repo-sync-2024-05-06T20:50:39+0800

.bazelversion

@@ -1 +1 @@
-5.4.1
+6.3.2

.circleci/config.yml

@@ -8,12 +8,12 @@ version: 2.1
 executors:
   linux_x64_executor: # declares a reusable executor
     docker:
-      - image: envoyproxy/envoy-build-ubuntu:81a93046060dbe5620d5b3aa92632090a9ee4da6
+      - image: envoyproxy/envoy-build-ubuntu:0ca52447572ee105a4730da5e76fe47c9c5a7c64
     resource_class: 2xlarge
     shell: /bin/bash --login -eo pipefail
   linux_aarch64_executor:
     docker:
-      - image: envoyproxy/envoy-build-ubuntu:81a93046060dbe5620d5b3aa92632090a9ee4da6
+      - image: envoyproxy/envoy-build-ubuntu:0ca52447572ee105a4730da5e76fe47c9c5a7c64
     resource_class: arm.2xlarge
     shell: /bin/bash --login -eo pipefail
 
@@ -54,26 +54,24 @@ jobs:
             IMG=secretflow/kuscia-envoy
             IMG_LATEST={IMG}:latest
             IMG_TAG={IMG}:{CIRCLETAG}
-            
+
             ALIYUN_IMG=secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/kuscia-envoy
             ALIYUN_IMG_LATEST={ALIYUN_IMG}:latest
             ALIYUN_IMG_TAG={ALIYUN_IMG}:{CIRCLETAG}
-            
+
             #login docker
             docker login -u ${DOCKER_USERNAME} -p ${DOCKER_DEPLOY_TOKEN}
-
-            docker buildx build -t ${IMG_LATEST} --platform linux/amd64 --build-arg ARCH=amd64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
-            docker buildx build -t ${IMG_LATEST} --platform linux/arm64 --build-arg ARCH=arm64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
-            docker buildx build -t ${IMG_TAG} --platform linux/amd64 --build-arg ARCH=amd64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
-            docker buildx build -t ${IMG_TAG} --platform linux/arm64 --build-arg ARCH=arm64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push           
-
+
+            docker buildx build -t ${IMG_LATEST} --platform linux/arm64,linux/amd64 -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
+            docker buildx build -t ${IMG_TAG} --platform linux/arm64,linux/amd64 -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
+
+
             # login docker - aliyun
             docker login -u ${ALIYUN_DOCKER_USERNAME} -p ${ALIYUN_DOCKER_PASSWORD} secretflow-registry.cn-hangzhou.cr.aliyuncs.com
-
-            docker buildx build -t ${ALIYUN_IMG_LATEST} --platform linux/amd64 --build-arg ARCH=amd64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
-            docker buildx build -t ${ALIYUN_IMG_LATEST} --platform linux/arm64 --build-arg ARCH=arm64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
-            docker buildx build -t ${ALIYUN_IMG_TAG} --platform linux/amd64 --build-arg ARCH=amd64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
-            docker buildx build -t ${ALIYUN_IMG_TAG} --platform linux/arm64 --build-arg ARCH=arm64  -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push           
+            docker buildx build -t {ALIYUN_IMG_LATEST} --platform linux/amd64,linux/arm64 -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
+            docker buildx build -t {ALIYUN_IMG_TAG} --platform linux/amd64,linux/arm64 -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile . --push
+
+
 
 
 # Orchestrate jobs using workflows

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "envoy"]
 	path = envoy
 	url = https://github.com/envoyproxy/envoy.git
-	branch = release/v1.20
+	branch = release/v1.29

CHANGELOG.md

@@ -12,6 +12,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 `Fixed` for any bug fixes.
 `Security` in case of vulnerabilities.
 
+## [v0.5.0.dev240430] - 2024-04-30
+### Added
+- [Feature] Support for ARM architecture.
+- [Feature] Support for reverse tunneling multiple replicas.
+
+### Changed
+- [Upgrade] Upgraded the dependent Envoy version to 1.29.4.
+
 ## [0.2.0b0] - 2023-7-6
 ### Added
 - Kuscia-envoy init release

Makefile

@@ -1,5 +1,5 @@
 SHELL := /bin/bash
-BUILD_IMAGE = envoyproxy/envoy-build-ubuntu:81a93046060dbe5620d5b3aa92632090a9ee4da6
+BUILD_IMAGE = envoyproxy/envoy-build-ubuntu:0ca52447572ee105a4730da5e76fe47c9c5a7c64
 
 # Image URL to use all building image targets
 DATETIME = $(shell date +"%Y%m%d%H%M%S")
@@ -14,7 +14,7 @@ UNAME_M_OUTPUT := $(shell uname -m)
 # To configure the ARCH variable to either arm64 or amd64 or UNAME_M_OUTPUT
 ARCH := $(if $(filter aarch64 arm64,$(UNAME_M_OUTPUT)),arm64,$(if $(filter amd64 x86_64,$(UNAME_M_OUTPUT)),amd64,$(UNAME_M_OUTPUT)))
 
-CONTAINER_NAME ?= "build-envoy"
+CONTAINER_NAME ?= "build-envoy-$(shell echo ${USER})"
 COMPILE_MODE ?=opt
 TARGET ?= "//:envoy"
 BUILD_OPTS ?="--strip=always"
@@ -28,7 +28,7 @@ define start_docker
 		git submodule update --init;\
 	fi;
 	if [[ ! -n $$(docker ps -q -f "name=^$(CONTAINER_NAME)$$") ]]; then\
-		docker run -itd --rm -v $(shell pwd):/home/admin/dev -v $(shell pwd)/cache:/root/.cache/bazel -w /home/admin/dev --name $(CONTAINER_NAME) \
+		docker run -itd --rm -v $(shell pwd)/cache:/root/.cache/bazel -v $(shell pwd):/home/admin/dev -w /home/admin/dev --name $(CONTAINER_NAME) \
 		-e GOPROXY='https://goproxy.cn,direct' --cap-add=NET_ADMIN $(BUILD_IMAGE);\
 		docker exec -it $(CONTAINER_NAME) /bin/bash -c 'git config --global --add safe.directory /home/admin/dev';\
 	fi;
@@ -72,7 +72,6 @@ clean:
 	$(call stop_docker)
 	rm -rf output
 
-
 .PHONY: image
 image: build-envoy
-	docker build -t ${IMG} --build-arg ARCH=${ARCH} -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile .
+	docker build -t ${IMG} -f ./build_image/dockerfile/kuscia-envoy-anolis.Dockerfile .

WORKSPACE

@@ -17,9 +17,10 @@ load("@envoy//bazel:repositories.bzl", "envoy_dependencies")
 
 envoy_dependencies()
 
+#https://github.com/envoyproxy/envoy/issues/28670
 load("@envoy//bazel:repositories_extra.bzl", "envoy_dependencies_extra")
 
-envoy_dependencies_extra()
+envoy_dependencies_extra(ignore_root_user_error = True)
 
 load("@envoy//bazel:python_dependencies.bzl", "envoy_python_dependencies")
 

build_image/dockerfile/kuscia-envoy-anolis.Dockerfile

@@ -1,12 +1,12 @@
 FROM openanolis/anolisos:8.8
 
-ARG ARCH
+ARG TARGETPLATFORM
 
 ENV TZ=Asia/Shanghai
 
 ARG ROOT_DIR="/home/kuscia"
 
-COPY ./output/linux/$ARCH $ROOT_DIR/
+COPY ./output/$TARGETPLATFORM $ROOT_DIR/
 
 WORKDIR ${ROOT_DIR}
 

kuscia/api/filters/http/kuscia_crypt/v3/BUILD

@@ -6,6 +6,6 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
     ],
 )

kuscia/api/filters/http/kuscia_gress/v3/BUILD

@@ -6,7 +6,7 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
-	 "@envoy_api//envoy/type/matcher/v3:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
+        "@envoy_api//envoy/type/matcher/v3:pkg",
     ],
 )

kuscia/api/filters/http/kuscia_header_decorator/v3/BUILD

@@ -6,6 +6,6 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
     ],
 )

kuscia/api/filters/http/kuscia_poller/v3/BUILD

@@ -6,6 +6,6 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
     ],
 )

kuscia/api/filters/http/kuscia_receiver/v3/BUILD

@@ -6,6 +6,6 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
     ],
 )

kuscia/api/filters/http/kuscia_token_auth/v3/BUILD

@@ -6,6 +6,6 @@ licenses(["notice"])  # Apache 2
 
 api_proto_package(
     deps = [
-        "@com_github_cncf_udpa//udpa/annotations:pkg",
+        "@com_github_cncf_xds//udpa/annotations:pkg",
     ],
 )

kuscia/source/filters/http/kuscia_common/coder.cc

@@ -19,20 +19,20 @@ namespace Extensions {
 namespace HttpFilters {
 namespace KusciaCommon {
 
-DecodeStatus KusciaCommon::Decoder::decode(Envoy::Buffer::Instance& data, google::protobuf::Message &message)
-{
-    DecodeStatus status = frameReader_.read(data);
-    if (status != DecodeStatus::Ok) {
-        return status;
-    }
+DecodeStatus KusciaCommon::Decoder::decode(Envoy::Buffer::Instance& data,
+                                           google::protobuf::Message& message) {
+  DecodeStatus status = frameReader_.read(data);
+  if (status != DecodeStatus::Ok) {
+    return status;
+  }
 
-    auto data_frame = frameReader_.getDataFrame();
+  auto data_frame = frameReader_.getDataFrame();
 
-    if (!message.ParseFromArray(data_frame.data(), data_frame.size())) {
-        return DecodeStatus::ErrorInvalidData;
-    }
+  if (!message.ParseFromArray(data_frame.data(), data_frame.size())) {
+    return DecodeStatus::ErrorInvalidData;
+  }
 
-    return DecodeStatus::Ok;
+  return DecodeStatus::Ok;
 }
 
 } // namespace KusciaCommon

kuscia/source/filters/http/kuscia_common/coder.h

@@ -24,10 +24,10 @@ namespace KusciaCommon {
 
 class Decoder {
 public:
-    DecodeStatus decode(Envoy::Buffer::Instance& data, google::protobuf::Message& message);
+  DecodeStatus decode(Envoy::Buffer::Instance& data, google::protobuf::Message& message);
 
 private:
-    LengthDelimitedFrameReader frameReader_;
+  LengthDelimitedFrameReader frameReader_;
 };
 
 } // namespace KusciaCommon

kuscia/source/filters/http/kuscia_common/framer.cc

@@ -12,88 +12,86 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-#include <stdexcept>
-#include <cstdint>
 #include <arpa/inet.h>
+#include <cstdint>
 #include <cstring>
+#include <stdexcept>
 
-#include "kuscia/source/filters/http/kuscia_common/framer.h"
 #include "framer.h"
+#include "kuscia/source/filters/http/kuscia_common/framer.h"
 
 namespace Envoy {
 namespace Extensions {
 namespace HttpFilters {
 namespace KusciaCommon {
 
-
 static const std::map<DecodeStatus, absl::string_view> decodeStatusMessageMap = {
     {DecodeStatus::NeedMoreData, "need more data"},
     {DecodeStatus::ErrorObjectTooLarge, "object too large"},
-    {DecodeStatus::ErrorInvalidData, "invalid data"}
-};
+    {DecodeStatus::ErrorInvalidData, "invalid data"}};
 
 absl::string_view decodeStatusString(DecodeStatus status) {
-    auto it = decodeStatusMessageMap.find(status);
-    if (it != decodeStatusMessageMap.end()) {
-        return it->second;
-    } else {
-        return "";
-    }
+  auto it = decodeStatusMessageMap.find(status);
+  if (it != decodeStatusMessageMap.end()) {
+    return it->second;
+  } else {
+    return "";
+  }
 }
 
-DecodeStatus LengthDelimitedFrameReader::read(Buffer::Instance& input)
-{
-    if (remaining_ == 0) {
-        uint32_t frameLength;
-        if (!readByLen(input, sizeof(frameLength), len_frame_)) {
-            return DecodeStatus::NeedMoreData;
-        }
-
-        std::memcpy(&frameLength, len_frame_.data(), sizeof(frameLength));
-        remaining_ = ntohl(frameLength);
+DecodeStatus LengthDelimitedFrameReader::read(Buffer::Instance& input) {
+  if (remaining_ == 0) {
+    uint32_t frameLength;
+    if (!readByLen(input, sizeof(frameLength), len_frame_)) {
+      return DecodeStatus::NeedMoreData;
+    }
 
-        if (remaining_ > maxBytes_) {
-            return DecodeStatus::ErrorObjectTooLarge;
-        }
+    std::memcpy(&frameLength, len_frame_.data(), sizeof(frameLength));
+    remaining_ = ntohl(frameLength);
 
-        len_frame_.resize(0);
-        data_frame_.resize(0);
+    if (remaining_ > maxBytes_) {
+      return DecodeStatus::ErrorObjectTooLarge;
     }
 
-    if (!readByLen(input, remaining_, data_frame_)) {
-        return DecodeStatus::NeedMoreData;
-    }
+    len_frame_.resize(0);
+    data_frame_.resize(0);
+  }
+
+  if (!readByLen(input, remaining_, data_frame_)) {
+    return DecodeStatus::NeedMoreData;
+  }
 
-    remaining_ = 0;
-    return DecodeStatus::Ok;
+  remaining_ = 0;
+  return DecodeStatus::Ok;
 }
 
-bool LengthDelimitedFrameReader::readByLen(Buffer::Instance& input, size_t len, std::vector<uint8_t>& frame)
-{
-    size_t frame_size = frame.size();
-    size_t input_len = input.length();
+bool LengthDelimitedFrameReader::readByLen(Buffer::Instance& input, size_t len,
+                                           std::vector<uint8_t>& frame) {
+  size_t frame_size = frame.size();
+  size_t input_len = input.length();
 
-    if (frame_size + input_len < len) {
-        ENVOY_LOG(info, "Need more input data, frame size: {} + input-len: {} < {}", frame_size, input_len, len);
+  if (frame_size + input_len < len) {
+    ENVOY_LOG(info, "Need more input data, frame size: {} + input-len: {} < {}", frame_size,
+              input_len, len);
 
-        frame.resize(frame_size + input_len);
-        input.copyOut(0, input_len, frame.data() + frame_size);
-        input.drain(input_len);
-        return false; // need more input data
-    }
+    frame.resize(frame_size + input_len);
+    input.copyOut(0, input_len, frame.data() + frame_size);
+    input.drain(input_len);
+    return false; // need more input data
+  }
 
-    frame.resize(len);
-    input.copyOut(0, len - frame_size, frame.data() + frame_size);
-    input.drain(len - frame_size);
+  frame.resize(len);
+  input.copyOut(0, len - frame_size, frame.data() + frame_size);
+  input.drain(len - frame_size);
 
-    return true;
+  return true;
 }
 
-void KusciaCommon::LengthDelimitedFrameWriter::write(const char data[], uint32_t size, Buffer::OwnedImpl &output)
-{
-    uint32_t net_size = htonl(size);
-    output.add(&net_size, sizeof(net_size));
-    output.add(data, size);
+void KusciaCommon::LengthDelimitedFrameWriter::write(const char data[], uint32_t size,
+                                                     Buffer::OwnedImpl& output) {
+  uint32_t net_size = htonl(size);
+  output.add(&net_size, sizeof(net_size));
+  output.add(data, size);
 }
 
 } // namespace KusciaCommon