Add codegen resource and delete redundant content (#858)

Author: mfordjody

dubbod/discovery/docker/dockerfile.dubbo …od/discovery/docker/dockerfile.discoverydubbod/discovery/docker/dockerfile.dubbo renamed to dubbod/discovery/docker/dockerfile.discovery dubbod/discovery/docker/dockerfile.dubbo renamed to dubbod/discovery/docker/dockerfile.discovery

@@ -131,7 +131,6 @@ func (s *Server) initDNSCertsK8SRA() error {
 
 	s.addStartFunc("dubbod server certificate rotation", func(stop <-chan struct{}) error {
 		go func() {
-			// Track TTL of DNS cert and renew cert in accordance to grace period.
 			s.RotateDNSCertForK8sCA(stop, "", signerName, true, SelfSignedCACertTTL.Get())
 		}()
 		return nil
@@ -163,15 +162,12 @@ func (s *Server) initDNSCertsDubbod() error {
 		}
 	}
 
-	// check if signing key file exists the cert dir and if the dubbo-generated file
-	// exists (only if USE_CACERTS_FOR_SELF_SIGNED_CA is enabled)
 	if !detectedSigningCABundle {
 		log.Infof("Use roots from dubbo-ca-secret")
 
 		caBundle = s.CA.GetCAKeyCertBundle().GetRootCertPem()
 		s.addStartFunc("dubbod server certificate rotation", func(stop <-chan struct{}) error {
 			go func() {
-				// regenerate dubbod key cert when root cert changes.
 				s.watchRootCertAndGenKeyCert(stop)
 			}()
 			return nil
@@ -180,10 +176,8 @@ func (s *Server) initDNSCertsDubbod() error {
 		log.Infof("Use roots from %v and watch", fileBundle.RootCertFile)
 
 		caBundle = s.CA.GetCAKeyCertBundle().GetRootCertPem()
-		// Similar code to dubbo-ca-secret: refresh the root cert, but in casecrets
 		s.addStartFunc("dubbod server certificate rotation", func(stop <-chan struct{}) error {
 			go func() {
-				// regenerate dubbod key cert when root cert changes.
 				s.watchRootCertAndGenKeyCert(stop)
 			}()
 			return nil
@@ -230,5 +224,6 @@ func (s *Server) updateRootCertAndGenKeyCert() error {
 	}
 
 	s.dubbodCertBundleWatcher.SetAndNotify(keyPEM, certChain, caBundle)
+
 	return nil
 }

dubbod/discovery/pkg/bootstrap/cert_controller.go

@@ -80,7 +80,6 @@ func (s *Server) initK8SConfigStore(args *DubboArgs) error {
 		s.environment.GatewayAPIController = gwc
 		s.ConfigStores = append(s.ConfigStores, s.environment.GatewayAPIController)
 
-		// Use a channel to signal activation of per-revision status writer
 		activatePerRevisionStatusWriterCh := make(chan struct{})
 		s.checkAndRunNonRevisionLeaderElectionIfRequired(args, activatePerRevisionStatusWriterCh)
 
@@ -115,11 +114,6 @@ func (s *Server) initK8SConfigStore(args *DubboArgs) error {
 						if s.kubeClient.CrdWatcher().WaitForCRD(gvr.KubernetesGateway, leaderStop) {
 							controller := gateway.NewDeploymentController(s.kubeClient, s.clusterID, s.environment,
 								s.webhookInfo.getWebhookConfig, s.webhookInfo.addHandler, nil, args.Revision, args.Namespace)
-							// Start informers again. This fixes the case where informers for namespace do not start,
-							// as we create them only after acquiring the leader lock
-							// Note: stop here should be the overall pilot stop, NOT the leader election stop. We are
-							// basically lazy loading the informer, if we stop it when we lose the lock we will never
-							// recreate it again.
 							s.kubeClient.RunAndWait(stop)
 							// TODO tag watcher
 							controller.Run(leaderStop)
@@ -144,8 +138,6 @@ func (s *Server) initK8SConfigStore(args *DubboArgs) error {
 	return nil
 }
 
-// initConfigSources will process mesh config 'configSources' and initialize
-// associated configs.
 func (s *Server) initConfigSources(args *DubboArgs) (err error) {
 	for _, configSource := range s.environment.Mesh().ConfigSources {
 		srcAddress, err := url.Parse(configSource.Address)
@@ -171,10 +163,6 @@ func (s *Server) initConfigSources(args *DubboArgs) (err error) {
 			s.ConfigStores = append(s.ConfigStores, configController)
 			log.Infof("Started File configSource %s", configSource.Address)
 		case XDS:
-			// XDS config source support (legacy - MCP protocol removed)
-			// Note: MCP was a legacy protocol replaced by APIGenerator in Dubbo
-			// This XDS config source may not be needed for proxyless mesh
-			// TLS settings removed from ConfigSource - use insecure credentials
 			// TODO: Implement TLS support when needed
 			xdsClient, err := adsc.New(srcAddress.Host, &adsc.ADSConfig{
 				InitialDiscoveryRequests: adsc.ConfigInitialRequests(),
@@ -223,8 +211,6 @@ func (s *Server) initConfigSources(args *DubboArgs) (err error) {
 func (s *Server) initConfigController(args *DubboArgs) error {
 	meshGlobalConfig := s.environment.Mesh()
 	if len(meshGlobalConfig.ConfigSources) > 0 {
-		// XDS config source support (legacy - MCP protocol removed)
-		// Note: MCP was a legacy protocol replaced by APIGenerator in Dubbo
 		if err := s.initConfigSources(args); err != nil {
 			return err
 		}
@@ -247,17 +233,14 @@ func (s *Server) initConfigController(args *DubboArgs) error {
 		}
 	}
 
-	// Wrap the config controller with a cache.
 	aggregateConfigController, err := configaggregate.MakeCache(s.ConfigStores)
 	if err != nil {
 		return err
 	}
 	s.configController = aggregateConfigController
 
-	// Create the config store.
 	s.environment.ConfigStore = aggregateConfigController
 
-	// Defer starting the controller until after the service is created.
 	s.addStartFunc("config controller", func(stop <-chan struct{}) error {
 		go s.configController.Run(stop)
 		return nil
@@ -266,7 +249,6 @@ func (s *Server) initConfigController(args *DubboArgs) error {
 	return nil
 }
 
-// getRootCertFromSecret fetches a map of keys and values from a secret with name in namespace
 func (s *Server) getRootCertFromSecret(name, namespace string) (*dubboCredentials.CertInfo, error) {
 	secret, err := s.kubeClient.Kube().CoreV1().Secrets(namespace).Get(context.Background(), name, v1.GetOptions{})
 	if err != nil {
@@ -279,7 +261,6 @@ func (s *Server) checkAndRunNonRevisionLeaderElectionIfRequired(args *DubboArgs,
 	cm, err := s.kubeClient.Kube().CoreV1().ConfigMaps(args.Namespace).Get(context.Background(), leaderelection.GatewayStatusController, v1.GetOptions{})
 
 	if errors.IsNotFound(err) {
-		// ConfigMap does not exist, so per-revision leader election should be active
 		close(activateCh)
 		return
 	}
@@ -290,10 +271,8 @@ func (s *Server) checkAndRunNonRevisionLeaderElectionIfRequired(args *DubboArgs,
 		}
 		if err := json.Unmarshal([]byte(leaderAnn), &leaderInfo); err == nil {
 			if leaderInfo.HolderIdentity != "" {
-				// Non-revision leader election should run, per-revision should be waiting for activation
 				s.addTerminatingStartFunc("gateway status", func(stop <-chan struct{}) error {
 					secondStop := make(chan struct{})
-					// if stop closes, ensure secondStop closes too
 					go func() {
 						<-stop
 						select {
@@ -305,16 +284,12 @@ func (s *Server) checkAndRunNonRevisionLeaderElectionIfRequired(args *DubboArgs,
 					leaderelection.
 						NewLeaderElection(args.Namespace, args.PodName, leaderelection.GatewayStatusController, args.Revision, s.kubeClient).
 						AddRunFunction(func(leaderStop <-chan struct{}) {
-							// now that we have the leader lock, we can activate the per-revision status writer
-							// first close the activateCh channel if it is not already closed
 							log.Infof("Activating gateway status writer")
 							select {
 							case <-activateCh:
-								// Channel already closed, do nothing
 							default:
 								close(activateCh)
 							}
-							// now end this lease itself
 							select {
 							case <-secondStop:
 							default:
@@ -328,6 +303,5 @@ func (s *Server) checkAndRunNonRevisionLeaderElectionIfRequired(args *DubboArgs,
 			}
 		}
 	}
-	// If annotation missing or holderIdentity is blank, per-revision leader election should be active
 	close(activateCh)
 }

dubbod/discovery/pkg/bootstrap/config_controller.go

@@ -156,7 +156,6 @@ func (s *Server) createDubboRA(opts *caOptions) (ra.RegistrationAuthority, error
 			return nil, fmt.Errorf("failed to get file info: %v", err)
 		}
 
-		// File does not exist.
 		if certSignerDomain == "" {
 			log.Infof("CA cert file %q not found, using %q.", caCertFile, defaultCACertPath)
 			caCertFile = defaultCACertPath
@@ -230,15 +229,12 @@ func (s *Server) createDubboCA(opts *caOptions) (*ca.DubboCA, error) {
 			log.Infof("DubboGenerated %s secret found, use it as the CA certificate", ca.CACertsSecret)
 		}
 
-		// Either the secret is not mounted because it is named `dubbo-ca-secret`,
-		// or it is `cacerts` secret mounted with "dubbo-generated" key set.
 		caOpts, err = s.createSelfSignedCACertificateOptions(&fileBundle, opts)
 		if err != nil {
 			return nil, err
 		}
 		caOpts.OnRootCertUpdate = s.updateRootCertAndGenKeyCert
 	} else {
-		// The secret is mounted and the "dubbo-generated" key is not used.
 		log.Info("Use local CA certificate")
 
 		caOpts, err = ca.NewPluggedCertDubboCAOptions(fileBundle, workloadCertTTL.Get(), maxWorkloadCertTTL.Get(), caRSAKeySize.Get())
@@ -247,8 +243,6 @@ func (s *Server) createDubboCA(opts *caOptions) (*ca.DubboCA, error) {
 		}
 
 		if features.EnableCACRL {
-			// CRL is only supported for Plugged CA.
-			// If CRL file is present, read and notify it for initial replication
 			if len(fileBundle.CRLFile) > 0 {
 				log.Infof("CRL file %s found, notifying it for initial replication", fileBundle.CRLFile)
 				crlBytes, crlErr := os.ReadFile(fileBundle.CRLFile)
@@ -268,7 +262,6 @@ func (s *Server) createDubboCA(opts *caOptions) (*ca.DubboCA, error) {
 		return nil, fmt.Errorf("failed to create an dubbod CA: %v", err)
 	}
 
-	// Start root cert rotator in a separate goroutine.
 	dubboCA.Run(s.internalStop)
 	return dubboCA, nil
 }
@@ -335,7 +328,6 @@ func handleEvent(s *Server) {
 		return
 	}
 
-	// check if CA bundle is updated
 	newCABundle, err = os.ReadFile(fileBundle.RootCertFile)
 	if err != nil {
 		log.Errorf("failed reading root-cert.pem: %v", err)
@@ -344,10 +336,7 @@ func handleEvent(s *Server) {
 
 	currentCABundle := s.CA.GetCAKeyCertBundle().GetRootCertPem()
 
-	// Only updating intermediate CA is supported now
 	if !bytes.Equal(currentCABundle, newCABundle) {
-		// in order to support root ca rotation, or we are removing the old ca,
-		// we need to make the new CA bundle contain both old and new CA certs
 		if bytes.Contains(currentCABundle, newCABundle) ||
 			bytes.Contains(newCABundle, currentCABundle) {
 			log.Info("Updating new ROOT-CA")
@@ -359,14 +348,10 @@ func handleEvent(s *Server) {
 	}
 
 	if features.EnableCACRL {
-		// check if crl file is updated
 		if len(fileBundle.CRLFile) > 0 {
 			currentCRLData := s.CA.GetCAKeyCertBundle().GetCRLPem()
 			crlData, crlReadErr := os.ReadFile(fileBundle.CRLFile)
 			if crlReadErr != nil {
-				// handleEvent can be triggered either for key-cert bundle update or
-				// for crl file update. So, even if there is an error in reading crl file,
-				// we should log error and continue with key-cert bundle update.
 				log.Errorf("failed reading crl file: %v", crlReadErr)
 			}
 
@@ -395,7 +380,6 @@ func handleEvent(s *Server) {
 		return
 	}
 
-	// notify watcher to replicate new or updated crl data
 	if updateCRL {
 		s.dubbodCertBundleWatcher.SetAndNotifyCACRL(s.CA.GetCAKeyCertBundle().GetCRLPem())
 		log.Infof("Dubbod has detected the newly added CRL file and updated its CRL accordingly")
@@ -483,7 +467,6 @@ func checkCABundleCompleteness(signingKeyFile, signingCertFile, rootCertFile str
 func detectSigningCABundleAndCRL() (ca.SigningCAFileBundle, error) {
 	tlsSigningFile := path.Join(LocalCertDir.Get(), ca.TLSSecretCACertFile)
 
-	// looking for tls file format (tls.crt)
 	if _, err := os.Stat(tlsSigningFile); err == nil {
 		log.Info("Using kubernetes.io/tls secret type for signing ca files")
 		return ca.SigningCAFileBundle{
@@ -500,7 +483,6 @@ func detectSigningCABundleAndCRL() (ca.SigningCAFileBundle, error) {
 	}
 
 	log.Info("Using dubbod file format for signing ca files")
-	// default ca file format
 	signingCAFileBundle := ca.SigningCAFileBundle{
 		RootCertFile:    path.Join(LocalCertDir.Get(), ca.RootCertFile),
 		CertChainFiles:  []string{path.Join(LocalCertDir.Get(), ca.CertChainFile)},
@@ -509,7 +491,6 @@ func detectSigningCABundleAndCRL() (ca.SigningCAFileBundle, error) {
 	}
 
 	if features.EnableCACRL {
-		// load crl file if it exists
 		crlFilePath := path.Join(LocalCertDir.Get(), ca.CACRLFile)
 		if _, err := os.Stat(crlFilePath); err == nil {
 			log.Info("Detected CRL file")

dubbod/discovery/pkg/bootstrap/dubbo_ca.go

@@ -33,8 +33,8 @@ import (
 )
 
 const (
-	webhookName                  = "grpcxds-injector.dubbo.apache.org"
-	defaultInjectorConfigMapName = "dubbo-grpcxds-injector"
+	webhookName                  = "proxyless-injector.dubbo.apache.org"
+	defaultInjectorConfigMapName = "dubbo-proxyless-injector"
 )
 
 var injectionEnabled = env.Register("INJECT_ENABLED", true, "Enable mutating webhook handler.")
@@ -43,11 +43,10 @@ func (s *Server) initInjector(args *DubboArgs) (*inject.Webhook, error) {
 	// currently the constant: "./var/lib/dubbo/inject"
 	injectPath := args.InjectionOptions.InjectionDirectory
 	if injectPath == "" || !injectionEnabled.Get() {
-		log.Infof("Skipping grpcxds injector, injection path is missing or disabled.")
+		log.Infof("Skipping proxyxless injector, injection path is missing or disabled.")
 		return nil, nil
 	}
 
-	// If the injection config exists either locally or remotely, we will set up injection.
 	var watcher inject.Watcher
 	if _, err := os.Stat(filepath.Join(injectPath, "config")); !os.IsNotExist(err) {
 		configFile := filepath.Join(injectPath, "config")
@@ -61,18 +60,18 @@ func (s *Server) initInjector(args *DubboArgs) (*inject.Webhook, error) {
 		cms := s.kubeClient.Kube().CoreV1().ConfigMaps(args.Namespace)
 		if _, err := cms.Get(context.TODO(), configMapName, metav1.GetOptions{}); err != nil {
 			if errors.IsNotFound(err) {
-				log.Infof("Skipping grpcxds injector, template not found")
+				log.Infof("Skipping proxyless injector, template not found")
 				return nil, nil
 			}
 			return nil, err
 		}
 		watcher = inject.NewConfigMapWatcher(s.kubeClient, args.Namespace, configMapName, "config", "values")
 	} else {
-		log.Infof("Skipping grpcxds injector, template not found")
+		log.Infof("Skipping proxyless injector, template not found")
 		return nil, nil
 	}
 
-	log.Info("initializing grpcxds injector")
+	log.Info("initializing proxyless injector")
 
 	parameters := inject.WebhookParameters{
 		Watcher:      watcher,

dubbod/discovery/pkg/bootstrap/injector.go

@@ -40,7 +40,6 @@ type RegistryOptions struct {
 }
 
 type InjectionOptions struct {
-	// Directory of injection related config files.
 	InjectionDirectory string
 }
 
@@ -66,12 +65,11 @@ type DiscoveryServerOptions struct {
 }
 
 type TLSOptions struct {
-	// CaCertFile and related are set using CLI flags.
 	CaCertFile      string
 	CertFile        string
 	KeyFile         string
 	TLSCipherSuites []string
-	CipherSuits     []uint16 // This is the parsed cipher suites
+	CipherSuits     []uint16
 }
 
 func (p *DubboArgs) applyDefaults() {
@@ -85,10 +83,8 @@ func (p *DubboArgs) applyDefaults() {
 func NewDubboArgs(initFuncs ...func(*DubboArgs)) *DubboArgs {
 	p := &DubboArgs{}
 
-	// Apply Default Values.
 	p.applyDefaults()
 
-	// Apply custom initialization functions.
 	for _, fn := range initFuncs {
 		fn(p)
 	}