Support specifying sidecar's image by "flomesh.io/sidecar-image" anno…

…tation for pod and namespace. (#327)
flomesh-io · Aug 16, 2024 · 20b7a80 · 20b7a80
1 parent 4f28448
commit 20b7a80
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go
@@ -216,6 +216,9 @@ const (
 	// SidecarInjectionAnnotation is the annotation used for sidecar injection
 	SidecarInjectionAnnotation = "flomesh.io/sidecar-injection"
 
+	// SidecarImageAnnotation is the annotation used for sidecar injection
+	SidecarImageAnnotation = "flomesh.io/sidecar-image"
+
 	// MetricsAnnotation is the annotation used for enabling/disabling metrics
 	MetricsAnnotation = "flomesh.io/metrics"
 

diff --git a/pkg/sidecar/providers/pipy/driver/pipy_container.go b/pkg/sidecar/providers/pipy/driver/pipy_container.go
@@ -21,20 +21,41 @@ import (
 	"github.com/flomesh-io/fsm/pkg/sidecar/providers/pipy/bootstrap"
 )
 
-func getPlatformSpecificSpecComponents(cfg configurator.Configurator, _ string) (podSecurityContext *corev1.SecurityContext, pipyContainer string) {
+func getPlatformSpecificSpecComponents(injCtx *driver.InjectorContext, cfg configurator.Configurator, pod *corev1.Pod) (podSecurityContext *corev1.SecurityContext, pipyContainer string) {
 	podSecurityContext = &corev1.SecurityContext{
 		AllowPrivilegeEscalation: pointer.BoolPtr(false),
 		RunAsUser: func() *int64 {
 			uid := constants.SidecarUID
 			return &uid
 		}(),
 	}
+
+	if podAnnotations := pod.GetAnnotations(); len(podAnnotations) > 0 {
+		if podSidecarImage, exists := podAnnotations[constants.SidecarImageAnnotation]; exists {
+			if len(podSidecarImage) > 0 {
+				pipyContainer = podSidecarImage
+				return
+			}
+		}
+	}
+
+	if ns, err := injCtx.KubeClient.CoreV1().Namespaces().Get(context.Background(), injCtx.PodNamespace, metav1.GetOptions{}); err == nil {
+		if nsAnnotations := ns.GetAnnotations(); len(nsAnnotations) > 0 {
+			if nsSidecarImage, exists := nsAnnotations[constants.SidecarImageAnnotation]; exists {
+				if len(nsSidecarImage) > 0 {
+					pipyContainer = nsSidecarImage
+					return
+				}
+			}
+		}
+	}
+
 	pipyContainer = cfg.GetSidecarImage()
 	return
 }
 
 func getPipySidecarContainerSpec(injCtx *driver.InjectorContext, pod *corev1.Pod, cfg configurator.Configurator, cnPrefix string, originalHealthProbes models.HealthProbes, podOS string) corev1.Container {
-	securityContext, containerImage := getPlatformSpecificSpecComponents(cfg, podOS)
+	securityContext, containerImage := getPlatformSpecificSpecComponents(injCtx, cfg, pod)
 
 	podControllerKind := ""
 	podControllerName := ""