Release 1.2.0 for joylive-injector

Author: chenzhiguo

charts/joylive-injector/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.0
+version: 1.2.0
 
 keywords:
   - joylive
@@ -26,4 +26,4 @@ home: https://github.com/jd-opensource/joylive-injector
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.1.0"
+appVersion: "1.2.0"

charts/joylive-injector/README-zh.md

@@ -0,0 +1,25 @@
+# joylive-injector
+
+[![GitHub repo](https://img.shields.io/badge/GitHub-repo-blue)](https://github.com/jd-opensource/joylive-injector)
+[![GitHub release](https://img.shields.io/github/release/jd-opensource/joylive-injector.svg)](https://github.com/jd-opensource/joylive-injector/releases)
+[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://joylivehq.slack.com)
+
+[English](./README.md) | 简体中文
+
+## 介绍
+这是一个针对kubernetes的动态准入控制webhook，它可以用于修改`kubernete`资源。
+此程序监视`deployments`的CREATE、UPDATE、DELETE事件和`pods`的CREATE事件，并为`POD`添加initContainer、默认增加环境变量`JAVA_TOOL_OPTIONS`、挂载configmap、修改主容器的卷装载等操作。
+
+## 特性
+- 支持自动将`joylive-agent`注入Java应用的Pod。
+- 支持多版本`joylive-agent`与对应配置管理。
+- 支持注入指定版本`joylive-agent`及对应配置。
+
+## 使用方式
+
+因证书签名已按照命名空间为`joylive`预生成，所以须指定安装到对应命名空间。 执行命令：
+```bash
+helm repo add joylive https://jd-opensource.github.io/joylive-helm-charts
+kubectl create namespace joylive
+helm install joylive-injector joylive/joylive-injector -n joylive
+```

charts/joylive-injector/README.md

@@ -0,0 +1,24 @@
+# joylive-injector
+
+[![GitHub repo](https://img.shields.io/badge/GitHub-repo-blue)](https://github.com/jd-opensource/joylive-injector)
+[![GitHub release](https://img.shields.io/github/release/jd-opensource/joylive-injector.svg)](https://github.com/jd-opensource/joylive-injector/releases)
+[![Slack Status](https://img.shields.io/badge/slack-join_chat-white.svg?logo=slack&style=social)](https://joylivehq.slack.com)
+
+English | [简体中文](./README-zh.md)
+
+## Description
+This is a dynamic admission control webhook for kubernetes, it can be used to mutate kubernetes resources.
+This program monitors the `CREATE`, `UPDATE`, `DELETE` events for `deployments` and the `CREATE` events for `pods` and adds the initContainer for `Pod` , adds the environment variable `JAVA_TOOL_OPTIONS` by default, mounts the configmap, modifies the volume load for the main container, and so on.
+
+## Features
+- Supports automatically injecting `joylive-agent` into Pods of Java applications.
+- Supports multi-version `joylive-agent` and corresponding configuration management.
+- Support injection of specified version `joylive-agent` and corresponding configuration.
+
+## Used
+Since the certificate signature has been pre-generated according to the namespace `joylive`, it is necessary to specify installation to the corresponding namespace. Execute the command:
+```bash
+helm repo add joylive https://jd-opensource.github.io/joylive-helm-charts
+kubectl create namespace joylive
+helm install joylive-injector joylive/joylive-injector -n joylive
+```

charts/joylive-injector/values.yaml

@@ -14,7 +14,7 @@ image:
   repository: ghcr.m.daocloud.io/jd-opensource/joylive-injector
   pullPolicy: Always
   # Overrides the image tag whose default is the chart appVersion.
-  tag: latest
+  tag: v1.2.0
 
 configMapName: joylive-injector-config
 

examples/joylive-injector/injector_v1_agentversion.yaml

@@ -0,0 +1,12 @@
+apiVersion: injector.joylive.io/v1
+kind: AgentVersion
+metadata:
+  labels:
+    app.kubernetes.io/name: joylive-injector
+    app.kubernetes.io/managed-by: joylive-injector
+  name: agentversion-1.0.0-e979a2d-amd64
+  namespace: joylive
+spec:
+  version: 1.0.0-e979a2d-AMD64
+  configMapName: joylive-agent-config-1.0.0-e979a2d-amd64
+  enable: true

examples/joylive-injector/injector_v1_agentversion_configmap.yaml

@@ -0,0 +1,302 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: joylive-agent-config-1.0.0-e979a2d-amd64
+  namespace: joylive
+  labels:
+    app.kubernetes.io/name: joylive-injector
+    app.kubernetes.io/instance: joylive-injector
+    app: joylive-injector
+data:
+  bootstrap.properties: |
+    app.name=${APPLICATION_NAME}
+    app.service.name=${APPLICATION_SERVICE_NAME:${APPLICATION_NAME}}
+    app.service.namespace=${APPLICATION_SERVICE_NAMESPACE:default}
+    app.service.group=${APPLICATION_SERVICE_GROUP:default}
+    app.service.gateway=${APPLICATION_SERVICE_GATEWAY:NONE}
+    app.location.region=${APPLICATION_LOCATION_REGION}
+    app.location.zone=${APPLICATION_LOCATION_ZONE}
+    app.location.liveSpaceId=${APPLICATION_LOCATION_LIVESPACE_ID:${CONFIG_LIVESPACE_ID}}
+    app.location.unitRuleId=${APPLICATION_LOCATION_UNIT_RULE_ID}
+    app.location.unit=${APPLICATION_LOCATION_UNIT}
+    app.location.cell=${APPLICATION_LOCATION_CELL}
+    app.location.laneSpaceId=${APPLICATION_LOCATION_LANESPACE_ID}
+    app.location.lane=${APPLICATION_LOCATION_LANE}
+    agent.enhance.shutdownOnError=${CONFIG_ENHANCE_SHUTDOWN_ON_ERROR:true}
+    classloader.contextLoaderEnabled=${CLASSLOADER_CONTEXT_LOADER_ENABLED:true}
+    classloader.core.configExtensions=yaml,yml,xml,json,properties
+    #classloader.core.parentResources=
+    classloader.core.parentPrefixes=com.jd.live.agent.bootstrap,java.,javax.,sun.
+    #classloader.core.isolationResources=
+    classloader.core.isolationPrefixes=META-INF/services/com.jd.live.agent
+    #classloader.coreImpl.parentResources=
+    classloader.coreImpl.parentPrefixes=com.jd.live.agent.bootstrap.,com.jd.live.agent.core.,com.jd.live.agent.governance.,java.,javax.,sun.
+    classloader.coreImpl.isolationResources=
+    classloader.coreImpl.isolationPrefixes=
+    #classloader.plugin.parentResources=
+    classloader.plugin.parentPrefixes=com.jd.live.agent.bootstrap.,com.jd.live.agent.core.,com.jd.live.agent.governance.,java.,javax.,sun.
+    #classloader.plugin.isolationResources=
+    #classloader.plugin.isolationPrefixes=
+  config.yaml: |
+    agent:
+      enhance:
+        javaVersion: '[,1.8);[1.8.0_60,]'
+        retransformEnabled: true
+        loggerEnabled: true
+        exporterEnabled: false
+        excludePrefixes: null
+        excludeTypes: null
+        excludeInterfaces: null
+        excludeClassLoaders:
+          - com.jd.jr.sgm.agent.loader.ClientLibClassLoader
+          - com.jd.pfinder.profiler.load.InterceptorClassLoader
+          - com.jd.pfinder.profiler.utils.ModuleClassLoader
+          - com.jd.pfinder.profiler.load.ModuleInterceptorClassLoader
+          - io.opentelemetry.javaagent.bootstrap.AgentClassLoader
+          - org.apache.skywalking.apm.agent.core.plugin.loader.AgentClassLoader
+          - org.apache.skywalking.apm.agent.core.plugin.loader.PluginClassLoader
+          - com.navercorp.pinpoint.bootstrap.classloader.AgentClassLoader
+          - com.navercorp.pinpoint.bootstrap.classloader.PluginClassLoader
+          - com.huaweicloud.sermant.core.classloader.FrameworkClassLoader
+          - com.huaweicloud.sermant.core.plugin.classloader.PluginClassLoader
+          - com.huaweicloud.sermant.core.plugin.classloader.ServiceClassLoader
+          - com.alipay.sofa.ark.container.service.classloader.PluginClassLoader
+      publisher:
+        configs:
+          traffic:
+            capacity: 20000
+      plugin:
+        systems:
+          - system
+        statics:
+          - dubbo
+          - grpc
+          - httpclient
+          - jdk
+          - jmq
+          - jsf
+          - kafka
+          - okhttp
+          - netty
+          - phevos
+          - rocketmq
+          - shenyu
+          - sofarpc
+          - spring
+          - mariadb
+          - mongodb
+          - opengauss
+          - postgresql
+          - redis
+        disables: null
+        dynamics: null
+        passives: null
+        profiles:
+          test: null
+          production: null
+        profile: null
+      sync:
+        liveSpace:
+          type: multilive # [file,multilive]
+          url: ${CONFIG_LIVE_SPACE_API_URL:http://11.159.56.136:30305/v1}
+          #spacesUrl: ${CONFIG_LIVE_SPACE_API_URL}/workspaces
+          #spaceUrl: ${CONFIG_LIVE_SPACE_API_URL}/workspaces/${space_id}/version/${space_version}
+          #serviceUrl: ${CONFIG_LIVE_SPACE_API_URL}/services/${service_name}/version/${service_version}
+          service: true
+          interval: 5000
+          timeout: 3000
+          initialTimeout: 20000
+          delay: 0
+          fault: 5000
+          headers: ${CONFIG_LIVE_SPACE_API_HEADERS}
+        laneSpace:
+          type: file
+        microservice:
+          enabled: true
+          type: file
+          url: ${CONFIG_SERVICE_API_URL:http://api.jmsf.local:8080/v1}
+          headers: ${CONFIG_SERVICE_API_HEADERS}
+      watchdog:
+        enabled: true
+        delay: 5000
+        interval: 100
+        timeout: 5000
+      switch:
+        live:
+          enabled: ${CONFIG_LIVE_ENABLED:true}
+          dubbo: true
+          sofarpc: true
+          jsf: true
+          spring: true
+          phevos: true
+        lane:
+          enabled: ${CONFIG_LANE_ENABLED:true}
+        transmission:
+          enabled: ${CONFIG_TRANSMISSION_ENABLED:true}
+          threadpool: ${CONFIG_TRANSMISSION_THREADPOOL_ENABLED:true}
+        registry:
+          enabled: ${CONFIG_REGISTRY_ENABLED:true}
+        flowcontrol:
+          enabled: ${CONFIG_FLOW_CONTROL_ENABLED:true}
+          loadbalance: ${CONFIG_LOADBALANCE_ENABLED:true}
+          sticky: ${CONFIG_STICKY_ENABLED:false}
+          limit: ${CONFIG_LIMIT_ENABLED:true}
+          localhost: ${CONFIG_LOCALHOST_ENABLED:false}
+          virtual: ${CONFIG_VIRTUAL_ENABLED:false}
+        protect:
+          enabled: ${CONFIG_PROTECT_ENABLED:false}
+          mariadb: true
+          postgresql: true
+          opengauss: true
+          mongodb: true
+          redis: false
+        classloader:
+          enabled: ${CONFIG_CLASSLOADER_ENABLED:true}
+          springboot: true
+        counter:
+          enabled: true
+      governance:
+        service:
+          warmups: ${CONFIG_WARMUP_SERVICES:}
+          excludes:
+            - org.apache.dubbo.metadata.MetadataService
+        initializeTimeout: ${CONFIG_POLICY_INITIALIZE_TIMEOUT:10000}
+        router:
+          virtual: ${CONFIG_VIRTUAL_SIZE:500}
+          phevos:
+            groupExpression: ${unit}-${cell}-${group}
+        transmission:
+          thread:
+            excludeExecutors:
+              - org.apache.dubbo.common.threadpool.ThreadlessExecutor
+              - org.apache.tomcat.util.threads.ThreadPoolExecutor
+              - org.apache.tomcat.util.threads.ScheduledThreadPoolExecutor
+              - org.apache.tomcat.util.threads.InlineExecutorService
+              - javax.management.NotificationBroadcasterSupport$1
+              - io.grpc.stub.ClientCalls.ThreadlessExecutor
+              - io.grpc.SynchronizationContext
+              - io.netty.channel.MultithreadEventLoopGroup
+              - io.netty.channel.nio.NioEventLoop
+              - io.netty.channel.SingleThreadEventLoop
+              - io.netty.channel.kqueue.KQueueEventLoopGroup
+              - io.netty.channel.kqueue.KQueueEventLoop
+              - io.netty.util.concurrent.MultithreadEventExecutorGroup
+              - io.netty.util.concurrent.AbstractEventExecutorGroup
+              - io.netty.util.concurrent.ThreadPerTaskExecutor
+              - io.netty.util.concurrent.GlobalEventExecutor
+              - io.netty.util.concurrent.AbstractScheduledEventExecutor
+              - io.netty.util.concurrent.AbstractEventExecutor
+              - io.netty.util.concurrent.DefaultEventExecutor
+              - io.netty.util.concurrent.SingleThreadEventExecutor
+              - io.netty.util.internal.ThreadExecutorMap$1
+              - reactor.core.scheduler.BoundedElasticScheduler$BoundedScheduledExecutorService
+              - reactor.netty.resources.ColocatedEventLoopGroup
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoopGroup
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.channel.MultithreadEventLoopGroup
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.MultithreadEventExecutorGroup
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.AbstractEventExecutorGroup
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.ThreadPerTaskExecutor
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.GlobalEventExecutor
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.AbstractScheduledEventExecutor
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.AbstractEventExecutor
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.channel.nio.NioEventLoop
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.channel.SingleThreadEventLoop
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.concurrent.SingleThreadEventExecutor
+              - com.alibaba.nacos.shaded.io.grpc.netty.shaded.io.netty.util.internal.ThreadExecutorMap$1
+              - com.alibaba.nacos.shaded.io.grpc.internal.ManagedChannelImpl$ExecutorHolder
+              - com.alibaba.nacos.shaded.io.grpc.internal.ManagedChannelImpl$RestrictedScheduledExecutor
+              - com.alibaba.nacos.shaded.io.grpc.internal.ManagedChannelImpl$2
+              - com.alibaba.nacos.shaded.io.grpc.internal.SerializingExecutor
+              - com.alibaba.nacos.shaded.io.grpc.stub.ClientCalls.ThreadlessExecutor
+              - com.alibaba.nacos.shaded.io.grpc.SynchronizationContext
+              - com.alibaba.nacos.shaded.com.google.common.util.concurrent.DirectExecutor
+            excludeTasks:
+              - com.alibaba.nacos.shaded.io.grpc.internal.DnsNameResolver.Resolve
+              - com.alibaba.nacos.client.naming.backups.FailoverReactor$DiskFileWriter
+              - com.alibaba.nacos.client.naming.backups.FailoverReactor.SwitchRefresher
+              - com.alibaba.nacos.client.naming.remote.gprc.redo.RedoScheduledTask
+              - com.alibaba.nacos.shaded.io.grpc.internal.DnsNameResolver$Resolve
+              - com.alibaba.nacos.shaded.io.grpc.internal.DelayedClientTransport$5
+              - com.alibaba.nacos.shaded.io.grpc.internal.SerializingExecutor
+              - com.alibaba.nacos.shaded.io.grpc.internal.LogExceptionRunnable
+              - com.jd.live.agent.core.thread.NamedThreadFactory
+            excludeTaskPrefixes:
+              - reactor.core.scheduler.BoundedElasticScheduler$$Lambda
+              - org.springframework.cloud.commons.util.InetUtils$$Lambda$
+              - com.alibaba.nacos.client.auth.ram.identify.CredentialWatcher$
+              - com.alibaba.nacos.client.naming.backups.FailoverReactor$$Lambda$
+              - com.alibaba.nacos.client.naming.remote.NamingClientProxyDelegate$$Lambda$
+              - com.alibaba.nacos.common.remote.client.RpcClient$$Lambda$
+              - com.alibaba.nacos.common.utils.ThreadFactoryBuilder$$Lambda$
+              - sun.rmi.transport.tcp.TCPTransport$
+              - sun.rmi.transport.DGCImpl$
+              - sun.rmi.transport.DGCAckHandler$
+      counter:
+        gateway: true
+        service: true
+        readerInterval: 1000
+        exporter:
+          type: ${CONFIG_COUNTER_EXPORTER_TYPE:logging}
+          endpoint: ${CONFIG_COUNTER_EXPORTER_ENDPOINT:}
+          timeout: 5000
+
+  logback.xml: |
+    <?xml version="1.0" encoding="UTF-8"?>
+    <configuration scan="true" debug="false">
+        <statusListener class="com.jd.live.agent.shaded.ch.qos.logback.core.status.NopStatusListener"/>
+        
+        <conversionRule conversionWord="clr"
+                        converterClass="com.jd.live.agent.implement.logger.slf4j.logback.ColorConverter"/>
+        <conversionRule conversionWord="wex"
+                        converterClass="com.jd.live.agent.implement.logger.slf4j.logback.WhitespaceThrowableProxyConverter"/>
+        <conversionRule conversionWord="wEx"
+                        converterClass="com.jd.live.agent.implement.logger.slf4j.logback.ExtendedWhitespaceThrowableProxyConverter"/>
+        
+        <property name="LIVE_LOG_CONSOLE_PATTERN"
+                  value="${LIVE_LOG_CONSOLE_PATTERN:-%clr(%d{${LIVE_LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}}){faint} %clr(${LIVE_LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){red} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LIVE_LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}"/>
+        <property name="LIVE_LOG_CONSOLE_CHARSET" value="${LIVE_LOG_CONSOLE_CHARSET:-${file.encoding:-UTF-8}}"/>
+        <property name="LIVE_LOG_FILE_PATTERN"
+                  value="${LIVE_LOG_FILE_PATTERN:-%d{${LIVE_LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}} ${LIVE_LOG_LEVEL_PATTERN:-%5p} ${PID:- } --- [%t] %-40.40logger{39} : %m%n${LIVE_LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}"/>
+        <property name="LIVE_LOG_FILE_CHARSET" value="${LIVE_LOG_FILE_CHARSET:-${file.encoding:-UTF-8}}"/>
+        
+        <property scope="context" name="logger.dir" value="${LIVE_LOG_DIR:-./logs/live-agent/}"/>
+        <property scope="context" name="logger.application" value="${LIVE_APP_NAME:-live-agent}"/>
+        <property scope="context" name="logger.level" value="${LIVE_LOG_LEVEL:-info}"/>
+        <property scope="context" name="logger.totalSize" value="${LIVE_LOG_TOTAL_SIZE:-20GB}"/>
+        <property scope="context" name="logger.maxHistory" value="${LIVE_LOG_MAX_HISTORY:-10}"/>
+        <property scope="context" name="logger.maxFileSize" value="${LIVE_LOG_MAX_SIZE:-10MB}"/>
+        <property scope="context" name="logger.cleanHistoryOnStart" value="${LIVE_LOG_CLEAN_HISTORY_ONSTART:-true}"/>
+        
+        <appender name="CONSOLE_APPENDER" class="com.jd.live.agent.shaded.ch.qos.logback.core.ConsoleAppender">
+            <encoder>
+                <pattern>
+                    ${LIVE_LOG_CONSOLE_PATTERN}
+                </pattern>
+            </encoder>
+        </appender>
+        
+        <appender name="ROLLING_APPENDER" class="com.jd.live.agent.shaded.ch.qos.logback.core.rolling.RollingFileAppender">
+            <rollingPolicy class="com.jd.live.agent.shaded.ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+                <fileNamePattern>${logger.dir}/%d{yyyy-MM-dd}/${logger.application}-%i.log</fileNamePattern>
+                <maxHistory>${logger.maxHistory}</maxHistory>
+                <maxFileSize>${logger.maxFileSize}</maxFileSize>
+                <totalSizeCap>${logger.totalSize}</totalSizeCap>
+                <cleanHistoryOnStart>${logger.cleanHistoryOnStart}</cleanHistoryOnStart>
+            </rollingPolicy>
+            <filter class="com.jd.live.agent.shaded.ch.qos.logback.classic.filter.ThresholdFilter">
+                <level>INFO</level>
+            </filter>
+            <encoder>
+                <pattern>
+                    ${LIVE_LOG_FILE_PATTERN}
+                </pattern>
+            </encoder>
+        </appender>
+        
+        <root>
+            <level value="${logger.level}"/>
+            <appender-ref ref="CONSOLE_APPENDER"/>
+            <appender-ref ref="ROLLING_APPENDER"/>
+        </root>
+    
+    </configuration>