Change injector overriding logic to be more generic (linkerd#12405)

The proxy-injector package has a `ResourceConfig` type that is responsible for parsing resources, applying overrides, and serialising a series of configuration values to a Kubernetes patch. The functionality is very concrete in its assumption; it always relies on a pod spec and it mutates inner state when deciding on which overrides to apply. This is not a flexible way to handle injection and configuration overriding for other types of resources. We change this by turning methods previously defined on `ResourceConfig` into free-standing functions. These functions can be applied for any type of resources in order to compute a set of configuration values based on annotation overrides. Through the change, the functions can be used to compute static configuration for non-Pod types or can be used in tests. Signed-off-by: Matei David <matei@buoyant.io> Signed-off-by: Mark S <the@wondersmith.dev>
the-wondersmith · Apr 24, 2024 · aef16a5 · aef16a5
1 parent 0d2eeeb
commit aef16a5
Show file tree

Hide file tree

Showing 7 changed files with 812 additions and 787 deletions.
diff --git a/controller/api/destination/watcher/workload_watcher.go b/controller/api/destination/watcher/workload_watcher.go
@@ -767,8 +767,9 @@ func GetAnnotatedOpaquePorts(pod *corev1.Pod, defaultPorts map[uint32]struct{})
 		return defaultPorts
 	}
 	opaquePorts := make(map[uint32]struct{})
+	namedPorts := util.GetNamedPorts(pod.Spec.Containers)
 	if annotation != "" {
-		for _, pr := range util.ParseContainerOpaquePorts(annotation, pod.Spec.Containers) {
+		for _, pr := range util.ParseContainerOpaquePorts(annotation, namedPorts) {
 			for _, port := range pr.Ports() {
 				opaquePorts[uint32(port)] = struct{}{}
 			}

diff --git a/controller/proxy-injector/webhook.go b/controller/proxy-injector/webhook.go
@@ -101,7 +101,7 @@ func Inject(linkerdNamespace string) webhook.Handler {
 
 			// If namespace has annotations that do not exist on pod then copy them
 			// over to pod's template.
-			resourceConfig.AppendNamespaceAnnotations()
+			inject.AppendNamespaceAnnotations(resourceConfig.GetOverrideAnnotations(), resourceConfig.GetNsAnnotations(), resourceConfig.GetWorkloadAnnotations())
 
 			// If the pod did not inherit the opaque ports annotation from the
 			// namespace, then add the default value from the config values. This

diff --git a/controller/proxy-injector/webhook_test.go b/controller/proxy-injector/webhook_test.go
@@ -202,7 +202,7 @@ func TestGetPodPatch(t *testing.T) {
 
 		// The namespace has two config annotations: one valid and one invalid
 		// the pod patch should only contain the valid annotation.
-		conf.AppendNamespaceAnnotations()
+		inject.AppendNamespaceAnnotations(conf.GetOverrideAnnotations(), conf.GetNsAnnotations(), conf.GetWorkloadAnnotations())
 		patchJSON, err := conf.GetPodPatch(true)
 		if err != nil {
 			t.Fatalf("Unexpected PatchForAdmissionRequest error: %s", err)