feat: add sidecar injector command (kyverno#135)

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>
eddycharly · Oct 24, 2024 · f79c437 · f79c437
1 parent 09a16ec
commit f79c437
Show file tree

Hide file tree

Showing 14 changed files with 52 additions and 288 deletions.
diff --git a/go.mod b/go.mod
@@ -1,11 +1,13 @@
 module github.com/kyverno/kyverno-envoy-plugin
 
-go 1.21.4
+go 1.22.8
 
 require (
 	github.com/envoyproxy/go-control-plane v0.13.1
+	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
 	github.com/jmespath-community/go-jmespath v1.1.2-0.20240117150817-e430401a2172
 	github.com/kyverno/kyverno-json v0.0.3-alpha.2
+	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
 	go.uber.org/multierr v1.11.0
@@ -61,7 +63,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pkg/errors v0.9.1
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.18.0 // indirect
@@ -99,10 +101,10 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.29.2 // indirect
+	k8s.io/api v0.29.3
 	k8s.io/apiextensions-apiserver v0.29.2 // indirect
 	k8s.io/apiserver v0.29.2 // indirect
-	k8s.io/client-go v0.29.2 // indirect
+	k8s.io/client-go v0.29.3
 	k8s.io/component-base v0.29.2 // indirect
 	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240221221325-2ac9dc51f3f1 // indirect

diff --git a/go.sum b/go.sum
@@ -48,6 +48,8 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
+github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32 h1:Mn26/9ZMNWSw9C9ERFA1PUxfmGpolnw2v0bKOREu5ew=
+github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32/go.mod h1:GIjDIg/heH5DOkXY3YJ/wNhfHsQHoXGjl8G8amsYQ1I=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
@@ -189,6 +191,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
@@ -275,6 +278,7 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU=
@@ -316,6 +320,7 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc=
 gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
@@ -325,16 +330,16 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A=
-k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0=
+k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
+k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
 k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg=
 k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8=
 k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
 k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
 k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ=
 k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ=
-k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg=
-k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA=
+k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
+k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
 k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8=
 k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM=
 k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=

diff --git a/sidecar-injector/pkg/admission/admission.go → pkg/admission/admission.go b/sidecar-injector/pkg/admission/admission.go → pkg/admission/admission.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 
 	log "github.com/sirupsen/logrus"
@@ -96,7 +96,7 @@ func validateRequest(req *http.Request) error {
 }
 
 func readRequestBody(req *http.Request) ([]byte, error) {
-	body, err := ioutil.ReadAll(req.Body)
+	body, err := io.ReadAll(req.Body)
 	if err != nil {
 		return nil, fmt.Errorf("unable to read Request Body: %v", err)
 	}

diff --git a/sidecar-injector/pkg/admission/podpatcher.go → pkg/admission/podpatcher.go b/sidecar-injector/pkg/admission/podpatcher.go → pkg/admission/podpatcher.go
diff --git a/...jector/pkg/admission/podrequesthandler.go → pkg/admission/podrequesthandler.go b/...jector/pkg/admission/podrequesthandler.go → pkg/admission/podrequesthandler.go
diff --git a/sidecar-injector/README.md → pkg/commands/inject/README.md b/sidecar-injector/README.md → pkg/commands/inject/README.md
diff --git a/pkg/commands/inject/command.go b/pkg/commands/inject/command.go
@@ -0,0 +1,26 @@
+package inject
+
+import (
+	"fmt"
+
+	"github.com/kyverno/kyverno-envoy-plugin/pkg/httpd"
+	"github.com/spf13/cobra"
+)
+
+func Command() *cobra.Command {
+	var httpdConf httpd.SimpleServer
+	command := &cobra.Command{
+		Use:   "sidecar-injector",
+		Short: "Responsible for injecting sidecars into pod containers",
+		RunE: func(cmd *cobra.Command, args []string) error {
+			fmt.Printf("SimpleServer starting to listen in port %v", httpdConf.Port)
+			return httpdConf.Start()
+		},
+	}
+	command.Flags().IntVar(&httpdConf.Port, "port", 443, "server port.")
+	command.Flags().StringVar(&httpdConf.CertFile, "certFile", "/etc/mutator/certs/tls.crt", "File containing tls certificate")
+	command.Flags().StringVar(&httpdConf.KeyFile, "keyFile", "/etc/mutator/certs/tls.key", "File containing tls private key")
+	command.Flags().BoolVar(&httpdConf.Local, "local", false, "Local run mode")
+	command.Flags().StringVar(&(&httpdConf.Patcher).SidecarDataKey, "sidecarDataKey", "sidecars.yaml", "ConfigMap Sidecar Data Key")
+	return command
+}
diff --git a/pkg/commands/root/command.go b/pkg/commands/root/command.go
@@ -1,6 +1,7 @@
 package root
 
 import (
+	"github.com/kyverno/kyverno-envoy-plugin/pkg/commands/inject"
 	"github.com/kyverno/kyverno-envoy-plugin/pkg/commands/serve"
 	"github.com/spf13/cobra"
 )
@@ -11,5 +12,6 @@ func Command() *cobra.Command {
 		Short: "kyverno-envoy-plugin is a plugin for Envoy",
 	}
 	root.AddCommand(serve.Command())
+	root.AddCommand(inject.Command())
 	return root
 }
diff --git a/sidecar-injector/pkg/httpd/simpleserver.go → pkg/httpd/simpleserver.go b/sidecar-injector/pkg/httpd/simpleserver.go → pkg/httpd/simpleserver.go
@@ -6,8 +6,8 @@ import (
 	"os"
 	"path/filepath"
 
-	"github.com/kyverno/kyverno-envoy-plugin/sidecar-injector/pkg/admission"
-	"github.com/kyverno/kyverno-envoy-plugin/sidecar-injector/pkg/webhook"
+	"github.com/kyverno/kyverno-envoy-plugin/pkg/admission"
+	"github.com/kyverno/kyverno-envoy-plugin/pkg/webhook"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 	"k8s.io/client-go/kubernetes"
@@ -25,29 +25,25 @@ type SimpleServer struct {
 	Debug    bool
 }
 
-/*Start the simple http server supporting TLS*/
+// Start the simple http server supporting TLS
 func (simpleServer *SimpleServer) Start() error {
 	k8sClient, err := simpleServer.CreateClient()
 	if err != nil {
 		return err
 	}
-
 	simpleServer.Patcher.K8sClient = k8sClient
 	server := &http.Server{
 		Addr: fmt.Sprintf(":%d", simpleServer.Port),
 	}
-
 	mux := http.NewServeMux()
 	server.Handler = mux
-
 	admissionHandler := &admission.Handler{
 		Handler: &admission.PodAdmissionRequestHandler{
 			PodHandler: &simpleServer.Patcher,
 		},
 	}
 	mux.HandleFunc("/healthz", webhook.HealthCheckHandler)
 	mux.HandleFunc("/mutate", admissionHandler.HandleAdmission)
-
 	if simpleServer.Local {
 		return server.ListenAndServe()
 	}
@@ -57,11 +53,9 @@ func (simpleServer *SimpleServer) Start() error {
 // CreateClient Create the server
 func (simpleServer *SimpleServer) CreateClient() (*kubernetes.Clientset, error) {
 	config, err := simpleServer.buildConfig()
-
 	if err != nil {
 		return nil, errors.Wrapf(err, "error setting up cluster config")
 	}
-
 	return kubernetes.NewForConfig(config)
 }
 

diff --git a/sidecar-injector/pkg/webhook/health.go → pkg/webhook/health.go b/sidecar-injector/pkg/webhook/health.go → pkg/webhook/health.go
@@ -1,6 +1,8 @@
 package webhook
 
-import "net/http"
+import (
+	"net/http"
+)
 
 // HealthCheckHandler HttpServer function to handle Health check
 func HealthCheckHandler(writer http.ResponseWriter, _ *http.Request) {

diff --git a/...ar-injector/pkg/webhook/sidecarhandler.go → pkg/webhook/sidecarhandler.go b/...ar-injector/pkg/webhook/sidecarhandler.go → pkg/webhook/sidecarhandler.go
@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	"github.com/ghodss/yaml"
-	"github.com/kyverno/kyverno-envoy-plugin/sidecar-injector/pkg/admission"
+	"github.com/kyverno/kyverno-envoy-plugin/pkg/admission"
 	log "github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
@@ -119,6 +119,5 @@ func (patcher *SidecarInjectorPatcher) PatchPodCreate(ctx context.Context, pod c
 			log.Debugf("sidecar patches being applied for %v/%v: patches: %v", namespace, podName, patches)
 		}
 	}
-
 	return patches, nil
 }
diff --git a/sidecar-injector/go.mod b/sidecar-injector/go.mod