{"id":21228503,"url":"https://github.com/polycube-network/polycube-sidecar-injector","last_synced_at":"2025-10-11T22:42:47.724Z","repository":{"id":109827109,"uuid":"220291129","full_name":"polycube-network/polycube-sidecar-injector","owner":"polycube-network","description":"Kubernetes Mutating Webhook that automatically injects Polycube as a sidecar","archived":false,"fork":false,"pushed_at":"2019-11-22T13:51:19.000Z","size":31,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-01-21T17:49:27.834Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/polycube-network.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-11-07T17:20:41.000Z","updated_at":"2020-07-27T12:57:16.000Z","dependencies_parsed_at":"2023-05-26T21:45:35.059Z","dependency_job_id":null,"html_url":"https://github.com/polycube-network/polycube-sidecar-injector","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polycube-network%2Fpolycube-sidecar-injector","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polycube-network%2Fpolycube-sidecar-injector/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polycube-network%2Fpolycube-sidecar-injector/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polycube-network%2Fpolycube-sidecar-injector/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/polycube-network","download_url":"https://codeload.github.com/polycube-network/polycube-sidecar-injector/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243672373,"owners_count":20328762,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T23:19:20.151Z","updated_at":"2025-10-11T22:42:42.706Z","avatar_url":"https://github.com/polycube-network.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Polycube Sidecar Injector\n\nKubernetes Mutating Webhook that automatically injects Polycube as a sidecar in pods matching some criteria.\n\n## Polycube\n``Polycube`` is an **open source** software framework that provides **fast** and **lightweight** **network functions** such as bridges, routers, firewalls, and others.\n\nPolycube services, called `cubes`, can be composed to build arbitrary **service chains** and provide custom network connectivity to **namespaces**, **containers**, **virtual machines**, and **physical hosts**.\n\nFor more information, jump to the project [Documentation](https://polycube-network.readthedocs.io/en/latest/).\n\n## Polycube as a sidecar\n\nFrom monitoring to security purposes, Polycube running as a sidecar in your pods may bring several benefits. In case your CNI does not provide firewall capabilities or, for some reason, you don't want to use that one, you may leverage on Polycube's API to create a firewall inside the pods you want to protect; or instantiate a DDOS mitigator to reduce the impact of DDOS attacks. \nThe aforementioned situations are just two simple examples, refer to the documentation to know more about all the features and network functions that Polycube provides. \n\n### CNI requirements\n\nRunning ``pcn-k8s`` (Polycube's own [CNI](https://polycube-network.readthedocs.io/en/latest/components/k8s/pcn-kubernetes.html)) as your CNI of choice is recommended, as it can be made aware of the presence of the sidecar injector and, thus, make the proper adjustments to help it be more efficient. Nonetheless, the sidecar injector is CNI-agnostic and has no requirements about the CNI installed.\n\n### Injection requirements\n\nPolycube will be injected as a sidecar only in pods that match some particular criteria. Once the sidecar injector is installed, it will work only on pods that have following annotation: ``polycube.network/sidecar`` with value ``enabled``. Additionally, such pods must run on namespaces that have the mentioned key/pair as label.\n\n### Example\n\nIn this example, we will deploy a pod that will be injected with the Polycube sidecar.\n\nSupposing that the namespace where you want to deploy such pod is called ``enabled-ns``, you need to first label it with the neabled label:\n\n``kubectl label ns enabled-ns polycube.network/sidecar=enabled``\n\nDeploy the pod: \n\n```bash\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: v1\nkind: Pod\nmetadata:\n  namespace: enabled-ns\n  name: myapp-pod\n  annotations:\n    polycube.network/sidecar: enabled\n  labels:\n    app: myapp\nspec:\n  containers:\n  - name: myapp-container\n    image: busybox\n    command: ['sh', '-c', 'echo Hello Kubernetes! \u0026\u0026 sleep 3600']\nEOF\n```\n\nAfter some time, you will see that the pod has 2 containers running inside it:\n\n```bash\nkubectl get pods -n enabled-ns\nNAME        READY   STATUS    RESTARTS   AGE\nmyapp-pod   2/2     Running   0          90s\n```\n\n### Interact with the polycube sidecar\n\nYou can interact with polycube's API by contacting the pod's IP on port 9000. Once again, refer to the [Documentation](https://polycube-network.readthedocs.io/en/latest/) to know more.\n\n## Installation\n\nIn order to launch the sidecar injector, run the ``deploy.sh`` script inside the ``scripts`` folder.\n\nPlease make sure you have [CFSSL](https://github.com/cloudflare/cfssl) installed before running the script:\n\n``sudo apt install golang-cfssl``\n\n### Remove\n\nRun the ``remove.sh`` script inside the ``scripts`` folder to remove every resource deployed by the sidecar injector.\n\n### Configuration\n\nThe sidecar injector is set to inject the latest polycube docker image. But in case this does not suit your needs, i.e. if you have compiled and uploaded a version of polycube with only the firewall component present, you may edit the ``polycubeImage`` field in the ``sidecar-configmap.yaml`` file inside the ``deployment`` folder:\n\n```yaml\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: polycube-sidecar-configmap\ndata:\n  sidecarconfig.yaml: |\n    polycubeImage: user/image:tag\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolycube-network%2Fpolycube-sidecar-injector","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpolycube-network%2Fpolycube-sidecar-injector","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolycube-network%2Fpolycube-sidecar-injector/lists"}