bump image and add docs

hashicorp · Feb 18, 2022 · 0421d6f · 0421d6f
1 parent 24891c3
commit 0421d6f
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 14 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -70,7 +70,7 @@ commands:
         type: string
       consul-k8s-image:
         type: string
-        default: "ndhanushkodi/consul-k8s-dev:multiport22"
+        default: "ndhanushkodi/consul-k8s-dev:multiport24"
       go-path:
         type: string
         default: "/home/circleci/.go_workspace"

diff --git a/control-plane/connect-inject/container_init.go b/control-plane/connect-inject/container_init.go
@@ -73,10 +73,17 @@ type initContainerCommandData struct {
 	// ConsulDNSClusterIP is the IP of the Consul DNS Service.
 	ConsulDNSClusterIP string
 
-	MultiPort        bool
-	EnvoyAdminPort   int
-	EnvoyAddressPort int
-	BearerTokenFile  string
+	// MultiPort determines whether this is a multi port Pod, which configures the init container to be specific to one
+	// of the services on the multi port Pod.
+	MultiPort bool
+
+	// EnvoyAdminPort configures the admin port of the Envoy sidecar. This will be unique per service in a multi port
+	// Pod.
+	EnvoyAdminPort int
+
+	// BearerTokenFile configures where the service account token can be found. This will be unique per service in a
+	// multi port Pod.
+	BearerTokenFile string
 }
 
 // initCopyContainer returns the init container spec for the copy container which places

diff --git a/control-plane/connect-inject/handler.go b/control-plane/connect-inject/handler.go
@@ -237,7 +237,7 @@ func (h *Handler) Handle(ctx context.Context, req admission.Request) admission.R
 	multiPort := len(annotatedSvcNames) > 1
 
 	// For single port pods, add the single init container and envoy sidecar.
-	if len(annotatedSvcNames) == 0 || len(annotatedSvcNames) == 1 {
+	if !multiPort {
 		// Add the init container that registers the service and sets up the Envoy configuration.
 		initContainer, err := h.containerInit(*ns, pod, multiPortInfo{})
 		if err != nil {
@@ -253,15 +253,14 @@ func (h *Handler) Handle(ctx context.Context, req admission.Request) admission.R
 			return admission.Errored(http.StatusInternalServerError, fmt.Errorf("error configuring injection sidecar container: %s", err))
 		}
 		pod.Spec.Containers = append(pod.Spec.Containers, envoySidecar)
-	}
+	} else {
+		// For multi port pods, check for unsupported cases, mount all relevant service account tokens, and mount an init
+		// container and envoy sidecar per port. Tproxy, metrics, and metrics merging are not supported for multi port pods.
+		// In a single port pod, the service account specified in the pod is sufficient for mounting the service account
+		// token to the pod. In a multi port pod, where multiple services are registered with Consul, we also require a
+		// service account per service. So, this will look for service accounts whose name matches the service and mount
+		// those tokens if not already specified via the pod's serviceAccountName.
 
-	// For multi port pods, check for unsupported cases, mount all relevant service account tokens, and mount an init
-	// container and envoy sidecar per port. Tproxy, metrics, and metrics merging are not supported for multi port pods.
-	// In a single port pod, the service account specified in the pod is sufficient for mounting the service account
-	// token to the pod. In a multi port pod, where multiple services are registered with Consul, we also require a
-	// service account per service. So, this will look for service accounts whose name matches the service and mount
-	// those tokens if not already specified via the pod's serviceAccountName.
-	if multiPort {
 		h.Log.Info("processing multiport pod")
 		err := h.checkUnsupportedMultiPortCases(*ns, pod)
 		if err != nil {