feat: inject volumes and volume mounts

flashbots · Aug 10, 2024 · 08cc1cb · 08cc1cb
1 parent 507ed72
commit 08cc1cb
Show file tree

Hide file tree

Showing 26 changed files with 966 additions and 315 deletions.
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,18 @@
+Copyright (c) 2024 Flashbots
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the “Software”), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/Makefile b/Makefile
@@ -8,6 +8,10 @@ build:
 			-o ./bin/kube-sidecar-injector \
 		github.com/flashbots/kube-sidecar-injector/cmd
 
+.PHONY: docker
+docker:
+	docker build -t kube-sidecar-injector:${VERSION} .
+
 .PHONY: snapshot
 snapshot:
 	@goreleaser release --snapshot --clean
@@ -20,11 +24,12 @@ image:
 		.
 
 .PHONY: deploy
-deploy:
+deploy: image
 	@kubectl \
 			--context orbstack \
 		apply \
-			--filename deploy/cluster-role.yaml \
-			--filename deploy/dummy.yaml \
-			--filename deploy/deployment-fargate.yaml \
-			--filename deploy/deployment-node-exporter.yaml
+			--filename test/cluster-role.yaml \
+			--filename test/configmap.yaml \
+			--filename test/dummy.yaml \
+			--filename test/deployment-fargate.yaml \
+			--filename test/deployment-node-exporter.yaml
diff --git a/cert/cert.go b/cert/cert.go
@@ -15,8 +15,8 @@ type Source interface {
 }
 
 var (
-	ErrFailedToGenerateCert       = errors.New("failed to generate certificate")
-	ErrFailedToGeneratePrivateKey = errors.New("failed to generate new private key")
-	ErrFailedToRegenerateCA       = errors.New("failed to (re-)generate ca")
-	ErrUnspecifiedHosts           = errors.New("no hosts specified for the certificate")
+	errFailedToGenerateCert       = errors.New("failed to generate certificate")
+	errFailedToGeneratePrivateKey = errors.New("failed to generate new private key")
+	errFailedToRegenerateCA       = errors.New("failed to (re-)generate ca")
+	errUnspecifiedHosts           = errors.New("no hosts specified for the certificate")
 )
diff --git a/cert/self_signer.go b/cert/self_signer.go
@@ -29,7 +29,7 @@ type selfSigner struct {
 
 func NewSelfSigner(organisation string, hosts []string) (Source, error) {
 	if len(hosts) == 0 {
-		return nil, ErrUnspecifiedHosts
+		return nil, errUnspecifiedHosts
 	}
 
 	serial, err := rand.Int(rand.Reader, (&big.Int{}).Exp(big.NewInt(2), big.NewInt(128), nil))
@@ -66,18 +66,18 @@ func (s *selfSigner) NewBundle() (*Bundle, error) {
 func (s *selfSigner) newEcPrivateKey() (string, crypto.Signer, error) {
 	key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
-		return "", nil, fmt.Errorf("%w: %w", ErrFailedToGeneratePrivateKey, err)
+		return "", nil, fmt.Errorf("%w: %w", errFailedToGeneratePrivateKey, err)
 	}
 
 	bts, err := x509.MarshalECPrivateKey(key)
 	if err != nil {
-		return "", nil, fmt.Errorf("%w: %w", ErrFailedToGeneratePrivateKey, err)
+		return "", nil, fmt.Errorf("%w: %w", errFailedToGeneratePrivateKey, err)
 	}
 
 	var buf bytes.Buffer
 	err = pem.Encode(&buf, &pem.Block{Type: "EC PRIVATE KEY", Bytes: bts})
 	if err != nil {
-		return "", nil, fmt.Errorf("%w: %w", ErrFailedToGeneratePrivateKey, err)
+		return "", nil, fmt.Errorf("%w: %w", errFailedToGeneratePrivateKey, err)
 	}
 
 	return buf.String(), key, nil
@@ -88,7 +88,7 @@ func (s *selfSigner) regenerateCA() error {
 
 	_, sgn, err := s.newEcPrivateKey()
 	if err != nil {
-		return fmt.Errorf("%w: %w", ErrFailedToRegenerateCA, err)
+		return fmt.Errorf("%w: %w", errFailedToRegenerateCA, err)
 	}
 
 	tpl := &x509.Certificate{
@@ -106,13 +106,13 @@ func (s *selfSigner) regenerateCA() error {
 
 	bts, err := x509.CreateCertificate(rand.Reader, tpl, tpl, sgn.Public(), sgn)
 	if err != nil {
-		return fmt.Errorf("%w: %w", ErrFailedToRegenerateCA, err)
+		return fmt.Errorf("%w: %w", errFailedToRegenerateCA, err)
 	}
 
 	var buf bytes.Buffer
 	err = pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: bts})
 	if err != nil {
-		return fmt.Errorf("%w: %w", ErrFailedToRegenerateCA, err)
+		return fmt.Errorf("%w: %w", errFailedToRegenerateCA, err)
 	}
 
 	s.caSigner = sgn
@@ -127,7 +127,7 @@ func (s *selfSigner) generateCert() (*tls.Certificate, error) {
 
 	key, sgn, err := s.newEcPrivateKey()
 	if err != nil {
-		return nil, fmt.Errorf("%w: %w", ErrFailedToGenerateCert, err)
+		return nil, fmt.Errorf("%w: %w", errFailedToGenerateCert, err)
 	}
 
 	cert := &x509.Certificate{
@@ -152,18 +152,18 @@ func (s *selfSigner) generateCert() (*tls.Certificate, error) {
 
 	bts, err := x509.CreateCertificate(rand.Reader, cert, s.caTemplate, sgn.Public(), s.caSigner)
 	if err != nil {
-		return nil, fmt.Errorf("%w: %w", ErrFailedToGenerateCert, err)
+		return nil, fmt.Errorf("%w: %w", errFailedToGenerateCert, err)
 	}
 
 	var buf bytes.Buffer
 	err = pem.Encode(&buf, &pem.Block{Type: "CERTIFICATE", Bytes: bts})
 	if err != nil {
-		return nil, fmt.Errorf("%w: %w", ErrFailedToGenerateCert, err)
+		return nil, fmt.Errorf("%w: %w", errFailedToGenerateCert, err)
 	}
 
 	pair, err := tls.X509KeyPair(buf.Bytes(), []byte(key))
 	if err != nil {
-		return nil, fmt.Errorf("%w: %w", ErrFailedToGenerateCert, err)
+		return nil, fmt.Errorf("%w: %w", errFailedToGenerateCert, err)
 	}
 
 	return &pair, nil

diff --git a/config/config.go b/config/config.go
@@ -18,8 +18,8 @@ type Config struct {
 }
 
 var (
-	ErrConfigFailedToReadFromFile  = errors.New("failed to read configuration from file")
-	ErrConfigurationFailedToDecode = errors.New("failed to decode configuration")
+	errConfigFailedToReadFromFile  = errors.New("failed to read configuration from file")
+	errConfigurationFailedToDecode = errors.New("failed to decode configuration")
 )
 
 func ReadFrom(file string) (
@@ -28,15 +28,15 @@ func ReadFrom(file string) (
 	f, err := os.OpenFile(file, os.O_RDONLY, 0)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %s: %w",
-			ErrConfigFailedToReadFromFile, file, err,
+			errConfigFailedToReadFromFile, file, err,
 		)
 	}
 	d := yaml.NewDecoder(f)
 	d.KnownFields(true)
 	var _cfg Config
 	if err := d.Decode(&_cfg); err != nil {
 		return nil, fmt.Errorf("%w: %s: %w",
-			ErrConfigurationFailedToDecode, file, err,
+			errConfigurationFailedToDecode, file, err,
 		)
 	}
 	return &Config{

diff --git a/config/container.go b/config/container.go