Documentation ¶
Index ¶
Constants ¶
View Source
const ( //AppMeshCPURequestAnnotation specifies the CPU requests for proxy AppMeshCPURequestAnnotation = "appmesh.k8s.aws/cpuRequest" //AppMeshMemoryRequestAnnotation specifies the memory requests for proxy AppMeshMemoryRequestAnnotation = "appmesh.k8s.aws/memoryRequest" //AppMeshCPULimitAnnotation specifies the CPU limits for proxy AppMeshCPULimitAnnotation = "appmesh.k8s.aws/cpuLimit" //AppMeshMemoryLimitAnnotation specifies the memory limits for proxy AppMeshMemoryLimitAnnotation = "appmesh.k8s.aws/memoryLimit" // === begin proxy settings annotations === //AppMeshCNIAnnotation specifies that CNI will be used to configure traffic interception AppMeshCNIAnnotation = "appmesh.k8s.aws/appmeshCNI" //AppMeshPortsAnnotation specifies the ports that proxy will forward traffic to. By default this is detected using the Pod ports. AppMeshPortsAnnotation = "appmesh.k8s.aws/ports" //AppMeshEgressIgnoredPortsAnnotation specifies the IPs that need to be ignored when intercepting traffic AppMeshEgressIgnoredIPsAnnotation = "appmesh.k8s.aws/egressIgnoredIPs" //AppMeshEgressIgnoredPortsAnnotation specifies the ports that need to ignored when intercepting traffic AppMeshEgressIgnoredPortsAnnotation = "appmesh.k8s.aws/egressIgnoredPorts" // AppMeshIPV6Annotation allows disabling IPV6 specifically for the proxyinit container. The only allowed value is 'disabled' AppMeshIPV6Annotation = "appmesh.k8s.aws/ipv6" //AppMeshIgnoredGIDAnnotation specifies the GID used by proxy AppMeshIgnoredGIDAnnotation = "appmesh.k8s.aws/ignoredGID" //AppMeshIgnoredUIDAnnotation specifies the UID used by proxy AppMeshIgnoredUIDAnnotation = "appmesh.k8s.aws/ignoredUID" //AppMeshProxyEgressPortAnnotation specifies the port used by proxy for egress traffic (traffic originating from app container to external services). This is fixed to AppMeshProxyEgressPort AppMeshProxyEgressPortAnnotation = "appmesh.k8s.aws/proxyEgressPort" //AppMeshProxyIngressPortAnnotation specifies the port used by proxy for incoming traffic. This is fixed to AppMeshProxyIngressPort AppMeshProxyIngressPortAnnotation = "appmesh.k8s.aws/proxyIngressPort" //AppMeshPreviewAnnotation specifies that proxy should use App Mesh preview endpoint AppMeshPreviewAnnotation = "appmesh.k8s.aws/preview" //AppMeshSidecarInjectAnnotation specifies proxy should be injected for pod. Other systems can use this annotation on pod to determine if proxy is injected or not AppMeshSidecarInjectAnnotation = "appmesh.k8s.aws/sidecarInjectorWebhook" //AppMeshSecretMountsAnnotation specifies the list of Secret that need to be mounted to the proxy as a volume AppMeshSecretMountsAnnotation = "appmesh.k8s.aws/secretMounts" //AppMeshVolumeMountsAnnotation specifies the list of volumes that need to be mounted to the proxy AppMeshVolumeMountsAnnotation = "appmesh.k8s.aws/volumeMounts" //AppMeshGatewaySkipImageOverride specifies if Virtual Gateway sidecar image override needs to be skipped for customers //to use their own sidecare image for Virtual Gateway AppMeshGatewaySkipImageOverride = "appmesh.k8s.aws/virtualGatewaySkipImageOverride" //AppMeshSDSAnnotation is used if SDS is enabled at the controller level but needs to be disabled //for a particular VirtualNode. AppMeshSDSAnnotation = "appmesh.k8s.aws/sds" // AppMeshEnvAnnotation specifies the list of environment variables that need to be programmed on Envoy sidecars // This allow passing tags like DataDog environment `DD_ENV` to Envoy to help correlate observability data // Here's how a sample annotations will be like // // e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=qa1, ENV2=test" // e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=prod" // AppMeshEnvAnnotation = "appmesh.k8s.aws/sidecarEnv" // AppMeshEnvJsonAnnotation which is similar AppMeshEnvAnnotation, but it is used to specify the list Jsons of environment variables that need to be programmed on Envoy sidecars // Here's how a sample annotations will be like // // e.g. appmesh.k8s.aws/sidecarEnvJson: '[{"DD_ENV":"prod","TEST_ENV":"env_val"}]' // e.g. appmesh.k8s.aws/sidecarEnvJson: '[{"DD_ENV":"prod"}]' // AppMeshEnvJsonAnnotation = "appmesh.k8s.aws/sidecarEnvJson" // AppMeshXrayAgentConfigAnnotation specifies the mount path for the Xray daemon's configuration file. // For more info on this YAML file refer AWS X-Ray's documentation at // https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-configuration.html#xray-daemon-configuration-configfile // Make sure ConfigMap's data filename is set to `xray-daemon.yaml` and only one volume mounted ConfigMap is specified. // // e.g. appmesh.k8s.aws/xrayAgentConfigMount: xray-config:/tmp/ // AppMeshXrayAgentConfigAnnotation = "appmesh.k8s.aws/xrayAgentConfigMount" //FargateProfileLabel is added by fargate-scheduler when pod is running on AWS Fargate FargateProfileLabel = "eks.amazonaws.com/fargate-profile" )
View Source
const (
AppMeshSDSSocketVolume = "appmesh-sds-socket-volume"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { // If enabled, an fsGroup: 1337 will be injected in the absence of it within pod securityContext // see https://github.com/aws/amazon-eks-pod-identity-webhook/issues/8 for more details EnableIAMForServiceAccounts bool // If enabled, additional image pull secret(appmesh-ecr-secret) will be injected. EnableECRSecret bool // If enabled, mTLS support via SDS will be enabled. EnableSDS bool // Contains the Unix Domain Socket Path for SDS provider. SdsUdsPath string // If enabled, experimental Backend Groups feature will be enabled. EnableBackendGroups bool // Sidecar settings SidecarImageRepository string SidecarImageTag string SidecarCpuRequests string SidecarMemoryRequests string SidecarCpuLimits string SidecarMemoryLimits string Preview bool LogLevel string PreStopDelay string PostStartTimeout int32 PostStartInterval int32 ReadinessProbeInitialDelay int32 ReadinessProbePeriod int32 EnvoyAdminAcessPort int32 EnvoyAdminAccessLogFile string DualStackEndpoint bool EnvoyAdminAccessEnableIPv6 bool WaitUntilProxyReady bool FipsEndpoint bool EnvoyAwsAccessKeyId string EnvoyAwsSecretAccessKey string EnvoyAwsSessionToken string // Init container settings InitImage string IgnoredIPs string // Observability settings EnableJaegerTracing bool JaegerAddress string JaegerPort string EnableDatadogTracing bool DatadogAddress string DatadogPort int32 EnableXrayTracing bool XrayDaemonPort int32 XraySamplingRate string XrayLogLevel string XrayConfigRoleArn string EnableStatsTags bool EnableStatsD bool StatsDAddress string StatsDPort int32 StatsDSocketPath string XRayImage string ClusterName string // TLS settings TlsMinVersion string TlsCipherSuite []string }
type EnvoyTemplateVariables ¶
type EnvoyTemplateVariables struct { AWSRegion string MeshName string VirtualGatewayOrNodeName string Preview string EnableSDS bool SdsUdsPath string LogLevel string AdminAccessPort int32 AdminAccessLogFile string PreStopDelay string PostStartTimeout int32 PostStartInterval int32 SidecarImageRepository string SidecarImageTag string EnableXrayTracing bool XrayDaemonPort int32 XraySamplingRate string EnableJaegerTracing bool JaegerPort string JaegerAddress string EnableDatadogTracing bool DatadogTracerPort int32 DatadogTracerAddress string EnableStatsTags bool EnableStatsD bool StatsDPort int32 StatsDAddress string StatsDSocketPath string K8sVersion string ControllerVersion string EnableAdminAccessForIpv6 bool UseDualStackEndpoint string WaitUntilProxyReady bool UseFipsEndpoint string AwsAccessKeyId string AwsSecretAccessKey string AwsSessionToken string }
Envoy template variables used by envoys in pod and the envoy in VirtualGateway as we use the same envoy image
type PodMutator ¶
type PodMutator interface {
// contains filtered or unexported methods
}
type SidecarInjector ¶
type SidecarInjector struct {
// contains filtered or unexported fields
}
func NewSidecarInjector ¶
func NewSidecarInjector(cfg Config, accountID string, awsRegion string, controllerVersion string, k8sVersion string, k8sClient client.Client, referenceResolver references.Resolver, vnMembershipDesignator virtualnode.MembershipDesignator, vgMembershipDesignator virtualgateway.MembershipDesignator) *SidecarInjector
type XrayTemplateVariables ¶
Click to show internal directories.
Click to hide internal directories.