{"id":13446383,"url":"https://github.com/amazon-archives/aws-app-mesh-inject","last_synced_at":"2026-01-14T11:35:56.009Z","repository":{"id":57521273,"uuid":"171725089","full_name":"amazon-archives/aws-app-mesh-inject","owner":"amazon-archives","description":"AWS AppMesh sidecar injector for EKS.","archived":true,"fork":false,"pushed_at":"2020-06-11T17:29:00.000Z","size":11676,"stargazers_count":56,"open_issues_count":1,"forks_count":40,"subscribers_count":45,"default_branch":"master","last_synced_at":"2025-12-28T17:52:14.526Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amazon-archives.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-02-20T18:12:54.000Z","updated_at":"2024-04-13T08:52:27.000Z","dependencies_parsed_at":"2022-09-26T18:01:14.270Z","dependency_job_id":null,"html_url":"https://github.com/amazon-archives/aws-app-mesh-inject","commit_stats":null,"previous_names":["aws/aws-app-mesh-inject"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/amazon-archives/aws-app-mesh-inject","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazon-archives%2Faws-app-mesh-inject","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazon-archives%2Faws-app-mesh-inject/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazon-archives%2Faws-app-mesh-inject/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazon-archives%2Faws-app-mesh-inject/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amazon-archives","download_url":"https://codeload.github.com/amazon-archives/aws-app-mesh-inject/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazon-archives%2Faws-app-mesh-inject/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28419209,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T10:47:48.104Z","status":"ssl_error","status_checked_at":"2026-01-14T10:46:19.031Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T05:00:52.311Z","updated_at":"2026-01-14T11:35:55.992Z","avatar_url":"https://github.com/amazon-archives.png","language":"Go","funding_links":[],"categories":["AWS App Mesh"],"sub_categories":["App Mesh for Kubernetes"],"readme":"[![CircleCI](https://circleci.com/gh/aws/aws-app-mesh-inject/tree/master.svg?style=svg)](https://circleci.com/gh/aws/aws-app-mesh-inject/tree/master)\n[![Go Report Card](https://goreportcard.com/badge/github.com/aws/aws-app-mesh-inject)](https://goreportcard.com/report/github.com/aws/aws-app-mesh-inject)\n\n# App Mesh Inject\n\nThe AWS App Mesh Kubernetes sidecar injecting Admission Controller.\n\n## Security disclosures\n\nIf you think you’ve found a potential security issue, please do not post it in the Issues.  Instead, please follow the instructions [here](https://aws.amazon.com/security/vulnerability-reporting/) or [email AWS security directly](mailto:aws-security@amazon.com).\n\n## Installation\nPlease reference the [install instructions](INSTALL.md).\n\n### Warning\nTo align our helm repository and this repository we have changed the namespace to appmesh-system and resource names to appmesh-inject. \n\n## Under the hood\n### Enable Sidecar injection\n\nTo enable sidecar injection for a namespace, you need to label the namespace with `appmesh.k8s.aws/sidecarInjectorWebhook=enabled`\n\n```\nkubectl label namespace appmesh-demo appmesh.k8s.aws/sidecarInjectorWebhook=enabled\n```\n\n### Default behavior and how to override\n\nFor namespaces with sidecar injection enabled, pods will be injected if the `appmesh.k8s.aws/sidecarInjectorWebhook` annotation is `enabled` and will not be injected if it is `disabled`.\nFor pods with no annotation, they will be injected if the `-inject-default=true` flag is passed (the default for this flag) and will not be injected if the `-inject-default=false` flag is passed.\n\nAll container ports defined in the pod spec will be passed to sidecars as application ports.\nTo override, add `appmesh.k8s.aws/ports: \"\u003cports\u003e\"` annotation to the pod spec.\n\nBy default all egress traffic ports will be routed, except SSH.\nTo override, add `appmesh.k8s.aws/egressIgnoredPorts: \"\u003cports\u003e\"` annotation to the pod spec. ( Comma separated list of ports for which egress traffic will be ignored )\n\nThe name of the controller that creates the pod will be used as virtual node name and pass over to the sidecar. For example, if a pod\nis created by a deployment, the virtual node name will be `\u003cdeployment name\u003e-\u003cnamespace\u003e`.\nTo override, add `appmesh.k8s.aws/virtualNode: \u003cvirtual node name\u003e` annotation to the pod spec.\n\nThe mesh name provided at install time can be overridden with the `appmesh.k8s.aws/mesh: \u003cmesh name\u003e` annotation at POD spec level.\n\nFor example:\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  labels:\n    name: my-cool-deployment\nspec:\n  selector:\n    matchLabels:\n      name: appmesh-inject\n  template:\n    metadata:\n      annotations:\n        appmesh.k8s.aws/mesh: my-mesh\n        appmesh.k8s.aws/ports: \"8079,8080\"\n        appmesh.k8s.aws/egressIgnoredPorts: \"22\"\n        appmesh.k8s.aws/virtualNode: my-app\n        appmesh.k8s.aws/sidecarInjectorWebhook: disabled\n```\n\nTo see an example on how to use this sidecar injector you can visit the [demo page](https://github.com/aws/aws-app-mesh-examples/tree/master/examples/). \n\n## Troubleshooting\n\n### CA bundle not configured properly\n\nIf the CA bundle isn't configured properly, the pod will log the following log message:\n\n```\nTLS handshake error from 10.0.0.1:45390: remote error: tls: bad certificate\n```\n\nIf this happens, set the `CA_BUNDLE` environment variable to the content of the CA bundle. Make sure that this value is base64 encoded (e.g. it shouldn't start with `-----BEGIN CERTIFICATE-----`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famazon-archives%2Faws-app-mesh-inject","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famazon-archives%2Faws-app-mesh-inject","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famazon-archives%2Faws-app-mesh-inject/lists"}