inject

package
v1.13.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source
const (
	//AppMeshCPURequestAnnotation specifies the CPU requests for proxy
	AppMeshCPURequestAnnotation = "appmesh.k8s.aws/cpuRequest"
	//AppMeshMemoryRequestAnnotation specifies the memory requests for proxy
	AppMeshMemoryRequestAnnotation = "appmesh.k8s.aws/memoryRequest"

	//AppMeshCPULimitAnnotation specifies the CPU limits for proxy
	AppMeshCPULimitAnnotation = "appmesh.k8s.aws/cpuLimit"
	//AppMeshMemoryLimitAnnotation specifies the memory limits for proxy
	AppMeshMemoryLimitAnnotation = "appmesh.k8s.aws/memoryLimit"

	// === begin proxy settings annotations ===
	//AppMeshCNIAnnotation specifies that CNI will be used to configure traffic interception
	AppMeshCNIAnnotation = "appmesh.k8s.aws/appmeshCNI"
	//AppMeshPortsAnnotation specifies the ports that proxy will forward traffic to. By default this is detected using the Pod ports.
	AppMeshPortsAnnotation = "appmesh.k8s.aws/ports"
	//AppMeshEgressIgnoredPortsAnnotation specifies the IPs that need to be ignored when intercepting traffic
	AppMeshEgressIgnoredIPsAnnotation = "appmesh.k8s.aws/egressIgnoredIPs"
	//AppMeshEgressIgnoredPortsAnnotation specifies the ports that need to ignored when intercepting traffic
	AppMeshEgressIgnoredPortsAnnotation = "appmesh.k8s.aws/egressIgnoredPorts"
	// AppMeshIPV6Annotation allows disabling IPV6 specifically for the proxyinit container. The only allowed value is 'disabled'
	AppMeshIPV6Annotation = "appmesh.k8s.aws/ipv6"
	//AppMeshIgnoredGIDAnnotation specifies the GID used by proxy
	AppMeshIgnoredGIDAnnotation = "appmesh.k8s.aws/ignoredGID"
	//AppMeshIgnoredUIDAnnotation specifies the UID used by proxy
	AppMeshIgnoredUIDAnnotation = "appmesh.k8s.aws/ignoredUID"
	//AppMeshProxyEgressPortAnnotation specifies the port used by proxy for egress traffic (traffic originating from app container to external services). This is fixed to AppMeshProxyEgressPort
	AppMeshProxyEgressPortAnnotation = "appmesh.k8s.aws/proxyEgressPort"
	//AppMeshProxyIngressPortAnnotation specifies the port used by proxy for incoming traffic. This is fixed to AppMeshProxyIngressPort
	AppMeshProxyIngressPortAnnotation = "appmesh.k8s.aws/proxyIngressPort"

	//AppMeshPreviewAnnotation specifies that proxy should use App Mesh preview endpoint
	AppMeshPreviewAnnotation = "appmesh.k8s.aws/preview"
	//AppMeshSidecarInjectAnnotation specifies proxy should be injected for pod. Other systems can use this annotation on pod to determine if proxy is injected or not
	AppMeshSidecarInjectAnnotation = "appmesh.k8s.aws/sidecarInjectorWebhook"
	//AppMeshSecretMountsAnnotation specifies the list of Secret that need to be mounted to the proxy as a volume
	AppMeshSecretMountsAnnotation = "appmesh.k8s.aws/secretMounts"
	//AppMeshVolumeMountsAnnotation specifies the list of volumes that need to be mounted to the proxy
	AppMeshVolumeMountsAnnotation = "appmesh.k8s.aws/volumeMounts"
	//AppMeshGatewaySkipImageOverride specifies if Virtual Gateway sidecar image override needs to be skipped for customers
	//to use their own sidecare image for Virtual Gateway
	AppMeshGatewaySkipImageOverride = "appmesh.k8s.aws/virtualGatewaySkipImageOverride"
	//AppMeshSDSAnnotation is used if SDS is enabled at the controller level but needs to be disabled
	//for a particular VirtualNode.
	AppMeshSDSAnnotation = "appmesh.k8s.aws/sds"

	// AppMeshEnvAnnotation specifies the list of environment variables that need to be programmed on Envoy sidecars
	// This allow passing tags like DataDog environment `DD_ENV` to Envoy to help correlate observability data
	// Here's how a sample annotations will be like
	//
	//        e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=qa1, ENV2=test"
	//        e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=prod"
	//
	AppMeshEnvAnnotation = "appmesh.k8s.aws/sidecarEnv"

	// AppMeshEnvJsonAnnotation which is similar AppMeshEnvAnnotation, but it is used to specify the list Jsons of environment variables that need to be programmed on Envoy sidecars
	// Here's how a sample annotations will be like
	//
	//        e.g. appmesh.k8s.aws/sidecarEnvJson: '[{"DD_ENV":"prod","TEST_ENV":"env_val"}]'
	//        e.g. appmesh.k8s.aws/sidecarEnvJson: '[{"DD_ENV":"prod"}]'
	//
	AppMeshEnvJsonAnnotation = "appmesh.k8s.aws/sidecarEnvJson"

	// AppMeshXrayAgentConfigAnnotation specifies the mount path for the Xray daemon's configuration file.
	// For more info on this YAML file refer AWS X-Ray's documentation at
	// https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-configuration.html#xray-daemon-configuration-configfile
	// Make sure ConfigMap's data filename is set to `xray-daemon.yaml` and only one volume mounted ConfigMap is specified.
	//
	//        e.g. appmesh.k8s.aws/xrayAgentConfigMount: xray-config:/tmp/
	//
	AppMeshXrayAgentConfigAnnotation = "appmesh.k8s.aws/xrayAgentConfigMount"

	//FargateProfileLabel is added by fargate-scheduler when pod is running on AWS Fargate
	FargateProfileLabel = "eks.amazonaws.com/fargate-profile"
)
View Source
const (
	AppMeshSDSSocketVolume = "appmesh-sds-socket-volume"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// If enabled, an fsGroup: 1337 will be injected in the absence of it within pod securityContext
	// see https://github.com/aws/amazon-eks-pod-identity-webhook/issues/8 for more details
	EnableIAMForServiceAccounts bool
	// If enabled, additional image pull secret(appmesh-ecr-secret) will be injected.
	EnableECRSecret bool
	// If enabled, mTLS support via SDS will be enabled.
	EnableSDS bool
	// Contains the Unix Domain Socket Path for SDS provider.
	SdsUdsPath string
	// If enabled, experimental Backend Groups feature will be enabled.
	EnableBackendGroups bool

	// Sidecar settings
	SidecarImageRepository     string
	SidecarImageTag            string
	SidecarCpuRequests         string
	SidecarMemoryRequests      string
	SidecarCpuLimits           string
	SidecarMemoryLimits        string
	Preview                    bool
	LogLevel                   string
	PreStopDelay               string
	PostStartTimeout           int32
	PostStartInterval          int32
	ReadinessProbeInitialDelay int32
	ReadinessProbePeriod       int32
	EnvoyAdminAcessPort        int32
	EnvoyAdminAccessLogFile    string
	DualStackEndpoint          bool
	EnvoyAdminAccessEnableIPv6 bool
	WaitUntilProxyReady        bool
	FipsEndpoint               bool

	EnvoyAwsAccessKeyId     string
	EnvoyAwsSecretAccessKey string
	EnvoyAwsSessionToken    string

	// Init container settings
	InitImage  string
	IgnoredIPs string

	// Observability settings
	EnableJaegerTracing  bool
	JaegerAddress        string
	JaegerPort           string
	EnableDatadogTracing bool
	DatadogAddress       string
	DatadogPort          int32
	EnableXrayTracing    bool
	XrayDaemonPort       int32
	XraySamplingRate     string
	XrayLogLevel         string
	XrayConfigRoleArn    string
	EnableStatsTags      bool
	EnableStatsD         bool
	StatsDAddress        string
	StatsDPort           int32
	StatsDSocketPath     string
	XRayImage            string

	ClusterName string

	// TLS settings
	TlsMinVersion  string
	TlsCipherSuite []string
}

func (*Config) BindEnv

func (cfg *Config) BindEnv() error

func (*Config) BindFlags

func (cfg *Config) BindFlags(fs *pflag.FlagSet)

func (*Config) Validate

func (cfg *Config) Validate() error

type EnvoyTemplateVariables

type EnvoyTemplateVariables struct {
	AWSRegion                string
	MeshName                 string
	VirtualGatewayOrNodeName string
	Preview                  string
	EnableSDS                bool
	SdsUdsPath               string
	LogLevel                 string
	AdminAccessPort          int32
	AdminAccessLogFile       string
	PreStopDelay             string
	PostStartTimeout         int32
	PostStartInterval        int32
	SidecarImageRepository   string
	SidecarImageTag          string
	EnableXrayTracing        bool
	XrayDaemonPort           int32
	XraySamplingRate         string
	EnableJaegerTracing      bool
	JaegerPort               string
	JaegerAddress            string
	EnableDatadogTracing     bool
	DatadogTracerPort        int32
	DatadogTracerAddress     string
	EnableStatsTags          bool
	EnableStatsD             bool
	StatsDPort               int32
	StatsDAddress            string
	StatsDSocketPath         string
	K8sVersion               string
	ControllerVersion        string
	EnableAdminAccessForIpv6 bool
	UseDualStackEndpoint     string
	WaitUntilProxyReady      bool
	UseFipsEndpoint          string
	AwsAccessKeyId           string
	AwsSecretAccessKey       string
	AwsSessionToken          string
}

Envoy template variables used by envoys in pod and the envoy in VirtualGateway as we use the same envoy image

type InitContainerTemplateVariables

type InitContainerTemplateVariables struct {
	AppPorts           string
	EgressIgnoredIPs   string
	EgressIgnoredPorts string
	ProxyEgressPort    int64
	ProxyIngressPort   int64
	ProxyUID           int64
	ContainerImage     string
	EnableIPV6         int
}

type PodMutator

type PodMutator interface {
	// contains filtered or unexported methods
}

type SidecarInjector

type SidecarInjector struct {
	// contains filtered or unexported fields
}

func NewSidecarInjector

func NewSidecarInjector(cfg Config, accountID string, awsRegion string, controllerVersion string, k8sVersion string,
	k8sClient client.Client,
	referenceResolver references.Resolver,
	vnMembershipDesignator virtualnode.MembershipDesignator,
	vgMembershipDesignator virtualgateway.MembershipDesignator) *SidecarInjector

func (*SidecarInjector) Inject

func (m *SidecarInjector) Inject(ctx context.Context, pod *corev1.Pod) error

type XrayTemplateVariables

type XrayTemplateVariables struct {
	AWSRegion      string
	XRayImage      string
	XrayDaemonPort int32
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL