Documentation
¶
Index ¶
Constants ¶
View Source
const ( //AppMeshCPURequestAnnotation specifies the CPU requests for proxy AppMeshCPURequestAnnotation = "appmesh.k8s.aws/cpuRequest" //AppMeshMemoryRequestAnnotation specifies the memory requests for proxy AppMeshMemoryRequestAnnotation = "appmesh.k8s.aws/memoryRequest" //AppMeshCPULimitAnnotation specifies the CPU limits for proxy AppMeshCPULimitAnnotation = "appmesh.k8s.aws/cpuLimit" //AppMeshMemoryLimitAnnotation specifies the memory limits for proxy AppMeshMemoryLimitAnnotation = "appmesh.k8s.aws/memoryLimit" // === begin proxy settings annotations === //AppMeshCNIAnnotation specifies that CNI will be used to configure traffic interception AppMeshCNIAnnotation = "appmesh.k8s.aws/appmeshCNI" //AppMeshPortsAnnotation specifies the ports that proxy will forward traffic to. By default this is detected using the Pod ports. AppMeshPortsAnnotation = "appmesh.k8s.aws/ports" //AppMeshEgressIgnoredPortsAnnotation specifies the IPs that need to be ignored when intercepting traffic AppMeshEgressIgnoredIPsAnnotation = "appmesh.k8s.aws/egressIgnoredIPs" //AppMeshEgressIgnoredPortsAnnotation specifies the ports that need to ignored when intercepting traffic AppMeshEgressIgnoredPortsAnnotation = "appmesh.k8s.aws/egressIgnoredPorts" //AppMeshIgnoredGIDAnnotation specifies the GID used by proxy AppMeshIgnoredGIDAnnotation = "appmesh.k8s.aws/ignoredGID" //AppMeshIgnoredUIDAnnotation specifies the UID used by proxy AppMeshIgnoredUIDAnnotation = "appmesh.k8s.aws/ignoredUID" //AppMeshProxyEgressPortAnnotation specifies the port used by proxy for egress traffic (traffic originating from app container to external services). This is fixed to AppMeshProxyEgressPort AppMeshProxyEgressPortAnnotation = "appmesh.k8s.aws/proxyEgressPort" //AppMeshProxyIngressPortAnnotation specifies the port used by proxy for incoming traffic. This is fixed to AppMeshProxyIngressPort AppMeshProxyIngressPortAnnotation = "appmesh.k8s.aws/proxyIngressPort" //AppMeshPreviewAnnotation specifies that proxy should use App Mesh preview endpoint AppMeshPreviewAnnotation = "appmesh.k8s.aws/preview" //AppMeshSidecarInjectAnnotation specifies proxy should be injected for pod. Other systems can use this annotation on pod to determine if proxy is injected or not AppMeshSidecarInjectAnnotation = "appmesh.k8s.aws/sidecarInjectorWebhook" //AppMeshSecretMountsAnnotation specifies the list of Secret that need to be mounted to the proxy as a volume AppMeshSecretMountsAnnotation = "appmesh.k8s.aws/secretMounts" //AppMeshGatewaySkipImageOverride specifies if Virtual Gateway sidecar image override needs to be skipped for customers //to use their own sidecare image for Virtual Gateway AppMeshGatewaySkipImageOverride = "appmesh.k8s.aws/virtualGatewaySkipImageOverride" //AppMeshSDSAnnotation is used if SDS is enabled at the controller level but needs to be disabled //for a particular VirtualNode. AppMeshSDSAnnotation = "appmesh.k8s.aws/sds" // AppMeshEnvAnnotation specifies the list of enviornment variables that need to be programmed on Envoy sidecars // This allow passing tags like DataDog environment `DD_ENV` to Envoy to help correlate observability data // Here's how a sample annotations will be like // // e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=qa1, ENV2=test" // e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=prod" // AppMeshEnvAnnotation = "appmesh.k8s.aws/sidecarEnv" //FargateProfileLabel is added by fargate-scheduler when pod is running on AWS Fargate FargateProfileLabel = "eks.amazonaws.com/fargate-profile" )
View Source
const (
AppMeshSDSSocketVolume = "appmesh-sds-socket-volume"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// If enabled, an fsGroup: 1337 will be injected in the absence of it within pod securityContext
// see https://github.com/aws/amazon-eks-pod-identity-webhook/issues/8 for more details
EnableIAMForServiceAccounts bool
// If enabled, additional image pull secret(appmesh-ecr-secret) will be injected.
EnableECRSecret bool
// If enabled, mTLS support via SDS will be enabled.
EnableSDS bool
// Contains the Unix Domain Socket Path for SDS provider.
SdsUdsPath string
// Sidecar settings
SidecarImage string
SidecarCpuRequests string
SidecarMemoryRequests string
SidecarCpuLimits string
SidecarMemoryLimits string
Preview bool
LogLevel string
PreStopDelay string
ReadinessProbeInitialDelay int32
ReadinessProbePeriod int32
EnvoyAdminAcessPort int32
EnvoyAdminAccessLogFile string
// Init container settings
InitImage string
IgnoredIPs string
// Observability settings
EnableJaegerTracing bool
JaegerAddress string
JaegerPort string
EnableDatadogTracing bool
DatadogAddress string
DatadogPort int32
EnableXrayTracing bool
XrayDaemonPort int32
EnableStatsTags bool
EnableStatsD bool
StatsDAddress string
StatsDPort int32
XRayImage string
}
type EnvoyTemplateVariables ¶
type EnvoyTemplateVariables struct {
AWSRegion string
MeshName string
VirtualNodeName string
Preview string
EnableSDS bool
SdsUdsPath string
LogLevel string
AdminAccessPort int32
AdminAccessLogFile string
PreStopDelay string
SidecarImage string
EnvoyTracingConfigVolumeName string
EnableXrayTracing bool
XrayDaemonPort int32
EnableJaegerTracing bool
EnableDatadogTracing bool
DatadogTracerPort int32
DatadogTracerAddress string
EnableStatsTags bool
EnableStatsD bool
StatsDPort int32
StatsDAddress string
}
type PodMutator ¶
type PodMutator interface {
// contains filtered or unexported methods
}
type SidecarInjector ¶
type SidecarInjector struct {
// contains filtered or unexported fields
}
func NewSidecarInjector ¶
func NewSidecarInjector(cfg Config, accountID string, awsRegion string, k8sClient client.Client, referenceResolver references.Resolver, vnMembershipDesignator virtualnode.MembershipDesignator, vgMembershipDesignator virtualgateway.MembershipDesignator) *SidecarInjector
type XrayTemplateVariables ¶
Source Files
Click to show internal directories.
Click to hide internal directories.