-
Notifications
You must be signed in to change notification settings - Fork 0
/
inject.jsonnet
59 lines (59 loc) · 2.29 KB
/
inject.jsonnet
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# Injection script for inserting sidecar and iptables containers.
# Modelled after istio kube-inject.
# The input is a kubernetes resource JSON.
function(o,
image="gcr.io/istio-testing/envoysidecar:latest",
uid=1337,
port=15001)
if o.kind == 'Deployment' then o {
spec: super.spec + {
template: super.template + {
spec: super.spec {
containers+: [{
args: ["--id", "$(POD_NAMESPACE)/$(POD_NAME)", "--ads", "envoycontroller"],
env: [
{
name: "POD_NAME",
valueFrom: {
fieldRef: {
fieldPath: "metadata.name",
},
},
},
{
name: "POD_NAMESPACE",
valueFrom: {
fieldRef: {
fieldPath: "metadata.namespace",
},
},
},
],
image: image,
name: "envoy",
securityContext: {
runAsUser: uid,
},
volumeMounts: [{
mountPath: "/tmp",
name: "envoy-config",
}],
}],
initContainers+: [{
args: ["-p", std.toString(port), "-u", std.toString(uid)],
image: "docker.io/istio/proxy_init:0.4.0",
name: "iptables",
securityContext: {
capabilities: {
add: ["NET_ADMIN"],
},
},
}],
volumes+: [{
name: "envoy-config",
emptyDir: { medium: "Memory" },
}],
},
},
},
} else o