This repository was archived by the owner on Jul 10, 2024. It is now read-only.
Simplify Kubernetes Injection #205
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This adds a new command `akita kube secret` which generates a Kubernetes secret configuration file that stores a user's base-64 encoded Akita API credentials. To simplify file generation, I've used go's built-in templating utilities; `akita-secret.tmpl` is used as the template for creating the secret. Example usage: ``` % ./bin/akita kube secret -n test -o ./tmp/deployments/configs/akita-secrets.yml [INFO] Akita Agent 0.0.0 [INFO] Generated Kubernetes secret config to ./tmp/deployments/configs/akita-secrets.yml % less ./tmp/deployments/configs/akita-secrets.yml apiVersion: v1 kind: Secret metadata: name: akita-secrets namespace: test type: Opaque data: akita-api-key: YXBrXzN1Y2h6WDyiOdyMzg2NldiM3Y0Q2Y= akita-api-secret: YmUzMzY5OTllNzNjc2DY3MmI5OWQzMTVmAnGaKmYzN2NlNjc2NWRiZDY4MzNjMWRkMzA4YjFjZDFlNWZkZg== ./tmp/deployments/configs/akita-secrets.yml lines 1-9/9 (END) --------- Signed-off-by: versilis <versilis@akitasoftware.com> Co-authored-by: Mark Gritter <mgritter@akitasoftware.com>
This PR adds utilities for injecting Kubernetes deployments to be used with #206. The main component is the `Injector` interface which provides the functionality to traverse YAML files (including those with multiple resources using the `---` directive), and inject sidecar containers into any found Deployments.
versilis
changed the title
versilis
changed the title
This adds a new command `akita kube inject` that can be used to manually inject Kuberentes YAML configuration files. Along with injecting deployments, it also can generate a secret to a file or stdout with the use of the `--secret` flag. This PR depends on #207 for its injection functionality. Example usages: ``` # Print injected resources to stdout akita kube inject -f in.yml # Print secret and injected resources to stdout. (combining all using `---`) akita kube inject -s -f in.yml # Output injected resource to file, and also generate and merge any required secrets akita kube inject -s -f in.yml -o out.yml # Output injected resources and generated secrets to separate files akita kube inject -s="secret.yml" -f in.yml -o out.yml # Applying via pipe akita kube inject -f in.yml | kubectl -f - # Applying via file akita kube inject -f in.yml -o out.yml && kubectl apply -f out.yml ``` Example Output (w/merged Secrets): ``` --- apiVersion: v1 kind: Secret metadata: name: akita-secrets namespace: default type: Opaque data: akita-api-key: **** akita-api-secret: *** --- apiVersion: v1 kind: Secret metadata: name: akita-secrets namespace: ns1 type: Opaque data: akita-api-key: *** akita-api-secret: *** --- apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null name: test-deploy namespace: default spec: replicas: 1 selector: matchLabels: app: test-pod strategy: {} template: metadata: creationTimestamp: null labels: app: test-pod spec: containers: - image: ghcr.io/wzshiming/echoserver/echoserver:v0.0.1 name: test-container resources: {} - args: - apidump - --project - docker-extension-testing env: - name: AKITA_API_KEY_ID valueFrom: secretKeyRef: key: akita-api-key name: akita-secrets - name: AKITA_API_KEY_SECRET valueFrom: secretKeyRef: key: akita-api-secret name: akita-secrets image: akitasoftware/cli:latest lifecycle: preStop: exec: command: - /bin/sh - -c - AKITA_PID=$(pgrep akita) && kill -2 $AKITA_PID && tail -f /proc/$AKITA_PID/fd/1 name: akita resources: {} securityContext: capabilities: add: - NET_RAW status: {} --- apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null name: patch-demo namespace: ns1 spec: replicas: 2 selector: matchLabels: app: nginx strategy: {} template: metadata: creationTimestamp: null labels: app: nginx spec: containers: - image: nginx name: patch-demo-ctr resources: {} - args: - apidump - --project - docker-extension-testing env: - name: AKITA_API_KEY_ID valueFrom: secretKeyRef: key: akita-api-key name: akita-secrets - name: AKITA_API_KEY_SECRET valueFrom: secretKeyRef: key: akita-api-secret name: akita-secrets image: akitasoftware/cli:latest lifecycle: preStop: exec: command: - /bin/sh - -c - AKITA_PID=$(pgrep akita) && kill -2 $AKITA_PID && tail -f /proc/$AKITA_PID/fd/1 name: akita resources: {} securityContext: capabilities: add: - NET_RAW tolerations: - effect: NoSchedule key: dedicated value: test-team status: {} ``` --------- Co-authored-by: Jed Liu <liujed@users.noreply.github.com>
mgritter
approved these changes
Mar 27, 2023
Comment on lines
+243
to
+244
| // Default value is "true" when the flag is given without an argument. | ||
| injectCmd.Flags().Lookup("secret").NoOptDefVal = "true" |
Contributor
There was a problem hiding this comment.
Does this work even if the command line is something like
akita kube inject --secret --project myproject
or does it only work in certain positions? I am not sure what logic cobra uses.
Contributor
Author
There was a problem hiding this comment.
From my own testing, the --secret flag works in any position. Here's more info on how Cobra handles no option default values for flags: https://github.com/spf13/pflag#setting-no-option-default-values-for-flags
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds two new commands,
akita kube injectandakita kube secret, for simplifying the process of installing Akita as a sidecar in Kubernetes deployments.Changes include:
Initiative: https://www.notion.so/akitasoftware/Kubernetes-Helm-Chart-for-Onboarding-2145a62176ab4021aca3ffeaaad17731