Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/maksim-paskal/envoy-sidecar-helper

Helpers for envoy sidecars
https://github.com/maksim-paskal/envoy-sidecar-helper

envoy service-mesh

Last synced: 5 days ago
JSON representation

Helpers for envoy sidecars

Host: GitHub
URL: https://github.com/maksim-paskal/envoy-sidecar-helper
Owner: maksim-paskal
License: apache-2.0
Created: 2022-01-26T04:36:47.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2023-05-24T14:18:23.000Z (over 1 year ago)
Last Synced: 2024-06-19T05:48:25.922Z (7 months ago)
Topics: envoy, service-mesh
Language: Go
Homepage:
Size: 56.6 KB
Stars: 12
Watchers: 4
Forks: 6
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Sidecar helper for service-meshes

## Motivation

A service mesh is a dedicated infrastructure layer that you can add to your applications. This additional layer is based on adding a proxy "sidecar" along with every application deployed.

Sometime it's hard to handle this "sidecar" with job or daemons:

### Problem #1

Jobs or daemons need that "proxy" sidecar was ready before executing application

### Problem #2

After executing job (success or failure), "proxy" sidecar must be stoped

## How it works

`envoy-sidecar-helper` is additional sidecar container that will monitor Termination of main application container (with Kubernetes API), and will shutdown envoy "proxy" sidecar. Also it can share via `emptyDir` volume information about ready envoy container

```yaml
...
serviceAccount: envoy-sidecar-helper
volumes:
- name: envoy-sidecar-helper
emptyDir: {}
containers:
- name: main
image: alpine:latest
imagePullPolicy: Always
command:
- sh
- -c
- |
set -ex

while [ ! -f /envoy-sidecar-helper/envoy.ready ]; do sleep 1s; done

# start your application
echo envoy ready
volumeMounts:
- mountPath: /envoy-sidecar-helper
name: envoy-sidecar-helper
- name: envoy
image: envoyproxy/envoy-dev
imagePullPolicy: Always
###########################################
# envoy helper
###########################################
- name: envoy-sidecar-helper
image: paskalmaksim/envoy-sidecar-helper:latest
imagePullPolicy: Always
args:
- -envoy.ready.check=true
- -envoy.endpoint.ready=/ready
- -envoy.port=9901
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- mountPath: /envoy-sidecar-helper
name: envoy-sidecar-helper
...
```

`envoy-sidecar-helper` need service account with permissions to get pod information

```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: envoy-sidecar-helper
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: envoy-sidecar-helper-role
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: envoy-sidecar-helper
roleRef:
kind: Role
name: envoy-sidecar-helper-role
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: envoy-sidecar-helper
namespace: default
```