欢迎关注我的公众号:
目前刚开始写一个月,一共写了18篇原创文章,文章目录如下:
istio多集群探秘,部署了50次多集群后我得出的结论
istio防故障利器,你知道几个,istio新手不要读,太难!
不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限
不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs
不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了
不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization
不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs
不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs
不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr
不懂envoyfilter也敢说精通istio系列-08-连接池和断路器
不懂envoyfilter也敢说精通istio系列-09-http-route filter
不懂envoyfilter也敢说精通istio系列-network filter-redis proxy
不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager
不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册
————————————————
type PatchOptions struct {//patch结构体
resource.FilenameOptions
RecordFlags *genericclioptions.RecordFlags
PrintFlags *genericclioptions.PrintFlags
ToPrinter func(string) (printers.ResourcePrinter, error)
Recorder genericclioptions.Recorder
Local bool
PatchType string
Patch string
namespace string
enforceNamespace bool
dryRun bool
outputFormat string
args []string
builder *resource.Builder
unstructuredClientForMapping func(mapping *meta.RESTMapping) (resource.RESTClient, error)
genericclioptions.IOStreams
}func NewPatchOptions(ioStreams genericclioptions.IOStreams) *PatchOptions {
return &PatchOptions{//初始化patch结构体
RecordFlags: genericclioptions.NewRecordFlags(),
Recorder: genericclioptions.NoopRecorder{},
PrintFlags: genericclioptions.NewPrintFlags("patched").WithTypeSetter(scheme.Scheme),
IOStreams: ioStreams,
}
}//创建patch命令
func NewCmdPatch(f cmdutil.Factory, ioStreams genericclioptions.IOStreams) *cobra.Command {
o := NewPatchOptions(ioStreams)//初始化结构体
cmd := &cobra.Command{//创建cobra命令
Use: "patch (-f FILENAME | TYPE NAME) -p PATCH",
DisableFlagsInUseLine: true,
Short: i18n.T("Update field(s) of a resource using strategic merge patch"),
Long: patchLong,
Example: patchExample,
Run: func(cmd *cobra.Command, args []string) {
cmdutil.CheckErr(o.Complete(f, cmd, args))//准备
cmdutil.CheckErr(o.Validate())//校验
cmdutil.CheckErr(o.RunPatch())//运行
},
}
o.RecordFlags.AddFlags(cmd)//record选项
o.PrintFlags.AddFlags(cmd)//打印选项
cmd.Flags().StringVarP(&o.Patch, "patch", "p", "", "The patch to be applied to the resource JSON file.")//patch选项
cmd.MarkFlagRequired("patch")//必须
cmd.Flags().StringVar(&o.PatchType, "type", "strategic", fmt.Sprintf("The type of patch being provided; one of %v", sets.StringKeySet(patchTypes).List()))// type选项
cmdutil.AddDryRunFlag(cmd)//干跑选项
cmdutil.AddFilenameOptionFlags(cmd, &o.FilenameOptions, "identifying the resource to update")//文件选项
cmd.Flags().BoolVar(&o.Local, "local", o.Local, "If true, patch will operate on the content of the file, not the server-side resource.")//local选项
return cmd
}
//准备
func (o *PatchOptions) Complete(f cmdutil.Factory, cmd *cobra.Command, args []string) error {
var err error
o.RecordFlags.Complete(cmd)//record准备
o.Recorder, err = o.RecordFlags.ToRecorder()//record flag转recorder
if err != nil {
return err
}
o.outputFormat = cmdutil.GetFlagString(cmd, "output")//设置输出选项
o.dryRun = cmdutil.GetFlagBool(cmd, "dry-run")//设置干跑
o.ToPrinter = func(operation string) (printers.ResourcePrinter, error) {//print flag转printer函数
o.PrintFlags.NamePrintFlags.Operation = operation
if o.dryRun {
o.PrintFlags.Complete("%s (dry run)")
}
return o.PrintFlags.ToPrinter()
}
o.namespace, o.enforceNamespace, err = f.ToRawKubeConfigLoader().Namespace()//设置namespace和enforceNamespace
if err != nil {
return err
}
o.args = args//设置参数
o.builder = f.NewBuilder()//设置builder
o.unstructuredClientForMapping = f.UnstructuredClientForMapping//设置unstructuredClientForMapping
return nil
}
//校验
func (o *PatchOptions) Validate() error {
if o.Local && len(o.args) != 0 {// 如果指定了local则参数必须为空
return fmt.Errorf("cannot specify --local and server resources")
}
if len(o.Patch) == 0 {//patch选项不能为空
return fmt.Errorf("must specify -p to patch")
}
if len(o.PatchType) != 0 {//patch类型必须正确
if _, ok := patchTypes[strings.ToLower(o.PatchType)]; !ok {
return fmt.Errorf("--type must be one of %v, not %q", sets.StringKeySet(patchTypes).List(), o.PatchType)
}
}
return nil
}
///运行
func (o *PatchOptions) RunPatch() error {
patchType := types.StrategicMergePatchType//设置patch类型
if len(o.PatchType) != 0 {//如果指定了patch类型,则重新设置
patchType = patchTypes[strings.ToLower(o.PatchType)]
}
patchBytes, err := yaml.ToJSON([]byte(o.Patch))//获取patch字节数组
if err != nil {
return fmt.Errorf("unable to parse %q: %v", o.Patch, err)
}
r := o.builder.
Unstructured().
ContinueOnError().
LocalParam(o.Local).
NamespaceParam(o.namespace).DefaultNamespace().
FilenameParam(o.enforceNamespace, &o.FilenameOptions).
ResourceTypeOrNameArgs(false, o.args...).
Flatten().
Do()//用build构造result对象
err = r.Err()
if err != nil {
return err
}
count := 0
err = r.Visit(func(info *resource.Info, err error) error {//visit result
if err != nil {
return err
}
count++
name, namespace := info.Name, info.Namespace//获取name和namespace
if !o.Local && !o.dryRun {//如果非local且非干跑
mapping := info.ResourceMapping()//获取mapping
client, err := o.unstructuredClientForMapping(mapping)//通过mapping获取client
if err != nil {
return err
}
helper := resource.NewHelper(client, mapping)//构造helper
patchedObj, err := helper.Patch(namespace, name, patchType, patchBytes, nil)//应用patch到服务端
if err != nil {
return err
}
didPatch := !reflect.DeepEqual(info.Object, patchedObj)//判断是否做了patch
// if the recorder makes a change, compute and create another patch
if mergePatch, err := o.Recorder.MakeRecordMergePatch(patchedObj); err != nil {//判断是否创建change-cause注解
klog.V(4).Infof("error recording current command: %v", err)
} else if len(mergePatch) > 0 {
if recordedObj, err := helper.Patch(info.Namespace, info.Name, types.MergePatchType, mergePatch, nil); err != nil {//创建changecause注解
klog.V(4).Infof("error recording reason: %v", err)
} else {
patchedObj = recordedObj
}
}
printer, err := o.ToPrinter(patchOperation(didPatch))//print flag转peinter
if err != nil {
return err
}
return printer.PrintObj(patchedObj, o.Out)//打印对象
}
originalObjJS, err := runtime.Encode(unstructured.UnstructuredJSONScheme, info.Object)//原始的json
if err != nil {
return err
}
originalPatchedObjJS, err := getPatchedJSON(patchType, originalObjJS, patchBytes, info.Object.GetObjectKind().GroupVersionKind(), scheme.Scheme)//patch后的json
if err != nil {
return err
}
targetObj, err := runtime.Decode(unstructured.UnstructuredJSONScheme, originalPatchedObjJS)//patch后的对象
if err != nil {
return err
}
didPatch := !reflect.DeepEqual(info.Object, targetObj)//判断是否做了patch
printer, err := o.ToPrinter(patchOperation(didPatch))// print flag转printer
if err != nil {
return err
}
return printer.PrintObj(targetObj, o.Out)//打印对象
})
if err != nil {
return err
}
if count == 0 {
return fmt.Errorf("no objects passed to patch")
}
return nil
}
//获取patch后的json
func getPatchedJSON(patchType types.PatchType, originalJS, patchJS []byte, gvk schema.GroupVersionKind, creater runtime.ObjectCreater) ([]byte, error) {
switch patchType {//switchpatch类型
case types.JSONPatchType://如果时候json
patchObj, err := jsonpatch.DecodePatch(patchJS)//解码patch json
if err != nil {
return nil, err
}
bytes, err := patchObj.Apply(originalJS)//应用patch json
// TODO: This is pretty hacky, we need a better structured error from the json-patch
if err != nil && strings.Contains(err.Error(), "doc is missing key") {
msg := err.Error()
ix := strings.Index(msg, "key:")
key := msg[ix+5:]
return bytes, fmt.Errorf("Object to be patched is missing field (%s)", key)
}
return bytes, err//返回patch后的json
case types.MergePatchType://如果是merge
return jsonpatch.MergePatch(originalJS, patchJS)//合并patch,返回json
case types.StrategicMergePatchType://如果是strategic
// get a typed object for this GVK if we need to apply a strategic merge patch
obj, err := creater.New(gvk)//创建对象
if err != nil {
return nil, fmt.Errorf("cannot apply strategic merge patch for %s locally, try --type merge", gvk.String())
}
return strategicpatch.StrategicMergePatch(originalJS, patchJS, obj)//合并patch,返回json
default:
// only here as a safety net - go-restful filters content-type
return nil, fmt.Errorf("unknown Content-Type header for patch: %v", patchType)
}
}
