Skip to content
/ kube-sidecar-injector Public

A Kubernetes mutating webhook server that implements sidecar injection

License

Apache-2.0 license
627 stars 455 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

morvencao/kube-sidecar-injector

BranchesTags

Repository files navigation

kube-sidecar-injector

This repo is used for a tutorial at Medium to create a Kubernetes MutatingAdmissionWebhook that injects a nginx sidecar container into pod prior to persistence of the object.

Prerequisites

  • git
  • go version v1.17+
  • docker version 19.03+
  • kubectl version v1.19+
  • Access to a Kubernetes v1.19+ cluster with the admissionregistration.k8s.io/v1 API enabled. Verify that by the following command:
kubectl api-versions | grep admissionregistration.k8s.io

The result should be:

admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1

Note: In addition, the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.

Build and Deploy

  1. Build and push docker image:
make docker-build docker-push IMAGE=quay.io/<your_quayio_username>/sidecar-injector:latest
  1. Deploy the kube-sidecar-injector to kubernetes cluster:
make deploy IMAGE=quay.io/<your_quayio_username>/sidecar-injector:latest
  1. Verify the kube-sidecar-injector is up and running:
# kubectl -n sidecar-injector get pod
# kubectl -n sidecar-injector get pod
NAME                                READY   STATUS    RESTARTS   AGE
sidecar-injector-7c8bc5f4c9-28c84   1/1     Running   0          30s

How to use

  1. Create a new namespace test-ns and label it with sidecar-injector=enabled:
# kubectl create ns test-ns
# kubectl label namespace test-ns sidecar-injection=enabled
# kubectl get namespace -L sidecar-injection
NAME                 STATUS   AGE   SIDECAR-INJECTION
default              Active   26m
test-ns              Active   13s   enabled
kube-public          Active   26m
kube-system          Active   26m
sidecar-injector     Active   17m
  1. Deploy an app in Kubernetes cluster, take alpine app as an example
kubectl -n test-ns run alpine \
    --image=alpine \
    --restart=Never \
    --command -- sleep infinity
  1. Verify sidecar container is injected:
# kubectl -n test-ns get pod
NAME                     READY     STATUS        RESTARTS   AGE
alpine                   2/2       Running       0          10s
# kubectl -n test-ns get pod alpine -o jsonpath="{.spec.containers[*].name}"
alpine sidecar-nginx

Troubleshooting

Sometimes you may find that pod is injected with sidecar container as expected, check the following items:

  1. The sidecar-injector pod is in running state and no error logs.
  2. The namespace in which application pod is deployed has the correct labels(sidecar-injector=enabled) as configured in mutatingwebhookconfiguration.
  3. Check if the application pod has annotation sidecar-injector-webhook.morven.me/inject:"yes".

About

A Kubernetes mutating webhook server that implements sidecar injection

Resources

Readme

License

Apache-2.0 license
Activity

Stars

627 stars

Watchers

11 watching

Forks

455 forks
Report repository

Releases 4

release v1.3.0 Latest
Feb 25, 2022
+ 3 releases

Packages

No packages published

Contributors 12

Languages