feat: Support building all Higress components into a single docker im…

…age (higress-group#68)

all-in-one/Dockerfile

@@ -0,0 +1,61 @@
+ARG HUB=higress-registry.cn-hangzhou.cr.aliyuncs.com/higress
+ARG BASE_VERSION=2022-10-27T19-02-22
+ARG CORE_VERSION=1.3.5
+ARG CONSOLE_VERSION=1.3.3
+ARG APISERVER_VERSION=0.0.14
+
+FROM ${HUB}/api-server:${APISERVER_VERSION} as apiserver
+FROM ${HUB}/higress:${CORE_VERSION} as controller
+FROM ${HUB}/pilot:${CORE_VERSION} as pilot
+FROM ${HUB}/gateway:${CORE_VERSION} as gateway
+FROM ${HUB}/console:${CONSOLE_VERSION} as console
+FROM eclipse-temurin:21-jre as jdk
+
+FROM ${HUB}/base:${BASE_VERSION}
+
+# Install API server
+COPY --from=apiserver /apiserver /usr/local/bin/apiserver
+
+# Install controller
+COPY --from=controller /usr/local/bin/higress /usr/local/bin/higress
+
+# Install pilot
+COPY --from=pilot /usr/local/bin/pilot-discovery /usr/local/bin/pilot-discovery
+COPY --from=pilot /var/lib/istio/envoy/*.json /var/lib/istio/envoy/
+COPY --from=pilot /usr/local/bin/higress-pilot-start.sh /usr/local/bin/higress-pilot-start.sh
+
+# Install gateway
+COPY --from=gateway /usr/local/bin/pilot-agent /usr/local/bin/pilot-agent
+COPY --from=gateway /usr/local/bin/envoy /usr/local/bin/envoy
+
+# Install console
+COPY --from=console /app /app
+
+# Install JDK required by console
+ENV JAVA_HOME=/opt/java/openjdk
+COPY --from=jdk $JAVA_HOME $JAVA_HOME
+ENV PATH="${JAVA_HOME}/bin:${PATH}"
+
+# Install supervisord and initialize related folders
+RUN apt-get update && \
+  apt-get install --no-install-recommends -y \
+  supervisor \
+  && apt-get clean \
+  && rm -rf /var/log/*log /var/lib/apt/lists/* /var/log/apt/* /var/lib/dpkg/*-old /var/cache/debconf/*-old \
+  && mkdir -p /var/log/higress \
+  && chown 1337:1337 -R /var/log/higress \
+  && mkdir /data \
+  && chown 1337:1337 -R /data
+COPY ./supervisord/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+# Initialize configurations
+COPY ./meshConfig /etc/istio/config
+COPY ./gateway/podinfo /etc/istio/pod
+COPY ./scripts/*.* /usr/local/bin
+COPY ./apiserver/config /app/kubeconfig
+COPY ./config /opt/data/defaultConfig
+
+USER 1337:1337
+EXPOSE 80 443 8080
+
+ENTRYPOINT ["supervisord"]

all-in-one/apiserver/config

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Config
+clusters:
+  - name: higress
+    cluster:
+      server: https://localhost:8443
+      insecure-skip-tls-verify: true
+users:
+  - name: higress-admin
+contexts:
+  - name: higress
+    context:
+      cluster: higress
+      user: higress-admin
+preferences: {}
+current-context: higress

all-in-one/config/configmaps/higress-console.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+data:
+  mode: standalone
+  system.initialized: "false"
+kind: ConfigMap
+metadata:
+  labels:
+    higress.io/resource-definer: higress
+  name: higress-console
+  namespace: higress-system
+  resourceVersion: "2"

all-in-one/config/gatewayclasses/higress-gateway.yaml

@@ -0,0 +1,8 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: GatewayClass
+metadata:
+  name: higress-gateway
+  resourceVersion: "1"
+spec:
+  controllerName: higress.io/gateway-controller
+status: {}

all-in-one/config/gateways/higress-gateway.yaml

@@ -0,0 +1,16 @@
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+  name: higress-gateway
+  namespace: higress-system
+  resourceVersion: "1"
+spec:
+  gatewayClassName: higress-gateway
+  listeners:
+  - allowedRoutes:
+      namespaces:
+        from: All
+    name: http
+    port: 80
+    protocol: HTTP
+status: {}

all-in-one/config/mcpbridges/default.yaml

@@ -0,0 +1,8 @@
+apiVersion: networking.higress.io/v1
+kind: McpBridge
+metadata:
+  name: default
+  namespace: higress-system
+  resourceVersion: "1"
+spec: {}
+status: {}

all-in-one/config/secrets/higress-console.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  iv: YEped3MzSWxQcFdXakBBdw==
+  key: MSNhdG99PiMpMCRJUl0ya3xWQHR5aGc+TUB0YnxDb3o=
+kind: Secret
+metadata:
+  name: higress-console
+  namespace: higress-system
+  resourceVersion: "1"
+type: Opaque

all-in-one/config/services/higress-gateway.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    higress: higress-system-higress-gateway
+  name: higress-gateway
+  namespace: higress-system
+  resourceVersion: "1"
+spec:
+  ports:
+  - name: http2
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: 443
+  selector:
+    higress: higress-system-higress-gateway
+  type: LoadBalancer
+status:
+  loadBalancer: {}

all-in-one/gateway/podinfo/labels

@@ -0,0 +1,2 @@
+app="higress-gateway"
+higress="higress-system-higress-gateway"

all-in-one/meshConfig/mesh

@@ -0,0 +1,21 @@
+accessLogEncoding: TEXT
+accessLogFile: /dev/stdout
+accessLogFormat: |
+  {"authority":"%REQ(:AUTHORITY)%","bytes_received":"%BYTES_RECEIVED%","bytes_sent":"%BYTES_SENT%","downstream_local_address":"%DOWNSTREAM_LOCAL_ADDRESS%","downstream_remote_address":"%DOWNSTREAM_REMOTE_ADDRESS%","duration":"%DURATION%","istio_policy_status":"%DYNAMIC_METADATA(istio.mixer:status)%","method":"%REQ(:METHOD)%","path":"%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%","protocol":"%PROTOCOL%","request_id":"%REQ(X-REQUEST-ID)%","requested_server_name":"%REQUESTED_SERVER_NAME%","response_code":"%RESPONSE_CODE%","response_flags":"%RESPONSE_FLAGS%","route_name":"%ROUTE_NAME%","start_time":"%START_TIME%","trace_id":"%REQ(X-B3-TRACEID)%","upstream_cluster":"%UPSTREAM_CLUSTER%","upstream_host":"%UPSTREAM_HOST%","upstream_local_address":"%UPSTREAM_LOCAL_ADDRESS%","upstream_service_time":"%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%","upstream_transport_failure_reason":"%UPSTREAM_TRANSPORT_FAILURE_REASON%","user_agent":"%REQ(USER-AGENT)%","x_forwarded_for":"%REQ(X-FORWARDED-FOR)%"}
+configSources:
+- address: xds://127.0.0.1:15051
+- address: k8s://
+defaultConfig:
+  disableAlpnH2: true
+  discoveryAddress: 127.0.0.1:15012
+  controlPlaneAuthPolicy: MUTUAL_TLS
+  proxyStatsMatcher:
+    inclusionRegexps:
+    - .*
+dnsRefreshRate: 200s
+enableAutoMtls: false
+enablePrometheusMerge: true
+ingressControllerMode: "OFF"
+protocolDetectionTimeout: 100ms
+rootNamespace: higress-system
+trustDomain: cluster.local

all-in-one/meshConfig/meshNetworks

@@ -0,0 +1 @@
+networks: {}

all-in-one/scripts/base.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+function waitForApiServer() {
+    readinessCheck "Higress API Server" 8443
+}
+
+function waitForController() {
+    readinessCheck "Higress Controller" 15051
+}
+
+function waitForPilot() {
+    readinessCheck "Higress Pilot" 15010
+}
+
+function readinessCheck() {
+    # $1=name
+    # $2=port
+    while true; do
+        echo "Checking the readiness of $1..."
+        nc -z 127.0.0.1 $2
+        if [ $? -eq 0 ]; then
+            break
+        fi
+        sleep 1
+    done
+}
+
+function createDir() {
+    sudo mkdir -p "$1"
+    sudo chown 1337:1337 "$1"
+}
+
+case $MODE in
+    gateway|console|full)
+        # Known modes
+        ;;
+    *)
+        # Default to full mode
+        MODE=full
+        ;;
+esac
+
+echo "Mode=$MODE"

all-in-one/scripts/start-apiserver.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+cd "$(dirname -- "$0")"
+ROOT=$(pwd)
+cd - >/dev/null
+source $ROOT/base.sh
+
+set -e
+
+cp -rn /opt/data/defaultConfig/* /data
+
+apiserver --bind-address 127.0.0.1 --secure-port 8443 --storage file --file-root-dir /data --cert-dir /tmp

all-in-one/scripts/start-console.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+cd "$(dirname -- "$0")"
+ROOT=$(pwd)
+cd - >/dev/null
+source $ROOT/base.sh
+
+if [ "$MODE" != "console" -a "$MODE" != "full" ]; then
+    echo "Console won't run in mode $MODE."
+    exit 0
+fi
+
+waitForApiServer
+waitForController
+
+set -e
+
+HIGRESS_CONSOLE_KUBE_CONFIG="/app/kubeconfig" \
+    bash /app/start.sh

all-in-one/scripts/start-controller.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+cd "$(dirname -- "$0")"
+ROOT=$(pwd)
+cd - >/dev/null
+source $ROOT/base.sh
+
+waitForApiServer
+
+set -e
+
+/usr/local/bin/higress \
+    serve \
+    --kubeconfig=/app/kubeconfig \
+    --gatewaySelectorKey=higress \
+    --gatewaySelectorValue=higress-system-higress-gateway \
+    --ingressClass=

all-in-one/scripts/start-gateway.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+cd "$(dirname -- "$0")"
+ROOT=$(pwd)
+cd - >/dev/null
+source $ROOT/base.sh
+
+if [ "$MODE" != "gateway" -a "$MODE" != "full" ]; then
+    echo "Gateway won't run in mode $MODE."
+    exit 0
+fi
+
+waitForPilot
+
+set -e
+
+createDir /etc/istio/proxy
+createDir /var/lib/istio/data
+
+/usr/local/bin/pilot-agent proxy router \
+    --domain=higress-system.svc.cluster.local \
+    --proxyLogLevel=warning \
+    --proxyComponentLogLevel=misc:error \
+    --log_output_level=all:info \
+    --serviceCluster=higress-gateway