Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change injector overriding logic to be more generic #12405

Merged
merged 2 commits into from Apr 10, 2024
Merged

Change injector overriding logic to be more generic #12405

merged 2 commits into from Apr 10, 2024

Conversation

mateiidavid
Copy link
Member

The proxy-injector package has a ResourceConfig type that is responsible for parsing resources, applying overrides, and serialising a series of configuration values to a Kubernetes patch. The functionality is very concrete in its assumption; it always relies on a pod spec and it mutates inner state when deciding on which overrides to apply.

This is not a flexible way to handle injection and configuration overriding for other types of resources. We change this by turning methods previously defined on ResourceConfig into free-standing functions. These functions can be applied for any type of resources in order to compute a set of configuration values based on annotation overrides. Through the change, the functions can be used to compute static configuration for non-Pod types or can be used in tests.

Some of the functionality relies on concrete types, e.g. ContainerPorts. To allow the free-standing functions to be generic, we introduce an interface to abstract away the details of how the configuration value is produced.

@mateiidavid
Change injector overriding logic to be more generic
6312651 
The proxy-injector package has a `ResourceConfig` type that is
responsible for parsing resources, applying overrides, and serialising a
series of configuration values to a Kubernetes patch. The functionality
is very concrete in its assumption; it always relies on a pod spec and
it mutates inner state when deciding on which overrides to apply.

This is not a flexible way to handle injection and configuration
overriding for other types of resources. We change this by turning
methods previously defined on `ResourceConfig` into free-standing
functions. These functions can be applied for any type of resources in
order to compute a set of configuration values based on annotation
overrides. Through the change, the functions can be used to compute
static configuration for non-Pod types or can be used in tests.

Some of the functionality relies on concrete types, e.g. ContainerPorts.
To allow the free-standing functions to be generic, we introduce an
interface to abstract away the details of how the configuration value is
produced.

Signed-off-by: Matei David <matei@buoyant.io>
@mateiidavid mateiidavid requested a review from a team as a code owner April 8, 2024 16:49
adleong
adleong reviewed Apr 8, 2024
View reviewed changes
pkg/inject/config_override.go Outdated Show resolved Hide resolved
pkg/inject/config_override.go Outdated Show resolved Hide resolved
pkg/inject/config_override.go Outdated Show resolved Hide resolved
pkg/inject/config_override.go Outdated Show resolved Hide resolved
@mateiidavid
@adleong's feedback
7a82a79 
Signed-off-by: Matei David <matei@buoyant.io>
@mateiidavid
Copy link
Member Author

mateiidavid commented Apr 10, 2024
edited

Tested in a k3d cluster to ensure everything still works as expected, particularly around opaque ports, inbound ports and namespace overrides.

An example ns and nginx workload:

:; k get ns default -o yaml | yq .metadata.annotations
config.linkerd.io/proxy-log-level: debug

:; k get deploy nginx -o yaml | yq '.spec.template.metadata.annotations'
config.linkerd.io/opaque-ports: http,2000-2050,1990-1992a
kubectl.kubernetes.io/restartedAt: "2024-04-10T14:30:53Z"
linkerd.io/inject: enabled


:; k get deploy nginx -o yaml | yq '.spec.template.spec.containers[].ports'
- containerPort: 80
  name: http
  protocol: TCP
- containerPort: 8080
  name: 1990-1992a
  protocol: TCP

We expect to see:

  • Inbound ports = 80, 8080.
  • Opaque ports = 80,8080 and 2000 - 2050
  • Debug log level (inherited from namespace)
:; k get po nginx-85864797b7-9l9hh -oyaml | yq '.spec.containers[] | select(.name == "linkerd-proxy").env'
- name: LINKERD2_PROXY_LOG
  value: debug
- name: LINKERD2_PROXY_LOG_FORMAT
  value: plain
- name: LINKERD2_PROXY_INBOUND_PORTS
  value: 80,8080
- name: LINKERD2_PROXY_INBOUND_PORTS_DISABLE_PROTOCOL_DETECTION
  value: 80,2000-2050,8080

@mateiidavid mateiidavid merged commit 38c6d11 into main Apr 10, 2024
37 checks passed
@mateiidavid mateiidavid deleted the matei/generic-injection branch April 10, 2024 14:51
the-wondersmith pushed a commit to the-wondersmith/linkerd2 that referenced this pull request Apr 24, 2024
@mateiidavid @the-wondersmith
Change injector overriding logic to be more generic (linkerd#12405)
aef16a5 
The proxy-injector package has a `ResourceConfig` type that is
responsible for parsing resources, applying overrides, and serialising a
series of configuration values to a Kubernetes patch. The functionality
is very concrete in its assumption; it always relies on a pod spec and
it mutates inner state when deciding on which overrides to apply.

This is not a flexible way to handle injection and configuration
overriding for other types of resources. We change this by turning
methods previously defined on `ResourceConfig` into free-standing
functions. These functions can be applied for any type of resources in
order to compute a set of configuration values based on annotation
overrides. Through the change, the functions can be used to compute
static configuration for non-Pod types or can be used in tests.

Signed-off-by: Matei David <matei@buoyant.io>
Signed-off-by: Mark S <the@wondersmith.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adleong adleong adleong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mateiidavid @adleong