Releases: tumblr/k8s-sidecar-injector
Open for Business!
We can merge stuff again!
This release provides some nice QoL changes:
- #45 allow reloading certs and keys. thanks @george-angel
- #29 allow injections of annotation namespace in the docker container. thanks @zhangjianweibj
- #43, #28 add support for pod security policies
hostPid
andhostNetwork
. thanks @zhangjianweibj
If I'm missing anything or anyone let me know.
ServiceAccount Bugfixes 🐛🔫
Bugfix release for supporting serviceAccountName
injections properly. Previously we were doing a few things incorrectly.
- if the
serviceAccountName
was"default"
, we were not injecting the serviceAccount. This was dumb and for that i am sorry. - There was a bug when loading an
InjectionConfig
that uses bothinherits:
as well asserviceAccountName
that prevented the loaded config from including the serviceaccount VolumeMounts
for a SA token created by theServiceAccountController
need to be removed from existing pods, so that the patched pod can be run through the SAController again and pick up the correct mounts for the newly injected serviceaccount.
ServiceAccount Injection
This release includes #30, which allows you to now inject a serviceAccountName
into your pod specs! Note that this requires Kubernetes 1.15+ to function correctly, as previous versions had ordering bugs with when the MWAC and ServiceAccount controllers were applied.
Versioning and inheritance of sidecar configurations
We add 2 features to the sidecar injector to make use at scale more ergonomic. 1) versioned configurations and 2) inheritance.
Versioning
We found ourselves suffixing the names of sidecars with versioning information, so we could make improvements to sidecars without breaking legacy consumers of a given sidecar. For example, we would name configs name: some-sidecar-v3
. To codify this behavior without changing the request interface, we add support for versioned sidecar configurations, similar to how Docker images work.
By changing nothing in your configs, each sidecar configuration now has a Version()
which is derived by splitting off the last field after :
. By default, this is latest
. Here are some examples of name:
fields, and the derived version
.
my-sidecar
->latest
my-sidecar:latest
->latest
my-sidecar:v420
->v420
my-sidecar:extra:fields:6.9
->6.9
This change allows you to maintain versioned configs, as well as "symlink" consumers to the latest version of a sidecar, via :latest
.
Inheritance
In addition to versioning, we have found that a lot of our sidecar configurations are actually quite similar, and tend to have only a few differences. This brought us to build inheritance functionality into the configs. By introducing an inherits:
field to configs loaded from disk (not ConfigMap
s!), we support a config using a base, and merging in any fields from the child as necessary.
Note: some (most) fields in the config format are sets, so we must perform merging in a manner that provides set uniqueness by name
field.
For example, a config like the following would load another.yaml
, and then add 2 env vars to it. If EXISTING_VAR
exists in another.yaml
, it will be replaced. NEW_VAR
, if not appearing in the env
list, will be appended. All configs referenced via inherits:
are relative to the directory of the parent file, and cannot traverse upwards in the directory.
name: example:v1
inherits: another.yaml
env:
- name: EXISTING_VAR
value: overridden
- name: NEW_VAR
value: new
See #36 for implementation
v0.1.8: Merge pull request #19 from noahgoldman/fix-watcher-error-panic
Fix panic when watching ConfigMaps
v0.1.7: Merge pull request #16 from lxs137/watcher-nil-event
v0.1.6: Merge pull request #12 from iwilltry42/fix/add-to-initContainers
Bugfix release. InitContainers should get any injected env vars and volume mounts.
Includes:
- #12 - thanks @iwilltry42 !
v0.1.5: Merge pull request #10 from tumblr/gabe/improve-latency-buckets
Simple release to improve latency histograms reported for http responses, via #10
adding initContainers and hostAliases
New Features:
- Add support for injecting
initContainer
s! #8 Thanks to @iwilltry42 and @zach-dunton-sf! - Add support for injecting
hostAliases
! #5 Thanks to @iwilltry42
See https://github.com/tumblr/k8s-sidecar-injector/blob/master/docs/sidecar-configuration-format.md for the full sidecar config format and examples of the new injections
Bugfixes:
Changes since last release: v0.1.2...v0.1.4
add volumeMounts support
Thanks to @iwilltry42 for adding volumeMounts
support in sidecar configuration. (#3). Additionally, this release includes cleaner error handling and more expressive metrics.