Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide default opt-in and opt-out options for sidecar injection #338

Merged
merged 2 commits into from
Aug 7, 2020
Merged

Provide default opt-in and opt-out options for sidecar injection #338

merged 2 commits into from
Aug 7, 2020

Conversation

fawadkhaliq
Copy link

@fawadkhaliq fawadkhaliq commented Aug 7, 2020
edited
Loading

Issue #291

Description of changes
The current default MutatingWebhookConfiguration for webhook mpod.appmesh.k8s.aws was to only send requests to the injector with namespace label appmesh.k8s.aws/sidecarInjectorWebhook: enabled. This would enable sidecar injection by default for pods in the labeled namespace and only provide an option to opt-out of sidecar injection for users who would have like to disable injection on a subset of pods in a namespace.

This change will do matchExpressions on key: appmesh.k8s.aws/sidecarInjectorWebhook and values: enabled and disabled to send to request to the injector and will set the default injection based on the namespace label.

appmesh.k8s.aws/sidecarInjectorWebhook: disabled: The sidecar injector will not inject the sidecar into pods by default. Add the appmesh.k8s.aws/sidecarInjectorWebhook annotation with value enabled to the pod template spec to override the default and enable injection.
e.g.

apiVersion: v1
kind: Namespace
metadata:
  name: default-disabled
  labels:
    mesh: default-disabled
    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: override-default-disabled
  namespace: default-disabled
spec:
  template:
    metadata:
      annotations:
        appmesh.k8s.aws/sidecarInjectorWebhook: enabled //this will override the default and inject sidecar
    spec:
      containers:
      - name: override-default-disabled
        image: tutum/curl

appmesh.k8s.aws/sidecarInjectorWebhook: enabled: The sidecar injector will inject the sidecar into pods by default. Add the appmesh.k8s.aws/sidecarInjectorWebhook annotation with value disabled to the pod template spec to override the default and disable injection.
e.g.

apiVersion: v1
kind: Namespace
metadata:
  name: default-disabled
  labels:
    mesh: default-disabled
    appmesh.k8s.aws/sidecarInjectorWebhook: enabled
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: override-default-enabled
  namespace: default-enabled
spec:
  template:
    metadata:
      annotations:
        appmesh.k8s.aws/sidecarInjectorWebhook: disabled //this will override the default and disable inject sidecar
    spec:
      containers:
      - name: override-default-enabled
        image: tutum/curl

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@fawadkhaliq fawadkhaliq merged commit 27aa61b into aws:master Aug 7, 2020
@fawadkhaliq fawadkhaliq deleted the sidecar-inject branch August 7, 2020 23:54
@fawadkhaliq fawadkhaliq mentioned this pull request Aug 7, 2020
Closed
@achevuru achevuru mentioned this pull request Aug 12, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achevuru achevuru achevuru approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fawadkhaliq @achevuru