chore(k8s): always inject Kuma as the first container

Signed-off-by: c <curtis@commonstock.com>

pkg/plugins/policies/donothingpolicy/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/policies/meshaccesslog/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/policies/meshhealthcheck/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/policies/meshratelimit/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/policies/meshtimeout/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/policies/meshtrace/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/meshtrafficpermission.go

@@ -34,7 +34,8 @@ var ALLOW Action = "ALLOW"
 var DENY Action = "DENY"
 
 // ALLOW_WITH_SHADOW_DENY action lets the requests pass but emits logs as if
-//  requests are denied
+//
+//	requests are denied
 var ALLOW_WITH_SHADOW_DENY Action = "ALLOW_WITH_SHADOW_DENY"
 
 type Conf struct {

pkg/plugins/policies/meshtrafficpermission/api/v1alpha1/zz_generated.resource.go

@@ -15,7 +15,7 @@ import (
 	"github.com/kumahq/kuma/pkg/plugins/policies/validation"
 )
 
-//go:embed schema.yaml
+// go:embed schema.yaml
 var rawSchema []byte
 var schema = spec.Schema{}
 

pkg/plugins/runtime/k8s/webhooks/injector/injector.go

@@ -109,7 +109,9 @@ func (i *KumaInjector) InjectKuma(ctx context.Context, pod *kube_core.Pod) error
 	if err != nil {
 		return err
 	}
-	pod.Spec.Containers = append(pod.Spec.Containers, patchedContainer)
+
+	// inject sidecar as first container
+	pod.Spec.Containers = append([]kube_core.Container{patchedContainer}, pod.Spec.Containers...)
 
 	// annotations
 	if pod.Annotations == nil {

pkg/plugins/runtime/k8s/webhooks/injector/injector_test.go

@@ -18,6 +18,7 @@ import (
 	conf "github.com/kumahq/kuma/pkg/config/plugins/runtime/k8s"
 	"github.com/kumahq/kuma/pkg/plugins/resources/k8s"
 	"github.com/kumahq/kuma/pkg/plugins/resources/k8s/native/api/v1alpha1"
+	k8s_util "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/util"
 	inject "github.com/kumahq/kuma/pkg/plugins/runtime/k8s/webhooks/injector"
 	"github.com/kumahq/kuma/pkg/test/matchers"
 )
@@ -117,6 +118,7 @@ spec:
 			err = injector.InjectKuma(context.Background(), pod)
 			// then
 			Expect(err).ToNot(HaveOccurred())
+			Expect(pod.Spec.Containers[0].Name).To(BeEquivalentTo(k8s_util.KumaSidecarContainerName))
 
 			By("loading golden Pod")
 			// when