forked from joeholley/supergloo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
injector.go
85 lines (70 loc) · 2.83 KB
/
injector.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package webhook
import (
"context"
"encoding/json"
"sync"
"github.com/solo-io/go-utils/contextutils"
"github.com/solo-io/go-utils/errors"
"github.com/solo-io/supergloo/pkg/webhook/patch"
"github.com/solo-io/supergloo/pkg/webhook/plugins"
corev1 "k8s.io/api/core/v1"
)
type SidecarInjectionHandler interface {
// Generate a JSONPatch that injects the given pod with the proxy sidecar(s)
GetSidecarPatch(ctx context.Context, candidatePod *corev1.Pod) (patchRequired bool, patch []byte, err error)
}
type injectionHandler struct {
plugins []plugins.InjectionPlugin
}
var (
handler SidecarInjectionHandler
mutex sync.Mutex
)
func RegisterSidecarInjectionHandler() {
mutex.Lock()
defer mutex.Unlock()
handler = injectionHandler{plugins: plugins.GetPlugins()}
}
func GetInjectionHandler() SidecarInjectionHandler {
mutex.Lock()
defer mutex.Unlock()
if handler == nil {
panic("SidecarInjectionHandler is nil. Make sure to register it before trying too use it.")
}
return handler
}
// NOTE: The plugins are currently unaware of each other. This is fine, as we currently only handle auto-injection for
// AWS App Mesh. If and when we add support for other meshes, we might want to split the plugin loop so that in case of
// multiple matches for different meshes we can check for and handle potential conflicts between the patches.
func (h injectionHandler) GetSidecarPatch(ctx context.Context, candidatePod *corev1.Pod) (patchRequired bool, patches []byte, err error) {
logger := contextutils.LoggerFrom(ctx)
var jsonPatches []patch.JSONPatchOperation
for _, plugin := range h.plugins {
// Get the meshes that have auto-injection enabled
autoInjectionMeshes, err := plugin.GetAutoInjectMeshes(ctx)
if err != nil {
return false, nil, errors.Wrapf(err, "failed to list auto-injection enabled meshes for plugin %s", plugin.Name())
}
// Check whether the pod matches any of the pod selection criteria defined for the meshes
matchingMeshes, err := plugin.CheckMatch(ctx, candidatePod, autoInjectionMeshes)
if err != nil {
return false, nil, errors.Wrapf(err, "failed to check whether candidate pod matches auto-injection "+
"criteria for meshes in plugin %s", plugin.Name())
}
patches, err := plugin.GetSidecarPatch(ctx, candidatePod, matchingMeshes)
if err != nil {
return false, nil, errors.Wrapf(err, "failed to create sidecar patch in plugin %s", plugin.Name())
}
jsonPatches = append(jsonPatches, patches...)
}
if len(jsonPatches) == 0 {
logger.Info("pod does not match any mesh auto-injection selector, admit it without patching")
return false, nil, nil
}
patchesBytes, err := json.Marshal(jsonPatches)
if err != nil {
return false, nil, errors.Wrapf(err, "failed to marshal patches to JSON")
}
logger.Infof("the following patches will be applied to the pod: %s", patchesBytes)
return true, patchesBytes, nil
}