Skip to content
This repository was archived by the owner on Jul 10, 2024. It is now read-only.

Add kube inject command #206

Merged
merged 15 commits into from
Mar 25, 2023
Merged

Add kube inject command #206

merged 15 commits into from
Mar 25, 2023

Conversation

@versilis
Copy link
Contributor

@versilis versilis commented Mar 22, 2023
edited
Loading

This adds a new command akita kube inject that can be used to manually inject Kuberentes YAML configuration files. Along with injecting deployments, it also can generate a secret to a file or stdout with the use of the --secret flag.

This PR depends on #207 for its injection functionality.

Example usages:

# Print injected resources to stdout
akita kube inject -f in.yml

# Print secret and injected resources to stdout. (combining all using `---`)
akita kube inject -s -f in.yml

# Output injected resource to file, and also generate and merge any required secrets
akita kube inject -s -f in.yml -o out.yml

# Output injected resources and generated secrets to separate files
akita kube inject -s="secret.yml" -f in.yml -o out.yml

# Applying via pipe
akita kube inject -f in.yml | kubectl -f -

# Applying via file
akita kube inject -f in.yml -o out.yml && kubectl apply -f out.yml

Example Output (w/merged Secrets):

---
apiVersion: v1
kind: Secret
metadata:
  name: akita-secrets
  namespace: default
type: Opaque
data:
  akita-api-key: ****
  akita-api-secret: ***
---
apiVersion: v1
kind: Secret
metadata:
  name: akita-secrets
  namespace: ns1
type: Opaque
data:
  akita-api-key: ***
  akita-api-secret: ***
---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  name: test-deploy
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: test-pod
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: test-pod
    spec:
      containers:
      - image: ghcr.io/wzshiming/echoserver/echoserver:v0.0.1
        name: test-container
        resources: {}
      - args:
        - apidump
        - --project
        - docker-extension-testing
        env:
        - name: AKITA_API_KEY_ID
          valueFrom:
            secretKeyRef:
              key: akita-api-key
              name: akita-secrets
        - name: AKITA_API_KEY_SECRET
          valueFrom:
            secretKeyRef:
              key: akita-api-secret
              name: akita-secrets
        image: akitasoftware/cli:latest
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - AKITA_PID=$(pgrep akita) && kill -2 $AKITA_PID && tail -f /proc/$AKITA_PID/fd/1
        name: akita
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_RAW
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  name: patch-demo
  namespace: ns1
spec:
  replicas: 2
  selector:
    matchLabels:
      app: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        name: patch-demo-ctr
        resources: {}
      - args:
        - apidump
        - --project
        - docker-extension-testing
        env:
        - name: AKITA_API_KEY_ID
          valueFrom:
            secretKeyRef:
              key: akita-api-key
              name: akita-secrets
        - name: AKITA_API_KEY_SECRET
          valueFrom:
            secretKeyRef:
              key: akita-api-secret
              name: akita-secrets
        image: akitasoftware/cli:latest
        lifecycle:
          preStop:
            exec:
              command:
              - /bin/sh
              - -c
              - AKITA_PID=$(pgrep akita) && kill -2 $AKITA_PID && tail -f /proc/$AKITA_PID/fd/1
        name: akita
        resources: {}
        securityContext:
          capabilities:
            add:
            - NET_RAW
      tolerations:
      - effect: NoSchedule
        key: dedicated
        value: test-team
status: {}

@versilis versilis force-pushed the versilis/kube-inject branch from a9936ef to 642c84d Compare March 23, 2023 09:39
@versilis versilis mentioned this pull request Mar 23, 2023
Merged
@versilis versilis requested a review from liujed March 23, 2023 10:17
@versilis versilis marked this pull request as ready for review March 23, 2023 10:17
@versilis versilis changed the title [WIP] Add kube inject command Add kube inject command Mar 23, 2023
@versilis versilis self-assigned this Mar 23, 2023
@versilis versilis added 3 – Normal Priority Non-blocking review—please turn around quickly Needs Review PRs with this label are picked up by the Slack integration labels Mar 23, 2023
@liujed
Copy link
Contributor

liujed commented Mar 23, 2023

@versilis, the change set here includes everything from #207, so if I were to review this as is, I'd also end up reviewing #207, which is currently assigned to Mark. Would you mind either making the reviewer of both PRs the same, or re-opening this as a PR against #207?

@versilis versilis changed the base branch from versilis/kube to versilis/injector March 23, 2023 16:45
Base automatically changed from versilis/injector to versilis/kube March 24, 2023 18:39
versilis added a commit that referenced this pull request Mar 24, 2023
@versilis
Add utilities for Injecting Kubernetes Deployments (#207)
771d368 
This PR adds utilities for injecting Kubernetes deployments to be used
with #206.

The main component is the `Injector` interface which provides the
functionality to traverse YAML files (including those with multiple
resources using the `---` directive), and inject sidecar containers into
any found Deployments.
@versilis
Merge remote-tracking branch 'origin/versilis/kube' into versilis/kub…
105e84e 
…e-inject

# Conflicts:
#	cmd/internal/kube/injector/injector.go
liujed
liujed reviewed Mar 25, 2023
View reviewed changes
Copy link
Contributor

@liujed liujed left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks reasonable. Before I approve, I have some questions about the intended output for both the secrets file and the Kubernetes YAML. The part I am least sure about is the output of createSidecar, but I assume all this will be (or has been) tested with a Kubernetes instance (or, at the very least, compared with a known working Kubernetes YAML with Akita installed).

@versilis versilis requested a review from liujed March 25, 2023 02:11
liujed
liujed approved these changes Mar 25, 2023
View reviewed changes
@versilis @liujed
Update cmd/internal/kube/inject.go
12b58e4 
Co-authored-by: Jed Liu <liujed@users.noreply.github.com>
@versilis versilis merged commit 99dadb7 into versilis/kube Mar 25, 2023
@versilis versilis deleted the versilis/kube-inject branch March 25, 2023 06:36
@versilis versilis mentioned this pull request Mar 25, 2023
Merged
versilis added a commit that referenced this pull request Mar 27, 2023
@versilis @liujed
Simplify Kubernetes Injection (#205)
304afdb 
This adds two new commands, `akita kube inject` and `akita kube secret`,
for simplifying the process of installing Akita as a sidecar in
Kubernetes Deployments.

Changes include:
- #202
- #207
- #206
---------

Signed-off-by: versilis <versilis@akitasoftware.com>
Co-authored-by: Mark Gritter <mgritter@akitasoftware.com>
Co-authored-by: Jed Liu <liujed@users.noreply.github.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@liujed liujed liujed approved these changes

@mgritter mgritter mgritter left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@versilis versilis

Labels

3 – Normal Priority Non-blocking review—please turn around quickly Needs Review PRs with this label are picked up by the Slack integration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@versilis @liujed @mgritter