feat: inject labels

flashbots · Apr 25, 2024 · d8a1a79 · d8a1a79
1 parent 11e8400
commit d8a1a79
Show file tree

Hide file tree

Showing 7 changed files with 102 additions and 21 deletions.
diff --git a/config/inject.go b/config/inject.go
@@ -9,7 +9,9 @@ type Inject struct {
 	LabelSelector *LabelSelector `yaml:"labelSelector,omitempty"`
 
 	Annotations map[string]string `yaml:"annotations,omitempty"`
-	Containers  []Container       `yaml:"containers,omitempty"`
+	Labels      map[string]string `yaml:"labels,omitempty"`
+
+	Containers []Container `yaml:"containers,omitempty"`
 }
 
 func (i Inject) Fingerprint() string {
@@ -29,6 +31,17 @@ func (i Inject) Fingerprint() string {
 		sum.Write([]byte{255})
 	}
 
+	sum.Write([]byte("labels:"))
+	for k, v := range i.Labels {
+		sum.Write([]byte("key:"))
+		sum.Write([]byte(k))
+		sum.Write([]byte{255})
+
+		sum.Write([]byte("value:"))
+		sum.Write([]byte(v))
+		sum.Write([]byte{255})
+	}
+
 	sum.Write([]byte("containers:"))
 	for _, c := range i.Containers {
 		c.hash(sum)

diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml
@@ -19,7 +19,7 @@ spec:
       serviceAccountName: kube-sidecar-injector
       containers:
         - name: kube-sidecar-injector
-          image: kube-sidecar-injector:0.0.2-2-g74221a4-dev
+          image: kube-sidecar-injector:0.0.3-dev
           ports:
             - name: https
               containerPort: 8443
@@ -44,19 +44,19 @@ metadata:
 data:
   config.yaml: |-
     inject:
-      - annotations:
-          test: test
+      - labels:
+          flashbots.net/fargate-node-exporter: true
 
         containers:
           - name: node-exporter
             image: prom/node-exporter:v1.7.0
             args: [
               "--log.format", "json",
-              "--web.listen-address", ":9001",
+              "--web.listen-address", ":9100",
             ]
             ports:
-              - name: metrics
-                containerPort: 9001
+              - name: http-metrics
+                containerPort: 9100
             resources:
               requests:
                 cpu: 10m

diff --git a/patch/add_pod_containers.go b/patch/add_pod_containers.go
@@ -6,7 +6,14 @@ import (
 	core_v1 "k8s.io/api/core/v1"
 )
 
-func AddPodContainers(pod *core_v1.Pod, containers []core_v1.Container) (json_patch.Patch, error) {
+func AddPodContainers(
+	pod *core_v1.Pod,
+	containers []core_v1.Container,
+) (json_patch.Patch, error) {
+	if len(containers) == 0 {
+		return nil, nil
+	}
+
 	res := make(json_patch.Patch, 0, len(containers))
 
 	notEmpty := len(pod.Spec.Containers) > 0

diff --git a/patch/update_pod_annotations.go b/patch/update_pod_annotations.go
@@ -10,6 +10,10 @@ func UpdatePodAnnotations(
 	pod *core_v1.Pod,
 	annotations map[string]string,
 ) (json_patch.Patch, error) {
+	if len(annotations) == 0 {
+		return nil, nil
+	}
+
 	if len(pod.Annotations) == 0 {
 		op, err := operation.Add("/metadata/annotations", annotations)
 		if err != nil {

diff --git a/patch/update_pod_labels.go b/patch/update_pod_labels.go
@@ -0,0 +1,44 @@
+package patch
+
+import (
+	json_patch "github.com/evanphx/json-patch"
+	"github.com/flashbots/kube-sidecar-injector/operation"
+	core_v1 "k8s.io/api/core/v1"
+)
+
+func UpdatePodLabels(
+	pod *core_v1.Pod,
+	labels map[string]string,
+) (json_patch.Patch, error) {
+	if len(labels) == 0 {
+		return nil, nil
+	}
+
+	if len(pod.Annotations) == 0 {
+		op, err := operation.Add("/metadata/labels", labels)
+		if err != nil {
+			return nil, err
+		}
+		return []json_patch.Operation{op}, nil
+	}
+
+	res := make(json_patch.Patch, 0, len(labels))
+
+	for k, v := range labels {
+		if _, exists := pod.Annotations[k]; exists {
+			op, err := operation.Replace("/metadata/labels/"+operation.Escape(k), v)
+			if err != nil {
+				return nil, err
+			}
+			res = append(res, op)
+		} else {
+			op, err := operation.Add("/metadata/labels/"+operation.Escape(k), v)
+			if err != nil {
+				return nil, err
+			}
+			res = append(res, op)
+		}
+	}
+
+	return res, nil
+}
diff --git a/readme.md b/readme.md
@@ -10,16 +10,19 @@ running next to it.
 
 ```yaml
 inject:
-  - containers:
+  - labels:
+      flashbots.net/fargate-node-exporter: true
+
+    containers:
       - name: node-exporter
         image: prom/node-exporter:v1.7.0
         args: [
           "--log.format", "json",
-          "--web.listen-address", ":9001",
+          "--web.listen-address", ":9100",
         ]
         ports:
-          - name: metrics
-            containerPort: 9001
+          - name: http-metrics
+            containerPort: 9100
         resources:
           requests:
             cpu: 10m

diff --git a/server/k8s.go b/server/k8s.go
@@ -218,19 +218,29 @@ func (s *Server) mutatePod(
 		res = append(res, p...)
 	}
 
-	// annotate
+	// only apply labels/annotations if at least one container was injected above
 	if len(res) > 0 {
-		annotations := make(map[string]string, len(inject.Annotations)+1)
-		for k, v := range inject.Annotations {
-			annotations[k] = v
+		{ // label
+			p, err := patch.UpdatePodLabels(pod, inject.Labels)
+			if err != nil {
+				return nil, err
+			}
+			res = append(res, p...)
 		}
-		annotations[s.cfg.K8S.ServiceName+"."+global.OrgDomain+"/"+fingerprint] = time.Now().Format(time.RFC3339)
 
-		p, err := patch.UpdatePodAnnotations(pod, annotations)
-		if err != nil {
-			return nil, err
+		{ // annotate
+			annotations := make(map[string]string, len(inject.Annotations)+1)
+			for k, v := range inject.Annotations {
+				annotations[k] = v
+			}
+			annotations[s.cfg.K8S.ServiceName+"."+global.OrgDomain+"/"+fingerprint] = time.Now().Format(time.RFC3339)
+
+			p, err := patch.UpdatePodAnnotations(pod, annotations)
+			if err != nil {
+				return nil, err
+			}
+			res = append(res, p...)
 		}
-		res = append(res, p...)
 	}
 
 	return res, nil