Skip to content

Commit

Permalink
Add native sidecar support
Browse files Browse the repository at this point in the history
Kubernetes has introduced native sidecar support in version 1.28.  This feature improves network proxy sidecar compatability for jobs and initContainers.

Introduce a new annotation config.alpha.linkerd.io/proxy-enable-native-sidecar and configuration option Proxy.NativeSidecar that causes the proxy container to run as an init-container.

Fixes: #11461

Signed-off-by: TJ Miller <[email protected]>
  • Loading branch information
teejaded committed Oct 9, 2023
1 parent a6ea765 commit c6ee1e3
Show file tree
Hide file tree
Showing 30 changed files with 333 additions and 1 deletion.
3 changes: 3 additions & 0 deletions charts/partials/templates/_proxy.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -204,4 +204,7 @@ volumeMounts:
name: {{.Values.proxy.saMountPath.name}}
readOnly: {{.Values.proxy.saMountPath.readOnly}}
{{- end -}}
{{- if .Values.proxy.nativeSidecar }}
restartPolicy: Always
{{- end -}}
{{- end }}
4 changes: 3 additions & 1 deletion charts/patch/templates/patch.json
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,9 @@
{{- end }}
{
"op": "add",
{{- if .Values.proxy.await }}
{{- if .Values.proxy.nativeSidecar }}
"path": "{{$prefix}}/spec/initContainers/-",
{{- else if .Values.proxy.await }}
"path": "{{$prefix}}/spec/containers/0",
{{- else }}
"path": "{{$prefix}}/spec/containers/-",
Expand Down
4 changes: 4 additions & 0 deletions cli/cmd/inject.go
Original file line number Diff line number Diff line change
Expand Up @@ -491,6 +491,10 @@ func getOverrideAnnotations(values *linkerd2.Values, base *linkerd2.Values) map[
overrideAnnotations[k8s.ProxyShutdownGracePeriodAnnotation] = proxy.ShutdownGracePeriod
}

if proxy.NativeSidecar != baseProxy.NativeSidecar {
overrideAnnotations[k8s.ProxyEnableNativeSidecarAnnotation] = strconv.FormatBool(proxy.NativeSidecar)
}

return overrideAnnotations
}

Expand Down
13 changes: 13 additions & 0 deletions cli/cmd/inject_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,17 @@ func TestUninjectAndInject(t *testing.T) {
return values
}(),
},
{
inputFileName: "inject_emojivoto_deployment_native_sidecar.input.yml",
goldenFileName: "inject_emojivoto_deployment_native_sidecar.golden.yml",
reportFileName: "inject_emojivoto_deployment_native_sidecar.report",
injectProxy: true,
testInjectConfig: func() *linkerd2.Values {
values := defaultConfig()
values.Proxy.NativeSidecar = true
return values
}(),
},
}

for i, tc := range testCases {
Expand Down Expand Up @@ -678,6 +689,7 @@ func TestProxyConfigurationAnnotations(t *testing.T) {
values.Proxy.Await = false
values.Proxy.AccessLog = "apache"
values.Proxy.ShutdownGracePeriod = "60s"
values.Proxy.NativeSidecar = true

expectedOverrides := map[string]string{
k8s.ProxyIgnoreInboundPortsAnnotation: "8500-8505",
Expand All @@ -699,6 +711,7 @@ func TestProxyConfigurationAnnotations(t *testing.T) {
k8s.ProxyAwait: "disabled",
k8s.ProxyAccessLogAnnotation: "apache",
k8s.ProxyShutdownGracePeriodAnnotation: "60s",
k8s.ProxyEnableNativeSidecarAnnotation: "true",
}

overrides := getOverrideAnnotations(values, baseValues)
Expand Down
6 changes: 6 additions & 0 deletions cli/cmd/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -441,6 +441,12 @@ func makeInjectFlags(defaults *l5dcharts.Values) ([]flag.Flag, *pflag.FlagSet) {
injectFlags := pflag.NewFlagSet("inject", pflag.ExitOnError)

flags := []flag.Flag{
flag.NewBoolFlag(injectFlags, "native-sidecar", false, "Enable native sidecar",
func(values *l5dcharts.Values, value bool) error {
values.Proxy.NativeSidecar = value
return nil
}),

flag.NewInt64Flag(injectFlags, "wait-before-exit-seconds", int64(defaults.Proxy.WaitBeforeExitSeconds),
"The period during which the proxy sidecar must stay alive while its pod is terminating. "+
"Must be smaller than terminationGracePeriodSeconds for the pod (default 0)",
Expand Down
227 changes: 227 additions & 0 deletions cli/cmd/testdata/inject_emojivoto_deployment_native_sidecar.golden.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: web
namespace: emojivoto
spec:
replicas: 1
selector:
matchLabels:
app: web-svc
template:
metadata:
labels:
app: web-svc
spec:
containers:
- env:
- name: WEB_PORT
value: "80"
- name: EMOJISVC_HOST
value: emoji-svc.emojivoto:8080
- name: VOTINGSVC_HOST
value: voting-svc.emojivoto:8080
- name: INDEX_BUNDLE
value: dist/index_bundle.js
image: buoyantio/emojivoto-web:v10
name: web-svc
ports:
- containerPort: 80
name: http
---
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@

deployment "web" injected

Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@

√ pods do not use host networking
√ pods do not have a 3rd party proxy or initContainer already injected
√ pods are not annotated to disable injection
√ at least one resource can be injected or annotated
√ pod specs do not include UDP ports
√ pods do not have automountServiceAccountToken set to "false" or service account token projection is enabled

deployment "web" injected

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions cli/cmd/testdata/install_custom_domain.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions cli/cmd/testdata/install_custom_registry.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions cli/cmd/testdata/install_default.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions cli/cmd/testdata/install_default_token.golden

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit c6ee1e3

Please sign in to comment.