kubectl 源码分析之proxy

 欢迎关注我的公众号：

 目前刚开始写一个月，一共写了18篇原创文章，文章目录如下：

istio多集群探秘，部署了50次多集群后我得出的结论

istio多集群链路追踪，附实操视频

istio防故障利器，你知道几个,istio新手不要读，太难！

istio业务权限控制，原来可以这么玩

istio实现非侵入压缩，微服务之间如何实现压缩

不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限

不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs

不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了

不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization

不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs

不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs

不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr

不懂envoyfilter也敢说精通istio系列-08-连接池和断路器

不懂envoyfilter也敢说精通istio系列-09-http-route filter

不懂envoyfilter也敢说精通istio系列-network filter-redis proxy

不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager

不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册

 

————————————————

//创建proxy命令
func NewCmdProxy(f cmdutil.Factory, streams genericclioptions.IOStreams) *cobra.Command {
	cmd := &cobra.Command{//创建cobra命令
		Use:                   "proxy [--port=PORT] [--www=static-dir] [--www-prefix=prefix] [--api-prefix=prefix]",
		DisableFlagsInUseLine: true,
		Short:                 i18n.T("Run a proxy to the Kubernetes API server"),
		Long:                  proxyLong,
		Example:               proxyExample,
		Run: func(cmd *cobra.Command, args []string) {
			err := RunProxy(f, streams.Out, cmd)//运行
			cmdutil.CheckErr(err)
		},
	}
	cmd.Flags().StringP("www", "w", "", "Also serve static files from the given directory under the specified prefix.")//www选项
	cmd.Flags().StringP("www-prefix", "P", "/static/", "Prefix to serve static files under, if static file directory is specified.")//www-prefix选项
	cmd.Flags().StringP("api-prefix", "", "/", "Prefix to serve the proxied API under.")//api-prefix选项
	cmd.Flags().String("accept-paths", proxy.DefaultPathAcceptRE, "Regular expression for paths that the proxy should accept.")//accept-paths选项
	cmd.Flags().String("reject-paths", proxy.DefaultPathRejectRE, "Regular expression for paths that the proxy should reject. Paths specified here will be rejected even accepted by --accept-paths.")//reject-paths选项
	cmd.Flags().String("accept-hosts", proxy.DefaultHostAcceptRE, "Regular expression for hosts that the proxy should accept.")//accept-hosts选项
	cmd.Flags().String("reject-methods", proxy.DefaultMethodRejectRE, "Regular expression for HTTP methods that the proxy should reject (example --reject-methods='POST,PUT,PATCH'). ")//reject-methos选项
	cmd.Flags().IntP("port", "p", defaultPort, "The port on which to run the proxy. Set to 0 to pick a random port.")//port选项
	cmd.Flags().StringP("address", "", "127.0.0.1", "The IP address on which to serve on.")//address选项
	cmd.Flags().Bool("disable-filter", false, "If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.")//disable-filter选项
	cmd.Flags().StringP("unix-socket", "u", "", "Unix socket on which to run the proxy.")//unix-socket选项
	cmd.Flags().Duration("keepalive", 0, "keepalive specifies the keep-alive period for an active network connection. Set to 0 to disable keepalive.")//keepalive选项
	return cmd
}

//运行
func RunProxy(f cmdutil.Factory, out io.Writer, cmd *cobra.Command) error {
	path := cmdutil.GetFlagString(cmd, "unix-socket")//获取unix-socket path
	port := cmdutil.GetFlagInt(cmd, "port")//获取端口
	address := cmdutil.GetFlagString(cmd, "address")//获取地址

	if port != defaultPort && path != "" {//不能同时指定unix-socket和端口
		return errors.New("Don't specify both --unix-socket and --port")
	}

	clientConfig, err := f.ToRESTConfig()//获取restconfig
	if err != nil {
		return err
	}

	staticPrefix := cmdutil.GetFlagString(cmd, "www-prefix")//获取www-prefix
	if !strings.HasSuffix(staticPrefix, "/") {//staticPrefix追加/
		staticPrefix += "/"
	}
	staticDir := cmdutil.GetFlagString(cmd, "www")//获取www选项
	if staticDir != "" {// www选项不为空
		fileInfo, err := os.Stat(staticDir)//判断路径是否存在，并且为目录
		if err != nil {
			klog.Warning("Failed to stat static file directory "+staticDir+": ", err)
		} else if !fileInfo.IsDir() {
			klog.Warning("Static file directory " + staticDir + " is not a directory")
		}
	}

	apiProxyPrefix := cmdutil.GetFlagString(cmd, "api-prefix")//获取api-prefix选项
	if !strings.HasSuffix(apiProxyPrefix, "/") {//api-prefix加/
		apiProxyPrefix += "/"
	}
	filter := &proxy.FilterServer{//构造过滤器
		AcceptPaths:   proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "accept-paths")),//accept-paths过滤器
		RejectPaths:   proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "reject-paths")),//reject-paths过滤器
		AcceptHosts:   proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "accept-hosts")),//accept-hosts过滤器
		RejectMethods: proxy.MakeRegexpArrayOrDie(cmdutil.GetFlagString(cmd, "reject-methods")),//reject-methods过滤器
	}
	if cmdutil.GetFlagBool(cmd, "disable-filter") {//获取disable-filter选项
		if path == "" {
			klog.Warning("Request filter disabled, your proxy is vulnerable to XSRF attacks, please be cautious")
		}
		filter = nil//设置filter为空
	}

	keepalive := cmdutil.GetFlagDuration(cmd, "keepalive")//获取keepalived

	server, err := proxy.NewServer(staticDir, apiProxyPrefix, staticPrefix, filter, clientConfig, keepalive)//构造server

	// Separate listening from serving so we can report the bound port
	// when it is chosen by os (eg: port == 0)
	var l net.Listener
	if path == "" {//获取监听器
		l, err = server.Listen(address, port)
	} else {
		l, err = server.ListenUnix(path)
	}
	if err != nil {
		klog.Fatal(err)
	}
	fmt.Fprintf(out, "Starting to serve on %s\n", l.Addr().String())
	klog.Fatal(server.ServeOnListener(l))//启动服务
	return nil
}