Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ricoberger/sidecar-injector

Kubernetes Sidecar Injector
https://github.com/ricoberger/sidecar-injector

helm injector kubernetes mutating-webhook sidecar

Last synced: 5 days ago
JSON representation

Kubernetes Sidecar Injector

Awesome Lists containing this project

README 

        
# Sidecar Injector



The sidecar injector can be used to inject a sidecar into a Pod via a

[Mutating Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).



## Usage



The sidecar injector can be installed via Helm. To use the Helm

[cert-manager](https://cert-manager.io) is required.



```sh

helm upgrade --install sidecar-injector oci://ghcr.io/ricoberger/charts/sidecar-injector --version 1.0.0

```



The configuration for the injected sidecars can be passed to the sidecar

injector via the `config` value in the Helm chart. The following configuration

injects the basic auth sidecar:



```yaml

config: |

  injectors:

    selector:

      matchLabels:

        useBasicAuth: "true"

    containers:

      - basic-auth

    initContainers: []

    volumes: []

  containers:

    - name: basic-auth

      image: ghcr.io/ricoberger/sidecar-injector/basicauth:latest

      imagePullPolicy: Always

      env:

        - name: BASIC_AUTH_PASSWORD

          valueFrom:

            secretKeyRef:

              key: BASIC_AUTH_PASSWORD

              name: basic-auth-credentials

        - name: BASIC_AUTH_USERNAME

          valueFrom:

            secretKeyRef:

              key: BASIC_AUTH_USERNAME

              name: basic-auth-credentials

      ports:

        - name: http-auth

          containerPort: 4180

      livenessProbe:

        httpGet:

          port: 4180

          path: /health

        initialDelaySeconds: 1

        timeoutSeconds: 5

      readinessProbe:

        httpGet:

          port: 4180

          path: /health

        initialDelaySeconds: 1

        timeoutSeconds: 5

      resources:

        requests:

          cpu: 50m

          memory: 64Mi

        limits:

          cpu: 50m

          memory: 64Mi

  volumes: []

  environmentVariables: []

```



You can also define a list of volumes and a list of environment variables, which

should be set from Pod annotations.



When the sidecar injector is installed in your cluster you have to set some

annotation for your Pods:



- `sidecar-injector.ricoberger.de: enabled`: Enable the sidecar injection for a

  Pod.

- `sidecar-injector.ricoberger.de/containers: ,`:

  Comma-separated list of container names, which should be used from the

  configuration file.

- `sidecar-injector.ricoberger.de/init-containers: ,`:

  Comma-separated list of container names, which should be used from the

  configuration file as init containers.

- `sidecar-injector.ricoberger.de/volumes: ,`:

  Comma-separated list of volume names, which should be used from the

  configuration file.



The sidecars which should be injected can also be defined via the `injectors`

field in the configuration. This can be used to inject sidecars without the need

of defining them via annotations. Instead the `selector` can be used to defined

the Pods which should have a sidecar injected.



### Environment Variables



It is possible to set additional environment variables for the injected sidecar

via annotations. The environment variables which can be injected must be defined

in the `environmentVariables` section in the config, e.g.



```yaml

config: |

  environmentVariables:

    - name: ENV_NAME

      container: 

      annotation: sidecar-injector.ricoberger.de/envname

```



With this configuration a user can then use the

`sidecar-injector.ricoberger.de/envname` annotation to set the value of the

`ENV_NAME` environment variable in the specified ``:



```yaml

---

kind: Deployment

apiVersion: apps/v1

metadata:

  name: example

  namespace: default

spec:

  selector:

    matchLabels:

      app: example

  template:

    metadata:

      annotations:

        sidecar-injector.ricoberger.de: enabled

        sidecar-injector.ricoberger.de/envname: envvalue

```



### Resources



Since the injected sidecars might need different resources depending on the

service where they are injected it is also possible to overwrite the CPU

Requests / Limits and Memory Requests and Limits via an annotation:



- `sidecar-injector.ricoberger.de/containers--cpurequests`

- `sidecar-injector.ricoberger.de/containers--cpulimits`

- `sidecar-injector.ricoberger.de/containers--memoryrequests`

- `sidecar-injector.ricoberger.de/containers--memorylimits`



The same can be done for init containers by using the following annotations:



- `sidecar-injector.ricoberger.de/init-containers--cpurequests`

- `sidecar-injector.ricoberger.de/init-containers--cpulimits`

- `sidecar-injector.ricoberger.de/init-containers--memoryrequests`

- `sidecar-injector.ricoberger.de/init-containers--memorylimits`