Expand Down
12 changes: 12 additions & 0 deletions apisix/cli/env.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,12 +89,24 @@ return function (apisix_home, pkg_cpath_org, pkg_path_org)
local openresty_args = openresty_path_abs .. [[ -p ]] .. apisix_home .. [[ -c ]]
.. apisix_home .. [[/conf/nginx.conf]]

local or_info, err = util.execute_cmd("openresty -V 2>&1")
if not or_info then
error("failed to exec cmd \'openresty -V 2>&1\', err: " .. err)
end

local use_apisix_base = true
if not or_info:find("apisix-nginx-module", 1, true) then
use_apisix_base = false
end

local min_etcd_version = "3.4.0"

return {
apisix_home = apisix_home,
is_root_path = is_root_path,
openresty_args = openresty_args,
openresty_info = or_info,
use_apisix_base = use_apisix_base,
pkg_cpath_org = pkg_cpath_org,
pkg_path_org = pkg_path_org,
min_etcd_version = min_etcd_version,
Expand Down
16 changes: 8 additions & 8 deletions apisix/cli/ngx_tpl.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ env {*name*};
{% end %}
{% end %}

{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
thread_pool grpc-client-nginx-module threads=1;

lua {
Expand Down Expand Up @@ -90,7 +90,7 @@ http {
}

server {
{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
listen {* prometheus_server_addr *} enable_process=privileged_agent;
{% else %}
listen {* prometheus_server_addr *};
Expand Down Expand Up @@ -215,7 +215,7 @@ stream {

proxy_pass apisix_backend;

{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
set $upstream_sni "apisix_backend";
proxy_ssl_server_name on;
proxy_ssl_name $upstream_sni;
Expand Down Expand Up @@ -395,7 +395,7 @@ http {
upstream apisix_backend {
server 0.0.0.1;

{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
keepalive {* http.upstream.keepalive *};
keepalive_requests {* http.upstream.keepalive_requests *};
keepalive_timeout {* http.upstream.keepalive_timeout *};
Expand Down Expand Up @@ -431,7 +431,7 @@ http {
}
{% end %}

{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
apisix_delay_client_max_body_check on;
apisix_mirror_on_demand on;
{% end %}
Expand Down Expand Up @@ -483,7 +483,7 @@ http {

{% if enabled_plugins["prometheus"] and prometheus_server_addr then %}
server {
{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
listen {* prometheus_server_addr *} enable_process=privileged_agent;
{% else %}
listen {* prometheus_server_addr *};
Expand Down Expand Up @@ -746,7 +746,7 @@ http {
apisix.grpc_access_phase()
}

{% if use_apisix_openresty then %}
{% if use_apisix_base then %}
# For servers which obey the standard, when `:authority` is missing,
# `host` will be used instead. When used with apisix-base, we can do
# better by setting `:authority` directly
Expand Down Expand Up @@ -799,7 +799,7 @@ http {
location = /proxy_mirror {
internal;

{% if not use_apisix_openresty then %}
{% if not use_apisix_base then %}
if ($upstream_mirror_uri = "") {
return 200;
}
Expand Down
11 changes: 3 additions & 8 deletions apisix/cli/ops.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,17 +259,12 @@ Please modify "admin_key" in conf/config.yaml .
util.die("openresty version must >=", need_ver, " current ", or_ver, "\n")
end

local or_info = util.execute_cmd("openresty -V 2>&1")
if or_info and not or_info:find("http_stub_status_module", 1, true) then
local or_info = env.openresty_info
if not or_info:find("http_stub_status_module", 1, true) then
util.die("'http_stub_status_module' module is missing in ",
"your openresty, please check it out.\n")
end

local use_apisix_openresty = true
if or_info and not or_info:find("apisix-nginx-module", 1, true) then
use_apisix_openresty = false
end

local enable_http = true
if not yaml_conf.apisix.enable_admin and yaml_conf.apisix.stream_proxy and
yaml_conf.apisix.stream_proxy.only ~= false
Expand Down Expand Up @@ -543,7 +538,7 @@ Please modify "admin_key" in conf/config.yaml .
os_name = util.trim(util.execute_cmd("uname")),
apisix_lua_home = env.apisix_home,
deployment_role = env.deployment_role,
use_apisix_openresty = use_apisix_openresty,
use_apisix_base = env.use_apisix_base,
error_log = {level = "warn"},
enable_http = enable_http,
enabled_discoveries = enabled_discoveries,
Expand Down
169 changes: 93 additions & 76 deletions apisix/cli/snippet.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,95 @@ local ipairs = ipairs

-- this module provide methods to generate snippets which will be used in the nginx.conf template
local _M = {}
local conf_server_tpl = [[
upstream apisix_conf_backend {
server 0.0.0.0:80;
balancer_by_lua_block {
local conf_server = require("apisix.conf_server")
conf_server.balancer()
}
}

{% if trusted_ca_cert then %}
lua_ssl_trusted_certificate {* trusted_ca_cert *};
{% end %}

server {
{% if control_plane then %}
listen {* control_plane.listen *} ssl;
ssl_certificate {* control_plane.cert *};
ssl_certificate_key {* control_plane.cert_key *};

{% if control_plane.client_ca_cert then %}
ssl_verify_client on;
ssl_client_certificate {* control_plane.client_ca_cert *};
{% end %}

{% else %}
listen unix:{* home *}/conf/config_listen.sock;
{% end %}

access_log off;

set $upstream_host '';

access_by_lua_block {
local conf_server = require("apisix.conf_server")
conf_server.access()
}

location / {
{% if enable_https then %}
{* directive_prefix *}_pass {* scheme_name *}s://apisix_conf_backend;
{* directive_prefix *}_ssl_protocols TLSv1.2 TLSv1.3;
{* directive_prefix *}_ssl_server_name on;

{% if etcd_tls_verify then %}
{* directive_prefix *}_ssl_verify on;
{* directive_prefix *}_ssl_trusted_certificate {* ssl_trusted_certificate *};
{% end %}

{% if sni then %}
{* directive_prefix *}_ssl_name {* sni *};
{% else %}
{* directive_prefix *}_ssl_name $upstream_host;
{% end %}

{% if client_cert then %}
{* directive_prefix *}_ssl_certificate {* client_cert *};
{* directive_prefix *}_ssl_certificate_key {* client_cert_key *};
{% end %}

{% else %}
{* directive_prefix *}_pass {* scheme_name *}://apisix_conf_backend;
{% end %}

{% if scheme_name == "http" then %}
proxy_http_version 1.1;
proxy_set_header Connection "";
{% end %}

{* directive_prefix *}_set_header Host $upstream_host;
{* directive_prefix *}_next_upstream error timeout non_idempotent
http_500 http_502 http_503 http_504;
}

log_by_lua_block {
local conf_server = require("apisix.conf_server")
conf_server.log()
}
}
]]


local function is_grpc_used(env, etcd)
local is_grpc_available = env.use_apisix_base
if etcd.user then
-- TODO: support user/password
is_grpc_available = false
end
return is_grpc_available and etcd.use_grpc
end


function _M.generate_conf_server(env, conf)
Expand Down Expand Up @@ -69,87 +158,13 @@ function _M.generate_conf_server(env, conf)
end
end

local conf_render = template.compile([[
upstream apisix_conf_backend {
server 0.0.0.0:80;
balancer_by_lua_block {
local conf_server = require("apisix.conf_server")
conf_server.balancer()
}
}

{% if trusted_ca_cert then %}
lua_ssl_trusted_certificate {* trusted_ca_cert *};
{% end %}

server {
{% if control_plane then %}
listen {* control_plane.listen *} ssl;
ssl_certificate {* control_plane.cert *};
ssl_certificate_key {* control_plane.cert_key *};

{% if control_plane.client_ca_cert then %}
ssl_verify_client on;
ssl_client_certificate {* control_plane.client_ca_cert *};
{% end %}

{% else %}
listen unix:{* home *}/conf/config_listen.sock;
{% end %}

access_log off;

set $upstream_host '';

access_by_lua_block {
local conf_server = require("apisix.conf_server")
conf_server.access()
}

location / {
{% if enable_https then %}
proxy_pass https://apisix_conf_backend;
proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_server_name on;

{% if etcd_tls_verify then %}
proxy_ssl_verify on;
proxy_ssl_trusted_certificate {* ssl_trusted_certificate *};
{% end %}

{% if sni then %}
proxy_ssl_name {* sni *};
{% else %}
proxy_ssl_name $upstream_host;
{% end %}

{% if client_cert then %}
proxy_ssl_certificate {* client_cert *};
proxy_ssl_certificate_key {* client_cert_key *};
{% end %}

{% else %}
proxy_pass http://apisix_conf_backend;
{% end %}

proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $upstream_host;
proxy_next_upstream error timeout non_idempotent http_500 http_502 http_503 http_504;
}

log_by_lua_block {
local conf_server = require("apisix.conf_server")
conf_server.log()
}
}
]])

local conf_render = template.compile(conf_server_tpl)
local tls = etcd.tls
local client_cert
local client_cert_key
local ssl_trusted_certificate
local etcd_tls_verify
local use_grpc = is_grpc_used(env, etcd)
if tls then
if tls.cert then
client_cert = pl_path.abspath(tls.cert)
Expand All @@ -175,6 +190,8 @@ function _M.generate_conf_server(env, conf)
trusted_ca_cert = trusted_ca_cert,
etcd_tls_verify = etcd_tls_verify,
ssl_trusted_certificate = ssl_trusted_certificate,
scheme_name = use_grpc and "grpc" or "http",
directive_prefix = use_grpc and "grpc" or "proxy",
})
end

Expand Down
Loading