MCPcopy
hub / github.com/istio/istio / initSidecarInjector

Method initSidecarInjector

pilot/pkg/bootstrap/sidecarinjector.go:43–113  ·  view source on GitHub ↗
(args *PilotArgs)

Source from the content-addressed store, hash-verified

41var injectionEnabled = env.Register("INJECT_ENABLED", true, "Enable mutating webhook handler.")
42
43func (s *Server) initSidecarInjector(args *PilotArgs) (*inject.Webhook, error) {
44 // currently the constant: "./var/lib/istio/inject"
45 injectPath := args.InjectionOptions.InjectionDirectory
46 if injectPath == "" || !injectionEnabled.Get() {
47 log.Infof("Skipping sidecar injector, injection path is missing or disabled.")
48 return nil, nil
49 }
50
51 // If the injection config exists either locally or remotely, we will set up injection.
52 var watcher inject.Watcher
53 if _, err := os.Stat(filepath.Join(injectPath, "config")); !os.IsNotExist(err) {
54 configFile := filepath.Join(injectPath, "config")
55 valuesFile := filepath.Join(injectPath, "values")
56 watcher, err = inject.NewFileWatcher(configFile, valuesFile)
57 if err != nil {
58 return nil, err
59 }
60 } else if s.kubeClient != nil {
61 configMapName := getInjectorConfigMapName(args.Revision)
62 cms := s.kubeClient.Kube().CoreV1().ConfigMaps(args.Namespace)
63 if _, err := cms.Get(context.TODO(), configMapName, metav1.GetOptions{}); err != nil {
64 if errors.IsNotFound(err) {
65 log.Infof("Skipping sidecar injector, template not found")
66 return nil, nil
67 }
68 return nil, err
69 }
70 watcher = inject.NewConfigMapWatcher(s.kubeClient, args.Namespace, configMapName, "config", "values")
71 } else {
72 log.Infof("Skipping sidecar injector, template not found")
73 return nil, nil
74 }
75
76 log.Info("initializing sidecar injector")
77
78 parameters := inject.WebhookParameters{
79 Watcher: watcher,
80 Env: s.environment,
81 Mux: s.httpsMux,
82 Revision: args.Revision,
83 MultiCluster: s.multiclusterController,
84 }
85
86 wh, err := inject.NewWebhook(parameters)
87 if err != nil {
88 return nil, fmt.Errorf("failed to create injection webhook: %v", err)
89 }
90 // Patch cert if a webhook config name is provided.
91 // This requires RBAC permissions - a low-priv Istiod should not attempt to patch but rely on
92 // operator or CI/CD
93 if features.InjectionWebhookConfigName != "" {
94 s.addStartFunc("injection patcher", func(stop <-chan struct{}) error {
95 // No leader election - different istiod revisions will patch their own cert.
96 // update webhook configuration by watching the cabundle
97 patcher, err := webhooks.NewWebhookCertPatcher(s.kubeClient, args.Revision, webhookName, s.istiodCertBundleWatcher)
98 if err != nil {
99 log.Errorf("failed to create webhook cert patcher: %v", err)
100 return nil

Callers 1

NewServerFunction · 0.95

Calls 15

addStartFuncMethod · 0.95
RunMethod · 0.95
RunMethod · 0.95
InfofFunction · 0.92
NewFileWatcherFunction · 0.92
NewConfigMapWatcherFunction · 0.92
InfoFunction · 0.92
NewWebhookFunction · 0.92
NewWebhookCertPatcherFunction · 0.92
ErrorfFunction · 0.92
getInjectorConfigMapNameFunction · 0.85
StatMethod · 0.80

Tested by

no test coverage detected