Documentation
¶
Index ¶
Constants ¶
View Source
const ( //AppMeshCPURequestAnnotation specifies the CPU requests for proxy AppMeshCPURequestAnnotation = "appmesh.k8s.aws/cpuRequest" //AppMeshMemoryRequestAnnotation specifies the memory requests for proxy AppMeshMemoryRequestAnnotation = "appmesh.k8s.aws/memoryRequest" //AppMeshCPULimitAnnotation specifies the CPU limits for proxy AppMeshCPULimitAnnotation = "appmesh.k8s.aws/cpuLimit" //AppMeshMemoryLimitAnnotation specifies the memory limits for proxy AppMeshMemoryLimitAnnotation = "appmesh.k8s.aws/memoryLimit" // === begin proxy settings annotations === //AppMeshCNIAnnotation specifies that CNI will be used to configure traffic interception AppMeshCNIAnnotation = "appmesh.k8s.aws/appmeshCNI" //AppMeshPortsAnnotation specifies the ports that proxy will forward traffic to. By default this is detected using the Pod ports. AppMeshPortsAnnotation = "appmesh.k8s.aws/ports" //AppMeshEgressIgnoredPortsAnnotation specifies the IPs that need to be ignored when intercepting traffic AppMeshEgressIgnoredIPsAnnotation = "appmesh.k8s.aws/egressIgnoredIPs" //AppMeshEgressIgnoredPortsAnnotation specifies the ports that need to ignored when intercepting traffic AppMeshEgressIgnoredPortsAnnotation = "appmesh.k8s.aws/egressIgnoredPorts" //AppMeshIgnoredGIDAnnotation specifies the GID used by proxy AppMeshIgnoredGIDAnnotation = "appmesh.k8s.aws/ignoredGID" //AppMeshIgnoredUIDAnnotation specifies the UID used by proxy AppMeshIgnoredUIDAnnotation = "appmesh.k8s.aws/ignoredUID" //AppMeshProxyEgressPortAnnotation specifies the port used by proxy for egress traffic (traffic originating from app container to external services). This is fixed to AppMeshProxyEgressPort AppMeshProxyEgressPortAnnotation = "appmesh.k8s.aws/proxyEgressPort" //AppMeshProxyIngressPortAnnotation specifies the port used by proxy for incoming traffic. This is fixed to AppMeshProxyIngressPort AppMeshProxyIngressPortAnnotation = "appmesh.k8s.aws/proxyIngressPort" //AppMeshPreviewAnnotation specifies that proxy should use App Mesh preview endpoint AppMeshPreviewAnnotation = "appmesh.k8s.aws/preview" //AppMeshSidecarInjectAnnotation specifies proxy should be injected for pod. Other systems can use this annotation on pod to determine if proxy is injected or not AppMeshSidecarInjectAnnotation = "appmesh.k8s.aws/sidecarInjectorWebhook" //AppMeshSecretMountsAnnotation specifies the list of Secret that need to be mounted to the proxy as a volume AppMeshSecretMountsAnnotation = "appmesh.k8s.aws/secretMounts" //AppMeshVolumeMountsAnnotation specifies the list of volumes that need to be mounted to the proxy AppMeshVolumeMountsAnnotation = "appmesh.k8s.aws/volumeMounts" //AppMeshGatewaySkipImageOverride specifies if Virtual Gateway sidecar image override needs to be skipped for customers //to use their own sidecare image for Virtual Gateway AppMeshGatewaySkipImageOverride = "appmesh.k8s.aws/virtualGatewaySkipImageOverride" //AppMeshSDSAnnotation is used if SDS is enabled at the controller level but needs to be disabled //for a particular VirtualNode. AppMeshSDSAnnotation = "appmesh.k8s.aws/sds" // AppMeshEnvAnnotation specifies the list of environment variables that need to be programmed on Envoy sidecars // This allow passing tags like DataDog environment `DD_ENV` to Envoy to help correlate observability data // Here's how a sample annotations will be like // // e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=qa1, ENV2=test" // e.g. appmesh.k8s.aws/sidecarEnv: "DD_ENV=prod" // AppMeshEnvAnnotation = "appmesh.k8s.aws/sidecarEnv" // AppMeshXrayAgentConfigAnnotation specifies the mount path for the Xray daemon's configuration file. // For more info on this YAML file refer AWS X-Ray's documentation at // https://docs.aws.amazon.com/xray/latest/devguide/xray-daemon-configuration.html#xray-daemon-configuration-configfile // Make sure ConfigMap's data filename is set to `xray-daemon.yaml` and only one volume mounted ConfigMap is specified. // // e.g. appmesh.k8s.aws/xrayAgentConfigMount: xray-config:/tmp/ // AppMeshXrayAgentConfigAnnotation = "appmesh.k8s.aws/xrayAgentConfigMount" //FargateProfileLabel is added by fargate-scheduler when pod is running on AWS Fargate FargateProfileLabel = "eks.amazonaws.com/fargate-profile" )
View Source
const (
AppMeshSDSSocketVolume = "appmesh-sds-socket-volume"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// If enabled, an fsGroup: 1337 will be injected in the absence of it within pod securityContext
// see https://github.com/aws/amazon-eks-pod-identity-webhook/issues/8 for more details
EnableIAMForServiceAccounts bool
// If enabled, additional image pull secret(appmesh-ecr-secret) will be injected.
EnableECRSecret bool
// If enabled, mTLS support via SDS will be enabled.
EnableSDS bool
// Contains the Unix Domain Socket Path for SDS provider.
SdsUdsPath string
// Sidecar settings
SidecarImage string
SidecarCpuRequests string
SidecarMemoryRequests string
SidecarCpuLimits string
SidecarMemoryLimits string
Preview bool
LogLevel string
PreStopDelay string
ReadinessProbeInitialDelay int32
ReadinessProbePeriod int32
EnvoyAdminAcessPort int32
EnvoyAdminAccessLogFile string
DualStackEndpoint bool
EnvoyAdminAccessEnableIPv6 bool
// Init container settings
InitImage string
IgnoredIPs string
// Observability settings
EnableJaegerTracing bool
JaegerAddress string
JaegerPort string
EnableDatadogTracing bool
DatadogAddress string
DatadogPort int32
EnableXrayTracing bool
XrayDaemonPort int32
XraySamplingRate string
XrayLogLevel string
XrayConfigRoleArn string
EnableStatsTags bool
EnableStatsD bool
StatsDAddress string
StatsDPort int32
StatsDSocketPath string
XRayImage string
ClusterName string
}
type EnvoyTemplateVariables ¶
type EnvoyTemplateVariables struct {
AWSRegion string
MeshName string
VirtualGatewayOrNodeName string
Preview string
EnableSDS bool
SdsUdsPath string
LogLevel string
AdminAccessPort int32
AdminAccessLogFile string
PreStopDelay string
SidecarImage string
EnableXrayTracing bool
XrayDaemonPort int32
XraySamplingRate string
EnableJaegerTracing bool
JaegerPort string
JaegerAddress string
EnableDatadogTracing bool
DatadogTracerPort int32
DatadogTracerAddress string
EnableStatsTags bool
EnableStatsD bool
StatsDPort int32
StatsDAddress string
StatsDSocketPath string
K8sVersion string
ControllerVersion string
EnableAdminAccessForIpv6 bool
UseDualStackEndpoint string
}
Envoy template variables used by envoys in pod and the envoy in VirtualGateway as we use the same envoy image
type PodMutator ¶
type PodMutator interface {
// contains filtered or unexported methods
}
type SidecarInjector ¶
type SidecarInjector struct {
// contains filtered or unexported fields
}
func NewSidecarInjector ¶
func NewSidecarInjector(cfg Config, accountID string, awsRegion string, controllerVersion string, k8sVersion string, k8sClient client.Client, referenceResolver references.Resolver, vnMembershipDesignator virtualnode.MembershipDesignator, vgMembershipDesignator virtualgateway.MembershipDesignator) *SidecarInjector
type XrayTemplateVariables ¶
Source Files
Click to show internal directories.
Click to hide internal directories.