injector

package
v1.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 21, 2024 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Overview

Package injector implements FSM's automatic sidecar injection facility. The sidecar injector's mutating webhook admission controller intercepts pod creation requests to mutate the pod spec to inject the sidecar proxy.

Index

Constants

View Source
const (
	// OutboundPortExclusionListAnnotation is the annotation used for outbound port exclusions
	OutboundPortExclusionListAnnotation = "flomesh.io/outbound-port-exclusion-list"

	// InboundPortExclusionListAnnotation is the annotation used for inbound port exclusions
	InboundPortExclusionListAnnotation = "flomesh.io/inbound-port-exclusion-list"

	// OutboundIPRangeExclusionListAnnotation is the annotation used for outbound IP range exclusions
	OutboundIPRangeExclusionListAnnotation = "flomesh.io/outbound-ip-range-exclusion-list"

	// OutboundIPRangeInclusionListAnnotation is the annotation used for outbound IP range inclusions
	OutboundIPRangeInclusionListAnnotation = "flomesh.io/outbound-ip-range-inclusion-list"
)
View Source
const (
	// MutatingWebhookName is the name of the mutating webhook used for sidecar injection
	MutatingWebhookName = "fsm-inject.k8s.io"

	// BootstrapSecretPrefix is the prefix of bootstrap Secret.
	BootstrapSecretPrefix = "sidecar-bootstrap-config-"
)
View Source
const (
	// SidecarBootstrapConfigVolume defines sidecar bootstrap config volume.
	SidecarBootstrapConfigVolume = "sidecar-bootstrap-config-volume"
)

Variables

This section is empty.

Functions

func ConfigurePodInit added in v1.0.0

func ConfigurePodInit(cfg configurator.Configurator, podOS string, pod *corev1.Pod, fsmContainerPullPolicy corev1.PullPolicy) error

ConfigurePodInit patch the init container to pod.

func GenerateIptablesCommands added in v1.0.0

func GenerateIptablesCommands(proxyMode configv1alpha3.LocalProxyMode, enabledDNSProxy bool, outboundIPRangeExclusionList []string, outboundIPRangeInclusionList []string, outboundPortExclusionList []int, inboundPortExclusionList []int, networkInterfaceExclusionList []string) string

GenerateIptablesCommands generates a list of iptables commands to set up sidecar interception and redirection

func GetInitContainerSpec added in v1.0.0

func GetInitContainerSpec(containerName string, cfg configurator.Configurator, outboundIPRangeExclusionList []string,
	outboundIPRangeInclusionList []string, outboundPortExclusionList []int,
	inboundPortExclusionList []int, enablePrivilegedInitContainer bool, pullPolicy corev1.PullPolicy, networkInterfaceExclusionList []string) corev1.Container

GetInitContainerSpec returns the spec of init container.

func GetOutboundIPRangeListForPod added in v1.0.0

func GetOutboundIPRangeListForPod(pod *corev1.Pod, annotation string) ([]string, error)

GetOutboundIPRangeListForPod returns a list of IP ranges to include/exclude from sidecar traffic interception for the given pod and annotation kind.

IP ranges are included/excluded from sidecar interception when the pod is explicitly annotated with a single or comma separate list of IP CIDR ranges.

The kind of exclusion (inclusion vs exclusion) is determined by the specified annotation.

The function returns an error when it is unable to determine whether IP ranges need to be excluded from outbound sidecar interception.

func GetPortExclusionListForPod added in v1.0.0

func GetPortExclusionListForPod(pod *corev1.Pod, annotation string) ([]int, error)

GetPortExclusionListForPod gets a list of ports to exclude from sidecar traffic interception for the given pod and annotation kind.

Ports are excluded from sidecar interception when the pod is explicitly annotated with a single or comma separate list of ports.

The kind of exclusion (inbound vs outbound) is determined by the specified annotation.

The function returns an error when it is unable to determine whether ports need to be excluded from outbound sidecar interception.

func GetProxyUUID added in v1.0.0

func GetProxyUUID(pod *corev1.Pod) (string, bool)

GetProxyUUID return proxy uuid retrieved from sidecar bootstrap config volume.

func GetVolumeSpec added in v1.0.0

func GetVolumeSpec(sidecarBootstrapConfigName string) corev1.Volume

GetVolumeSpec returns a volume to add to the POD

func IsMetricsEnabled added in v1.0.0

func IsMetricsEnabled(kubeController k8s.Controller, namespace string) (enabled bool, err error)

IsMetricsEnabled return whether metrics is enabled.

func MergeIPRangeLists added in v1.0.0

func MergeIPRangeLists(podSpecific, global []string) []string

MergeIPRangeLists merges the pod specific and global IP range (exclusion/inclusion) lists

func MergePortExclusionLists added in v1.0.0

func MergePortExclusionLists(podSpecificPortExclusionList, globalPortExclusionList []int) []int

MergePortExclusionLists merges the pod specific and global port exclusion lists

func NewMutatingWebhook added in v1.0.0

func NewMutatingWebhook(ctx context.Context, kubeClient kubernetes.Interface, certManager *certificate.Manager, kubeController k8s.Controller, meshName, fsmNamespace, webhookConfigName, fsmVersion string, webhookTimeout int32, enableReconciler bool, cfg configurator.Configurator, fsmContainerPullPolicy corev1.PullPolicy) error

NewMutatingWebhook starts a new web server handling requests from the injector MutatingWebhookConfiguration

func RewriteHealthProbes added in v1.0.0

func RewriteHealthProbes(pod *corev1.Pod) models.HealthProbes

RewriteHealthProbes rewrites health probes

Types

type Config added in v1.0.0

type Config struct {
	// ListenPort defines the port on which the sidecar injector listens
	ListenPort int
}

Config is the type used to represent the config options for the sidecar injection

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL