mirror of
https://github.com/sadoyan/aralez.git
synced 2026-04-30 23:08:40 +08:00
Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
2b62d1e6de | ||
|
|
8a290e5084 | ||
|
|
3541b20c80 |
@@ -1,7 +1,7 @@
|
||||
# Main configuration file, applied on startup
|
||||
threads: 12 # Number of daemon threads default setting
|
||||
#user: pastor # Username for running aralez after dropping root privileges, requires program to start as root
|
||||
#group: pastor # Group for running aralez after dropping root privileges, requires program to start as root
|
||||
#runuser: pastor # Username for running aralez after dropping root privileges, requires program to start as root
|
||||
#rungroup: pastor # Group for running aralez after dropping root privileges, requires program to start as root
|
||||
daemon: false # Run in background
|
||||
upstream_keepalive_pool_size: 500 # Pool size for upstream keepalive connections
|
||||
pid_file: /tmp/aralez.pid # Path to PID file
|
||||
|
||||
@@ -28,12 +28,14 @@ kubernetes:
|
||||
servers:
|
||||
- "172.16.0.11:5443" # KUBERNETES_SERVICE_HOST : KUBERNETES_SERVICE_PORT_HTTPS
|
||||
services:
|
||||
- proxy: "vt-api-service-v2"
|
||||
real: "vt-api-service-v2"
|
||||
- proxy: "vt-search-service"
|
||||
real: "vt-search-service"
|
||||
- proxy: "vt-websocket-service"
|
||||
real: "vt-websocket-service"
|
||||
- proxy: "api-service"
|
||||
real: "api-service"
|
||||
path: "/"
|
||||
- proxy: "api-service"
|
||||
real: "search-service"
|
||||
path: "/search"
|
||||
- proxy: "websocket-service"
|
||||
real: "websocket-service"
|
||||
tokenpath: "/tmp/token.txt" # /var/run/secrets/kubernetes.io/serviceaccount/token
|
||||
upstreams:
|
||||
myip.mydomain.com:
|
||||
|
||||
@@ -40,6 +40,7 @@ struct Port {
|
||||
}
|
||||
|
||||
pub async fn start(mut toreturn: Sender<Configuration>, config: Arc<Configuration>) {
|
||||
// println!("{:?}", config);
|
||||
let upstreams = UpstreamsDashMap::new();
|
||||
let prev_upstreams = UpstreamsDashMap::new();
|
||||
loop {
|
||||
@@ -57,17 +58,30 @@ pub async fn start(mut toreturn: Sender<Configuration>, config: Arc<Configuratio
|
||||
num = rand::rng().random_range(0..end);
|
||||
}
|
||||
let server = servers.get(num).unwrap().to_string();
|
||||
|
||||
if let Some(svc) = kuber.services {
|
||||
for i in svc {
|
||||
let path = i.path.unwrap_or("/".to_string());
|
||||
let url = format!("https://{}/api/v1/namespaces/staging/endpoints/{}", server, i.real);
|
||||
let list = get_by_http(&*url, &*token).await;
|
||||
let list = get_by_http(&*url, &*token, &*path).await;
|
||||
|
||||
// println!("{:?}", list);
|
||||
|
||||
if let Some(list) = list {
|
||||
upstreams.insert(i.proxy.clone(), list);
|
||||
match upstreams.get(&i.proxy.clone()) {
|
||||
Some(foo) => {
|
||||
for (k, v) in list {
|
||||
foo.value().insert(k, v);
|
||||
}
|
||||
}
|
||||
None => {
|
||||
upstreams.insert(i.proxy.clone(), list);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
// print_upstreams(&upstreams);
|
||||
|
||||
if !compare_dashmaps(&upstreams, &prev_upstreams) {
|
||||
let tosend: Configuration = Configuration {
|
||||
@@ -88,7 +102,7 @@ pub async fn start(mut toreturn: Sender<Configuration>, config: Arc<Configuratio
|
||||
}
|
||||
}
|
||||
|
||||
pub async fn get_by_http(url: &str, token: &str) -> Option<DashMap<String, (Vec<InnerMap>, AtomicUsize)>> {
|
||||
pub async fn get_by_http(url: &str, token: &str, path: &str) -> Option<DashMap<String, (Vec<InnerMap>, AtomicUsize)>> {
|
||||
let client = Client::builder().timeout(Duration::from_secs(2)).danger_accept_invalid_certs(true).build().ok()?;
|
||||
|
||||
let resp = client.get(url).bearer_auth(token).send().await.ok()?;
|
||||
@@ -104,8 +118,8 @@ pub async fn get_by_http(url: &str, token: &str) -> Option<DashMap<String, (Vec<
|
||||
if let Some(subsets) = endpoints.subsets {
|
||||
for subset in subsets {
|
||||
if let (Some(addresses), Some(ports)) = (subset.addresses, subset.ports) {
|
||||
let mut inner_vec = Vec::new();
|
||||
for addr in addresses {
|
||||
let mut inner_vec = Vec::new();
|
||||
for port in &ports {
|
||||
let to_add = InnerMap {
|
||||
address: addr.ip.clone(),
|
||||
@@ -118,8 +132,8 @@ pub async fn get_by_http(url: &str, token: &str) -> Option<DashMap<String, (Vec<
|
||||
};
|
||||
inner_vec.push(to_add);
|
||||
}
|
||||
upstreams.insert("/".to_string(), (inner_vec, AtomicUsize::new(0)));
|
||||
}
|
||||
upstreams.insert(path.to_string(), (inner_vec, AtomicUsize::new(0)));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,6 +12,7 @@ pub type Headers = DashMap<String, DashMap<String, Vec<(String, String)>>>;
|
||||
pub struct ServiceMapping {
|
||||
pub proxy: String,
|
||||
pub real: String,
|
||||
pub path: Option<String>,
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, Default)]
|
||||
|
||||
@@ -250,8 +250,8 @@ pub fn drop_priv(user: String, group: String, http_addr: String, tls_addr: Optio
|
||||
}
|
||||
}
|
||||
|
||||
pub fn check_priv(addr: String) {
|
||||
let port = SocketAddr::from_str(&addr).map(|sa| sa.port()).unwrap();
|
||||
pub fn check_priv(addr: &str) {
|
||||
let port = SocketAddr::from_str(addr).map(|sa| sa.port()).unwrap();
|
||||
match port < 1024 {
|
||||
true => {
|
||||
let meta = std::fs::metadata("/proc/self").map(|m| m.uid()).unwrap();
|
||||
|
||||
@@ -55,11 +55,11 @@ pub fn run() {
|
||||
let bind_address_http = cfg.proxy_address_http.clone();
|
||||
let bind_address_tls = cfg.proxy_address_tls.clone();
|
||||
|
||||
check_priv(bind_address_http.clone());
|
||||
check_priv(bind_address_http.as_str());
|
||||
|
||||
match bind_address_tls {
|
||||
Some(bind_address_tls) => {
|
||||
check_priv(bind_address_tls.clone());
|
||||
check_priv(bind_address_tls.as_str());
|
||||
let (tx, rx): (Sender<Vec<CertificateConfig>>, Receiver<Vec<CertificateConfig>>) = channel();
|
||||
let certs_path = cfg.proxy_certificates.clone().unwrap();
|
||||
thread::spawn(move || {
|
||||
|
||||
Reference in New Issue
Block a user