Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/morvencao/kube-sidecar-injector

A Kubernetes mutating webhook server that implements sidecar injection
https://github.com/morvencao/kube-sidecar-injector

Last synced: 6 days ago
JSON representation

A Kubernetes mutating webhook server that implements sidecar injection

Host: GitHub
URL: https://github.com/morvencao/kube-sidecar-injector
Owner: morvencao
License: apache-2.0
Created: 2018-03-10T15:36:29.000Z (almost 7 years ago)
Default Branch: master
Last Pushed: 2022-05-17T17:01:12.000Z (almost 3 years ago)
Last Synced: 2025-02-08T22:06:47.616Z (13 days ago)
Language: Go
Homepage:
Size: 19.7 MB
Stars: 631
Watchers: 11
Forks: 461
Open Issues: 6
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # kube-sidecar-injector

This repo is used for [a tutorial at Medium](https://medium.com/ibm-cloud/diving-into-kubernetes-mutatingadmissionwebhook-6ef3c5695f74) to create a Kubernetes [MutatingAdmissionWebhook](https://kubernetes.io/docs/admin/admission-controllers/#mutatingadmissionwebhook-beta-in-19) that injects a nginx sidecar container into pod prior to persistence of the object.

## Prerequisites

- [git](https://git-scm.com/downloads)

- [go](https://golang.org/dl/) version v1.17+

- [docker](https://docs.docker.com/install/) version 19.03+

- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) version v1.19+

- Access to a Kubernetes v1.19+ cluster with the `admissionregistration.k8s.io/v1` API enabled. Verify that by the following command:

```

kubectl api-versions | grep admissionregistration.k8s.io

```

The result should be:

```

admissionregistration.k8s.io/v1

admissionregistration.k8s.io/v1beta1

```

> Note: In addition, the `MutatingAdmissionWebhook` and `ValidatingAdmissionWebhook` admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.

## Build and Deploy

1. Build and push docker image:

```bash

make docker-build docker-push IMAGE=quay.io//sidecar-injector:latest

```

2. Deploy the kube-sidecar-injector to kubernetes cluster:

```bash

make deploy IMAGE=quay.io//sidecar-injector:latest

```

3. Verify the kube-sidecar-injector is up and running:

```bash

# kubectl -n sidecar-injector get pod

# kubectl -n sidecar-injector get pod

NAME                                READY   STATUS    RESTARTS   AGE

sidecar-injector-7c8bc5f4c9-28c84   1/1     Running   0          30s

```

## How to use

1. Create a new namespace `test-ns` and label it with `sidecar-injector=enabled`:

```

# kubectl create ns test-ns

# kubectl label namespace test-ns sidecar-injection=enabled

# kubectl get namespace -L sidecar-injection

NAME                 STATUS   AGE   SIDECAR-INJECTION

default              Active   26m

test-ns              Active   13s   enabled

kube-public          Active   26m

kube-system          Active   26m

sidecar-injector     Active   17m

```

2. Deploy an app in Kubernetes cluster, take `alpine` app as an example

```bash

kubectl -n test-ns run alpine \

    --image=alpine \

    --restart=Never \

    --command -- sleep infinity

```

3. Verify sidecar container is injected:

```

# kubectl -n test-ns get pod

NAME                     READY     STATUS        RESTARTS   AGE

alpine                   2/2       Running       0          10s

# kubectl -n test-ns get pod alpine -o jsonpath="{.spec.containers[*].name}"

alpine sidecar-nginx

```

## Troubleshooting

Sometimes you may find that pod is injected with sidecar container as expected, check the following items:

1. The sidecar-injector pod is in running state and no error logs.

2. The namespace in which application pod is deployed has the correct labels(`sidecar-injector=enabled`) as configured in `mutatingwebhookconfiguration`.

3. Check if the application pod has annotation `sidecar-injector-webhook.morven.me/inject:"yes"`.