https://github.com/polycube-network/polycube-sidecar-injector
Kubernetes Mutating Webhook that automatically injects Polycube as a sidecar
https://github.com/polycube-network/polycube-sidecar-injector
Last synced: 4 months ago
JSON representation
Kubernetes Mutating Webhook that automatically injects Polycube as a sidecar
- Host: GitHub
- URL: https://github.com/polycube-network/polycube-sidecar-injector
- Owner: polycube-network
- License: apache-2.0
- Created: 2019-11-07T17:20:41.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-11-22T13:51:19.000Z (over 5 years ago)
- Last Synced: 2025-01-21T17:49:27.834Z (5 months ago)
- Language: Go
- Homepage:
- Size: 30.3 KB
- Stars: 2
- Watchers: 4
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Authors: AUTHORS
Awesome Lists containing this project
README
# Polycube Sidecar Injector
Kubernetes Mutating Webhook that automatically injects Polycube as a sidecar in pods matching some criteria.
## Polycube
``Polycube`` is an **open source** software framework that provides **fast** and **lightweight** **network functions** such as bridges, routers, firewalls, and others.
Polycube services, called `cubes`, can be composed to build arbitrary **service chains** and provide custom network connectivity to **namespaces**, **containers**, **virtual machines**, and **physical hosts**.
For more information, jump to the project [Documentation](https://polycube-network.readthedocs.io/en/latest/).
## Polycube as a sidecar
From monitoring to security purposes, Polycube running as a sidecar in your pods may bring several benefits. In case your CNI does not provide firewall capabilities or, for some reason, you don't want to use that one, you may leverage on Polycube's API to create a firewall inside the pods you want to protect; or instantiate a DDOS mitigator to reduce the impact of DDOS attacks.
The aforementioned situations are just two simple examples, refer to the documentation to know more about all the features and network functions that Polycube provides.
### CNI requirements
Running ``pcn-k8s`` (Polycube's own [CNI](https://polycube-network.readthedocs.io/en/latest/components/k8s/pcn-kubernetes.html)) as your CNI of choice is recommended, as it can be made aware of the presence of the sidecar injector and, thus, make the proper adjustments to help it be more efficient. Nonetheless, the sidecar injector is CNI-agnostic and has no requirements about the CNI installed.
### Injection requirements
Polycube will be injected as a sidecar only in pods that match some particular criteria. Once the sidecar injector is installed, it will work only on pods that have following annotation: ``polycube.network/sidecar`` with value ``enabled``. Additionally, such pods must run on namespaces that have the mentioned key/pair as label.
### Example
In this example, we will deploy a pod that will be injected with the Polycube sidecar.
Supposing that the namespace where you want to deploy such pod is called ``enabled-ns``, you need to first label it with the neabled label:
``kubectl label ns enabled-ns polycube.network/sidecar=enabled``
Deploy the pod:
```bash
cat <