diff --git a/README.md b/README.md index b6d7ff9..c060535 100644 --- a/README.md +++ b/README.md @@ -18,10 +18,10 @@ Tool for obtaining configuration from config server The tool is released as docker image as well, check the [repository](https://hub.docker.com/r/wanderadock/scccmd/). ### Kubernetes Initializer -The tool could be used as Initializer for Kubernetes deployments. -Deployed initializer will add init container to applicable deployments, +The tool could be used as Webhook for Kubernetes deployments. +Deployed webhook will add init container to applicable deployments, which in turn downloads configuration in deployment initialization phase. -Example k8s [manifest](docs/k8s/initializer.yaml). +Example k8s [manifest](docs/k8s/bundle.yaml). ### Tool documentation [docs](docs/config.md) - Generated documentation for the tool \ No newline at end of file diff --git a/docs/k8s/bundle.yaml b/docs/k8s/bundle.yaml new file mode 100644 index 0000000..29daec2 --- /dev/null +++ b/docs/k8s/bundle.yaml @@ -0,0 +1,95 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: initializer-config + namespace: default +data: + config.yaml: |- + container-image: wanderadock/scccmd:v0.0.2 + default: + label: master + profile: development + source: http://config-manager-controller.default.svc:8080 + volume-mount: /config + volume-name: config +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: config-injector-cert +data: + private.key: '' + publickey.cer: '' +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: config-injector +spec: + selector: + matchLabels: + app: config-injector + template: + metadata: + labels: + app: config-injector + spec: + containers: + - name: config-injector-initializer + image: wanderadock/scccmd:v0.0.2 + args: + - webhook + - --config-file + - /config/config.yaml + - --cert-file + - /keys/publickey.cer + - --key-file + - /keys/private.key + volumeMounts: + - name: config-volume + mountPath: /config + readOnly: true + - name: keys-volume + mountPath: /keys + readOnly: true + volumes: + - name: config-volume + configMap: + name: config-injector-config + - name: keys-volume + secret: + secretName: config-injector-cert +--- +apiVersion: v1 +kind: Service +metadata: + name: config-injector +spec: + ports: + - port: 443 + name: https + selector: + app: config-injector +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: config-injector-webhook +webhooks: + - name: config.scccmd.github.com + failurePolicy: Fail + clientConfig: + service: + name: config-injector + namespace: default + path: "/inject" + caBundle: '' + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + namespaceSelector: + matchLabels: + inject: true diff --git a/docs/k8s/initializer.yaml b/docs/k8s/initializer.yaml deleted file mode 100644 index de7a914..0000000 --- a/docs/k8s/initializer.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1alpha1 -kind: InitializerConfiguration -metadata: - name: config -initializers: -- name: config.initializer.kubernetes.io - rules: - - apiGroups: - - "*" - apiVersions: - - "*" - resources: - - deployments ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: initializer-config - namespace: default -data: - container-image: wanderadock/scccmd:latest - default-label: master - default-profile: development - default-volume-name: config - default-server-address: 'http://config-manager-controller.default.svc:8080' ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: config-injector-controller - namespace: default -spec: - selector: - matchLabels: - app: config-injector-controller - template: - metadata: - labels: - app: config-injector-controller - spec: - containers: - - name: config-injector-controller - image: wanderadock/scccmd:latest - args: - - initializer - - --namespace=default - - --configmap=initializer-config - - --initializer-name=config.initializer.kubernetes.io - - --watched-namespace=default diff --git a/pkg/inject/hook_test.go b/pkg/inject/hook_test.go index f6de50e..9d05c52 100644 --- a/pkg/inject/hook_test.go +++ b/pkg/inject/hook_test.go @@ -73,6 +73,7 @@ ZOQ5UvU= -----END CERTIFICATE-----`) ) +const annotationPrefix = "config.scccmd.github.com/" const annotationInjectKey = "config.scccmd.github.com/inject" func TestInjectRequired(t *testing.T) { @@ -189,8 +190,10 @@ func makeTestData(t testing.TB, skip bool) []byte { pod := corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Annotations: map[string]string{}, + Name: "test", + Annotations: map[string]string{ + annotationPrefix + "destination": "config.yaml", + }, }, Spec: corev1.PodSpec{ Volumes: []corev1.Volume{{Name: "v0"}}, @@ -294,6 +297,7 @@ func TestRunAndServe(t *testing.T) { "value":{ "name":"config-init", "image":"wanderadock/scccmd", + "args":["get","values","--source","http://config-service.default.svc:8080","--application","c1","--profile","default","--label","master","--destination","config.yaml"], "resources":{}, "volumeMounts":[{"name":"config-volume","mountPath":"/config"}] } @@ -318,10 +322,8 @@ func TestRunAndServe(t *testing.T) { }, { "op":"add", - "path":"/metadata/annotations", - "value":{ - "config.scccmd.github.com/status":"{\"initContainers\":[\"config-init\"],\"volumeMounts\":[\"config-volume\"],\"volumes\":[\"config-volume\"]}" - } + "path":"/metadata/annotations/config.scccmd.github.com~1status", + "value":"{\"initContainers\":[\"config-init\"],\"volumeMounts\":[\"config-volume\"],\"volumes\":[\"config-volume\"]}" } ]`) diff --git a/pkg/inject/inject.go b/pkg/inject/inject.go index e42ac06..f9646ea 100644 --- a/pkg/inject/inject.go +++ b/pkg/inject/inject.go @@ -81,6 +81,10 @@ func injectionData(spec *v1.PodSpec, metadata *metav1.ObjectMeta, config *Webhoo d, err := calculateDynamicConfig(config, metadata.GetAnnotations(), spec) + if err != nil { + return nil, "", err + } + volumeMount := corev1.VolumeMount{ Name: d.volumeName, MountPath: d.volumeMount,