欢迎关注我的公众号：

watermark_type_ZHJvaWRzYW5zZmFsbGJhY2s_shadow_50_text_Q1NETiBAaHhwamF2YTE_size_8_color_FFFFFF_t_70_g_se_x_16

目前刚开始写一个月，一共写了18篇原创文章，文章目录如下：

istio多集群探秘，部署了50次多集群后我得出的结论

istio多集群链路追踪，附实操视频

istio防故障利器，你知道几个,istio新手不要读，太难！

istio业务权限控制，原来可以这么玩

istio实现非侵入压缩，微服务之间如何实现压缩

不懂envoyfilter也敢说精通istio系列-http-rbac-不要只会用AuthorizationPolicy配置权限

不懂envoyfilter也敢说精通istio系列-02-http-corsFilter-不要只会vs

不懂envoyfilter也敢说精通istio系列-03-http-csrf filter-再也不用再代码里写csrf逻辑了

不懂envoyfilter也敢说精通istio系列http-jwt_authn-不要只会RequestAuthorization

不懂envoyfilter也敢说精通istio系列-05-fault-filter-故障注入不止是vs

不懂envoyfilter也敢说精通istio系列-06-http-match-配置路由不只是vs

不懂envoyfilter也敢说精通istio系列-07-负载均衡配置不止是dr

不懂envoyfilter也敢说精通istio系列-08-连接池和断路器

不懂envoyfilter也敢说精通istio系列-09-http-route filter

不懂envoyfilter也敢说精通istio系列-network filter-redis proxy

不懂envoyfilter也敢说精通istio系列-network filter-HttpConnectionManager

不懂envoyfilter也敢说精通istio系列-ratelimit-istio ratelimit完全手册

————————————————

//创建config命令
func NewCmdConfig(f cmdutil.Factory, pathOptions *clientcmd.PathOptions, streams genericclioptions.IOStreams) *cobra.Command {
    if len(pathOptions.ExplicitFileFlag) == 0 {//设置kubeconfig选项名称
        pathOptions.ExplicitFileFlag = clientcmd.RecommendedConfigPathFlag
    }
    cmd := &cobra.Command{//创建cobra命令
        Use:                   "config SUBCOMMAND",
        DisableFlagsInUseLine: true,
        Short:                 i18n.T("Modify kubeconfig files"),
        Long: templates.LongDesc(`
            Modify kubeconfig files using subcommands like "kubectl config set current-context my-context"
            The loading order follows these rules:
            1. If the --` + pathOptions.ExplicitFileFlag + ` flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.
            2. If $` + pathOptions.EnvVar + ` environment variable is set, then it is used as a list of paths (normal path delimiting rules for your system). These paths are merged. When a value is modified, it is modified in the file that defines the stanza. When a value is created, it is created in the first file that exists. If no files in the chain exist, then it creates the last file in the list.
            3. Otherwise, ` + path.Join("${HOME}", pathOptions.GlobalFileSubpath) + ` is used and no merging takes place.`),
        Run: cmdutil.DefaultSubCommandRun(streams.ErrOut),
    }
    // file paths are common to all sub commands
    cmd.PersistentFlags().StringVar(&pathOptions.LoadingRules.ExplicitPath, pathOptions.ExplicitFileFlag, pathOptions.LoadingRules.ExplicitPath, "use a particular kubeconfig file")//kubeconfig选项
    // TODO(juanvallejo): update all subcommands to work with genericclioptions.IOStreams
    cmd.AddCommand(NewCmdConfigView(f, streams, pathOptions))//添加view子命令
    cmd.AddCommand(NewCmdConfigSetCluster(streams.Out, pathOptions))//set-cluster子命令
    cmd.AddCommand(NewCmdConfigSetAuthInfo(streams.Out, pathOptions))//setauthinfo子命令
    cmd.AddCommand(NewCmdConfigSetContext(streams.Out, pathOptions))//set-context子命令
    cmd.AddCommand(NewCmdConfigSet(streams.Out, pathOptions))//set子命令
    cmd.AddCommand(NewCmdConfigUnset(streams.Out, pathOptions))//unset子命令
    cmd.AddCommand(NewCmdConfigCurrentContext(streams.Out, pathOptions))//current-context子命令
    cmd.AddCommand(NewCmdConfigUseContext(streams.Out, pathOptions))//use-context子命令
    cmd.AddCommand(NewCmdConfigGetContexts(streams, pathOptions))//get-context子命令
    cmd.AddCommand(NewCmdConfigGetClusters(streams.Out, pathOptions))//get-cluster子命令
    cmd.AddCommand(NewCmdConfigDeleteCluster(streams.Out, pathOptions))//delete-cluster子命令
    cmd.AddCommand(NewCmdConfigDeleteContext(streams.Out, streams.ErrOut, pathOptions))//delete-context子命令
    cmd.AddCommand(NewCmdConfigRenameContext(streams.Out, pathOptions))//rename-context子命令
    return cmd
}
type ViewOptions struct {//view结构体
    PrintFlags  *genericclioptions.PrintFlags
    PrintObject printers.ResourcePrinterFunc
    ConfigAccess clientcmd.ConfigAccess
    Merge        cliflag.Tristate
    Flatten      bool
    Minify       bool
    RawByteData  bool
    Context      string
    OutputFormat string
    genericclioptions.IOStreams
}
//创建config命令
func NewCmdConfigView(f cmdutil.Factory, streams genericclioptions.IOStreams, ConfigAccess clientcmd.ConfigAccess) *cobra.Command {
    o := &ViewOptions{//初始化结构体
        PrintFlags:   genericclioptions.NewPrintFlags("").WithTypeSetter(scheme.Scheme).WithDefaultOutput("yaml"),
        ConfigAccess: ConfigAccess,
        IOStreams: streams,
    }
    cmd := &cobra.Command{//创建cobra命令
        Use:     "view",
        Short:   i18n.T("Display merged kubeconfig settings or a specified kubeconfig file"),
        Long:    viewLong,
        Example: viewExample,
        Run: func(cmd *cobra.Command, args []string) {
            cmdutil.CheckErr(o.Complete(cmd, args))//准备
            cmdutil.CheckErr(o.Validate())//校验
            cmdutil.CheckErr(o.Run())//运行
        },
    }
    o.PrintFlags.AddFlags(cmd)//打印选项
    o.Merge.Default(true)//merge默认值
    mergeFlag := cmd.Flags().VarPF(&o.Merge, "merge", "", "Merge the full hierarchy of kubeconfig files")//merge选项
    mergeFlag.NoOptDefVal = "true"
    cmd.Flags().BoolVar(&o.RawByteData, "raw", o.RawByteData, "Display raw byte data")//raw选项
    cmd.Flags().BoolVar(&o.Flatten, "flatten", o.Flatten, "Flatten the resulting kubeconfig file into self-contained output (useful for creating portable kubeconfig files)")//flatten选项
    cmd.Flags().BoolVar(&o.Minify, "minify", o.Minify, "Remove all information not used by current-context from the output")//minify选项
    return cmd
}
//准备
func (o *ViewOptions) Complete(cmd *cobra.Command, args []string) error {
    if len(args) != 0 {//参数必须是0个
        return cmdutil.UsageErrorf(cmd, "unexpected arguments: %v", args)
    }
    if o.ConfigAccess.IsExplicitFile() {//如果指定了kubeconfig选项
        if !o.Merge.Provided() {//如果merge没设置，设置为false
            o.Merge.Set("false")
        }
    }
    printer, err := o.PrintFlags.ToPrinter()//print flag转printer
    if err != nil {
        return err
    }
    o.PrintObject = printer.PrintObj//设置printObject函数
    o.Context = cmdutil.GetFlagString(cmd, "context")//设置context
    return nil
}
func (o ViewOptions) Validate() error {//校验
    if !o.Merge.Value() && !o.ConfigAccess.IsExplicitFile() {//如果merge为false，必须指定kubeconfig选项
        return errors.New("if merge==false a precise file must to specified")
    }
    return nil
}
//运行
func (o ViewOptions) Run() error {
    config, err := o.loadConfig()//加载config
    if err != nil {
        return err
    }
    if o.Minify {//如果指定了minify
        if len(o.Context) > 0 {//如果指定了context
            config.CurrentContext = o.Context//设置config context
        }
        if err := clientcmdapi.MinifyConfig(config); err != nil {//修剪config
            return err
        }
    }
    if o.Flatten {// 如果指定了flattern
        if err := clientcmdapi.FlattenConfig(config); err != nil {//flatten config
            return err
        }
    } else if !o.RawByteData {//如果没指定raw
        clientcmdapi.ShortenConfig(config)//shorten config
    }
    convertedObj, err := latest.Scheme.ConvertToVersion(config, latest.ExternalVersion)//转换config版本
    if err != nil {
        return err
    }
    return o.PrintObject(convertedObj, o.Out)//打印
}
func (o ViewOptions) loadConfig() (*clientcmdapi.Config, error) {//加载config
    err := o.Validate()//校验
    if err != nil {
        return nil, err
    }
    config, err := o.getStartingConfig()//获取config
    return config, err
}
// getStartingConfig returns the Config object built from the sources specified by the options, the filename read (only if it was a single file), and an error if something goes wrong
func (o *ViewOptions) getStartingConfig() (*clientcmdapi.Config, error) {
    switch {
    case !o.Merge.Value():// 如果merge为false
        return clientcmd.LoadFromFile(o.ConfigAccess.GetExplicitFile())//从文件加载
    default:
        return o.ConfigAccess.GetStartingConfig()//从configAccess加载
    }
}
func MinifyConfig(config *Config) error {//修剪config
    if len(config.CurrentContext) == 0 {//如果没有currentContext报错
        return errors.New("current-context must exist in order to minify")
    }
    currContext, exists := config.Contexts[config.CurrentContext]//获取currentContext
    if !exists {
        return fmt.Errorf("cannot locate context %v", config.CurrentContext)
    }
    newContexts := map[string]*Context{}
    newContexts[config.CurrentContext] = currContext//设置新的context
    newClusters := map[string]*Cluster{}//clustermap
    if len(currContext.Cluster) > 0 {//如果currentContext的cluster有值
        if _, exists := config.Clusters[currContext.Cluster]; !exists {//获取当前cluster
            return fmt.Errorf("cannot locate cluster %v", currContext.Cluster)
        }
        newClusters[currContext.Cluster] = config.Clusters[currContext.Cluster]//把cluster设置到newCluster里
    }
    newAuthInfos := map[string]*AuthInfo{}//newAuthinfos map
    if len(currContext.AuthInfo) > 0 {//如果当前contenxt有授权信息
        if _, exists := config.AuthInfos[currContext.AuthInfo]; !exists {//判断授权信息是否存在
            return fmt.Errorf("cannot locate user %v", currContext.AuthInfo)
        }
        newAuthInfos[currContext.AuthInfo] = config.AuthInfos[currContext.AuthInfo]//设置newAuthInfos
    }
    config.AuthInfos = newAuthInfos//设置config当前上下文的信息
    config.Clusters = newClusters
    config.Contexts = newContexts
    return nil
}
func FlattenConfig(config *Config) error {//flatten config
    for key, authInfo := range config.AuthInfos {//遍历授权信息
        baseDir, err := MakeAbs(path.Dir(authInfo.LocationOfOrigin), "")//获取授权信息秘钥基路径
        if err != nil {
            return err
        }
        if err := FlattenContent(&authInfo.ClientCertificate, &authInfo.ClientCertificateData, baseDir); err != nil {//从文件读取ClientCertificate信息，赋值给ClientCertificateData
            return err
        }
        if err := FlattenContent(&authInfo.ClientKey, &authInfo.ClientKeyData, baseDir); err != nil {//从文件读取ClientKey信息赋值给ClientKeyData
            return err
        }
        config.AuthInfos[key] = authInfo//设置授权信息
    }
    for key, cluster := range config.Clusters {//遍历clusters
        baseDir, err := MakeAbs(path.Dir(cluster.LocationOfOrigin), "")//获取cluster秘钥信息基路径
        if err != nil {
            return err
        }
        if err := FlattenContent(&cluster.CertificateAuthority, &cluster.CertificateAuthorityData, baseDir); err != nil {//从文件读取CertificateAuthority，赋值给CertificateAuthorityData
            return err
        }
        config.Clusters[key] = cluster//设置cluster
    }
    return nil
}
func ShortenConfig(config *Config) {//简化config
    // trick json encoder into printing a human readable string in the raw data
    // by base64 decoding what we want to print. Relies on implementation of
    // http://golang.org/pkg/encoding/json/#Marshal using base64 to encode []byte
    for key, authInfo := range config.AuthInfos {//遍历授权信息
        if len(authInfo.ClientKeyData) > 0 {
            authInfo.ClientKeyData = redactedBytes//设置ClientKeyData 
        }
        if len(authInfo.ClientCertificateData) > 0 {
            authInfo.ClientCertificateData = redactedBytes//设置ClientCertificateData 
        }
        config.AuthInfos[key] = authInfo//设置授权信息
    }
    for key, cluster := range config.Clusters {
        if len(cluster.CertificateAuthorityData) > 0 {
            cluster.CertificateAuthorityData = dataOmittedBytes//设置CertificateAuthorityData 
        }
        config.Clusters[key] = cluster//设置cluster
    }
}