Skip to content
This repository was archived by the owner on Jul 10, 2024. It is now read-only.

Add utilities for Injecting Kubernetes Deployments#207

Merged
versilis merged 13 commits intoversilis/kubefrom
versilis/injector
Mar 24, 2023
Merged

Add utilities for Injecting Kubernetes Deployments#207
versilis merged 13 commits intoversilis/kubefrom
versilis/injector

Conversation

@versilis
Copy link
Contributor

@versilis versilis commented Mar 23, 2023
edited
Loading

This PR adds utilities for injecting Kubernetes deployments to be used with #206.

The main component is the Injector interface which provides the functionality to traverse YAML files (including those with multiple resources using the --- directive), and inject sidecar containers into any found Deployments.

@versilis versilis changed the title Add utilities for injecting Kubernetes files Add utilities for Injecting Kubernetes Deployments Mar 23, 2023
@versilis versilis force-pushed the versilis/injector branch from 53c17de to 642c84d Compare March 23, 2023 08:53
@versilis versilis mentioned this pull request Mar 23, 2023
Merged
versilis
versilis commented Mar 23, 2023
View reviewed changes
cmd/internal/kube/test_resource/resources.yaml
@@ -0,0 +1,41 @@
apiVersion: apps/v1
Copy link
Contributor Author

@versilis versilis Mar 23, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't written any unit tests to go alongside this, but it works well for interacting with the CLI

@versilis versilis self-assigned this Mar 23, 2023
@versilis versilis added 3 – Normal Priority Non-blocking review—please turn around quickly Needs Review PRs with this label are picked up by the Slack integration labels Mar 23, 2023
@versilis versilis requested a review from mgritter March 23, 2023 10:17
@versilis versilis marked this pull request as ready for review March 23, 2023 10:17
mgritter
mgritter approved these changes Mar 24, 2023
View reviewed changes
Copy link
Contributor

@mgritter mgritter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't find anything big, but if you have time there are some changes I would suggest.

The most important one is supportability; is the context for each error clear?

Next-most important is using code from go-utils.

Final set is avoiding unnecessary deep copies.

@versilis versilis merged commit 771d368 into versilis/kube Mar 24, 2023
@versilis versilis deleted the versilis/injector branch March 24, 2023 18:39
@versilis versilis mentioned this pull request Mar 24, 2023
Merged
versilis added a commit that referenced this pull request Mar 25, 2023
@versilis @liujed
Add kube inject command (#206)
99dadb7 
This adds a new command `akita kube inject` that can be used to manually
inject Kuberentes YAML configuration files. Along with injecting
deployments, it also can generate a secret to a file or stdout with the
use of the `--secret` flag.

This PR depends on #207
for its injection functionality.

Example usages:
```
# Print injected resources to stdout
akita kube inject -f in.yml

# Print secret and injected resources to stdout. (combining all using `---`)
akita kube inject -s -f in.yml

# Output injected resource to file, and also generate and merge any required secrets
akita kube inject -s -f in.yml -o out.yml

# Output injected resources and generated secrets to separate files
akita kube inject -s="secret.yml" -f in.yml -o out.yml

# Applying via pipe
akita kube inject -f in.yml | kubectl -f -

# Applying via file
akita kube inject -f in.yml -o out.yml && kubectl apply -f out.yml
```
Example Output (w/merged Secrets):
```
---
apiVersion: v1
kind: Secret
metadata:
  name: akita-secrets
  namespace: default
type: Opaque
data:
  akita-api-key: ****
  akita-api-secret: ***
---
apiVersion: v1
kind: Secret
metadata:
  name: akita-secrets
  namespace: ns1
type: Opaque
data:
  akita-api-key: ***
  akita-api-secret: ***
---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  name: test-deploy
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-pod
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: test-pod
    spec:
      containers:
      - image: ghcr.io/wzshiming/echoserver/echoserver:v0.0.1
        name: test-container
        resources: {}
      - args:
        - apidump
        - --project
        - docker-extension-testing
        env:
        - name: AKITA_API_KEY_ID
          valueFrom:
            secretKeyRef:
              key: akita-api-key
              name: akita-secrets
        - name: AKITA_API_KEY_SECRET
          valueFrom:
            secretKeyRef:
              key: akita-api-secret
              name: akita-secrets
        image: akitasoftware/cli:latest
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - AKITA_PID=$(pgrep akita) && kill -2 $AKITA_PID && tail -f /proc/$AKITA_PID/fd/1
        name: akita
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_RAW
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  name: patch-demo
  namespace: ns1
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        name: patch-demo-ctr
        resources: {}
      - args:
        - apidump
        - --project
        - docker-extension-testing
        env:
        - name: AKITA_API_KEY_ID
          valueFrom:
            secretKeyRef:
              key: akita-api-key
              name: akita-secrets
        - name: AKITA_API_KEY_SECRET
          valueFrom:
            secretKeyRef:
              key: akita-api-secret
              name: akita-secrets
        image: akitasoftware/cli:latest
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - AKITA_PID=$(pgrep akita) && kill -2 $AKITA_PID && tail -f /proc/$AKITA_PID/fd/1
        name: akita
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_RAW
      tolerations:
      - effect: NoSchedule
        key: dedicated
        value: test-team
status: {}
```

---------

Co-authored-by: Jed Liu <liujed@users.noreply.github.com>
versilis added a commit that referenced this pull request Mar 27, 2023
@versilis @liujed
Simplify Kubernetes Injection (#205)
304afdb 
This adds two new commands, `akita kube inject` and `akita kube secret`,
for simplifying the process of installing Akita as a sidecar in
Kubernetes Deployments.

Changes include:
- #202
- #207
- #206
---------

Signed-off-by: versilis <versilis@akitasoftware.com>
Co-authored-by: Mark Gritter <mgritter@akitasoftware.com>
Co-authored-by: Jed Liu <liujed@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@mgritter mgritter mgritter approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@versilis versilis

Labels

3 – Normal Priority Non-blocking review—please turn around quickly Needs Review PRs with this label are picked up by the Slack integration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@versilis @mgritter