├── deploy ├── cert │ ├── ca.srl │ ├── injection.csr │ ├── ca.crt.pem │ ├── injection.crt │ ├── ca.key.pem │ └── injection.key └── kubernetes │ ├── service.yaml │ ├── deployment.yaml │ ├── admissionregistration.yaml │ └── secret.yaml ├── go.mod ├── version.go ├── Dockerfile ├── Makefile ├── scheme.go ├── main.go ├── config.go ├── server.go ├── .gitignore ├── go.sum ├── pods.go ├── LICENSE └── README.MD /deploy/cert/ca.srl: -------------------------------------------------------------------------------- 1 | B1C8295D11413075 2 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module skywalking/kubernetes 2 | 3 | go 1.14 4 | 5 | require ( 6 | github.com/Netflix/go-env v0.0.0-20200512170851-5660fe1ab40a 7 | k8s.io/api v0.18.5 8 | k8s.io/apimachinery v0.18.5 9 | k8s.io/klog v1.0.0 10 | ) 11 | -------------------------------------------------------------------------------- /deploy/kubernetes/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: skywalking-injection 5 | namespace: skywalking 6 | spec: 7 | selector: 8 | app: skywalking-injection 9 | ports: 10 | - port: 80 11 | name: http 12 | - port: 443 13 | name: https -------------------------------------------------------------------------------- /version.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | ) 6 | 7 | var ( 8 | BuildVersion string 9 | BuildTime string 10 | BuildName string 11 | CommitID string 12 | showVer bool 13 | ) 14 | 15 | func init() { 16 | flag.BoolVar(&showVer, "version", false, "show version") 17 | } 18 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:alpine 2 | 3 | ADD ./ /app/ 4 | 5 | WORKDIR /app 6 | 7 | RUN set -eux; \ 8 | \ 9 | apk add --no-cache make git \ 10 | ; ls -la \ 11 | ; make \ 12 | ; ./skac --version 13 | 14 | 15 | FROM alpine 16 | MAINTAINER 李盼庚 17 | 18 | COPY --from=0 /app/skac /usr/bin/ 19 | 20 | RUN set -eux ;\ 21 | \ 22 | apk add --no-cache tini \ 23 | \ 24 | ; chmod +x /usr/bin/skac \ 25 | \ 26 | ; /usr/bin/skac --version 27 | 28 | ENTRYPOINT ["/sbin/tini", "--"] 29 | 30 | CMD /usr/bin/skac $SKAC_OPTIONS -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | BUILD_VERSION := v1.0.0 2 | BUILD_TIME := $(shell date "+%F %T") 3 | BUILD_NAME := skac 4 | SOURCE := ./ 5 | TARGET_DIR := /usr/local/bin 6 | COMMIT_SHA1 := $(shell git rev-parse HEAD ) 7 | 8 | all: 9 | CGO_ENABLED=0 10 | go build -ldflags '\ 11 | -X "main.BuildVersion=${BUILD_VERSION}" \ 12 | -X "main.BuildTime=${BUILD_TIME}" \ 13 | -X "main.BuildName=${BUILD_NAME}" \ 14 | -X "main.CommitID=${COMMIT_SHA1}" \ 15 | ' \ 16 | -o ${BUILD_NAME} ${SOURCE} 17 | 18 | clean: 19 | rm -rfv ${BUILD_NAME} 20 | 21 | install: 22 | mkdir -p ${TARGET_DIR} 23 | cp -vf ${BUILD_NAME} ${TARGET_DIR} 24 | 25 | .PHONY : all clean install ${BUILD_NAME} -------------------------------------------------------------------------------- /scheme.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | admissionv1 "k8s.io/api/admission/v1" 5 | admissionregistrationv1 "k8s.io/api/admissionregistration/v1" 6 | corev1 "k8s.io/api/core/v1" 7 | "k8s.io/apimachinery/pkg/runtime" 8 | "k8s.io/apimachinery/pkg/runtime/serializer" 9 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 10 | ) 11 | 12 | var scheme = runtime.NewScheme() 13 | var codecs = serializer.NewCodecFactory(scheme) 14 | 15 | func init() { 16 | addToScheme(scheme) 17 | } 18 | 19 | func addToScheme(scheme *runtime.Scheme) { 20 | utilruntime.Must(corev1.AddToScheme(scheme)) 21 | utilruntime.Must(admissionv1.AddToScheme(scheme)) 22 | utilruntime.Must(admissionregistrationv1.AddToScheme(scheme)) 23 | } 24 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | env "github.com/Netflix/go-env" 7 | "k8s.io/klog" 8 | "net/http" 9 | "os" 10 | ) 11 | 12 | var config = Config{ 13 | UseTLS: true, 14 | CertFile: "/etc/swkac/tls.crt", 15 | KeyFile: "/etc/swkac/tls.key", 16 | TLSClientAuth: false, 17 | TriggerENV: false, 18 | SWImage: "lipangeng/skywalking-initcontainer:latest", 19 | SWAgentCollectorBackendServices: "skywalking-aop.skywalking:11800", 20 | SWJavaENVName: "JAVA_TOOL_OPTIONS", 21 | } 22 | 23 | func main() { 24 | if _, err := env.UnmarshalFromEnviron(&config); err != nil { 25 | klog.Error(err) 26 | return 27 | } 28 | config.addFlags() 29 | 30 | klog.InitFlags(nil) 31 | 32 | flag.Parse() 33 | 34 | showVersion() 35 | 36 | http.HandleFunc("/health", health) 37 | http.HandleFunc("/", serveMutatePods) 38 | 39 | fmt.Println("Starting") 40 | 41 | if config.UseTLS { 42 | server := &http.Server{ 43 | Addr: ":443", 44 | TLSConfig: configTLS(config), 45 | } 46 | _ = server.ListenAndServeTLS(config.CertFile, config.KeyFile) 47 | } else { 48 | server := &http.Server{ 49 | Addr: ":80", 50 | } 51 | _ = server.ListenAndServe() 52 | } 53 | } 54 | 55 | func showVersion() { 56 | if showVer { 57 | fmt.Printf("build name:\t%s\n", BuildName) 58 | fmt.Printf("build ver:\t%s\n", BuildVersion) 59 | fmt.Printf("build time:\t%s\n", BuildTime) 60 | fmt.Printf("Commit ID:\t%s\n", CommitID) 61 | os.Exit(0) 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /deploy/cert/injection.csr: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE REQUEST----- 2 | MIIE6DCCAtACAQAwgaIxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdCZWlqaW5nMRAw 3 | DgYDVQQHDAdCZWlqaW5nMQ8wDQYDVQQKDAZpTGVtb24xDzANBgNVBAsMBmlMZW1v 4 | bjEsMCoGA1UEAwwjc2t5d2Fsa2luZy1pbmplY3Rpb24uc2t5d2Fsa2luZy5zdmMx 5 | HzAdBgkqhkiG9w0BCQEWEGxpcGdAb3V0bG9vay5jb20wggIiMA0GCSqGSIb3DQEB 6 | AQUAA4ICDwAwggIKAoICAQDH65YJCHZUTqZpDLsASQHW+7lS6dEJn0yokZyjywh0 7 | KN7xzFc0+bCvW6zxDZQ/+oVdkv1QHMaHZapkjtCycKedepWomsoH4bL83D9moNZc 8 | gHFFrSV0ZukjWftQrmt5sPnZxOEvI8+qQBZvvPZBuoObhrKVaqnse/XwI/Ju8gjU 9 | brTP49O5jtWyGksFoINbD+L0ZYv4BnNFvt6ukjJ/W2RnrruF7eZk/visgaJGX5IY 10 | 6mrq5cAXRi2UtY7SkFx96It42g6oRZF2PTkZEfjGrqjq9zh9J5Lihz/EYvQ25dYU 11 | Pr5l0DpYohuj4KXbCZmjU8S4SripEFoDMp+YNDyQTMOyjfLWh6lAStNQA9CNpWT3 12 | xyo5DwoeZraIUr3SGwH8oIbnKIwDBYFqsZA7ycGevPoTELDfp9XHJl+T2Fy3A7ql 13 | jduZufcDWJLTgOzktq1Vne37uD1Ou82i6Oka7YqdeSo2HzaSZL7rE8WaBW+4vPiS 14 | IrPWXt+LyxbU/B0C2okEGV3rzSnvM2vFnHX1TrmGcjK5fNnle9FzbwQJphBrnjab 15 | +RbnhsK4Ank0N9W5pdxt7yTuF5sxCFq583Ub/4zYtSuizsH9kWpe6RwKq77ve51L 16 | YEHeNXGgQznCPdjcWJomYgfGdc396ylXK28xLE9Rly6JvKUd4oPv50r/6CqleXCn 17 | SwIDAQABoAAwDQYJKoZIhvcNAQELBQADggIBACrv9G9HqagAaXEup/jDzZF+NKx/ 18 | 1nGgl09tIyBtiafvfe19yGHJm5H8RHJD5YfXbn00VG1SOUiKCHbLLS4Ww65+MykE 19 | FXPSos3zYxlWCGdt4e1dLfW/7vRM8BmEeKlSj4deO4UOBurEf6+HZO8afNBoGjEm 20 | Q8oP2vtjQMtioslnV/8AhxwQFpya90pFwAfL0pRTLBQadiWu0Se7gBNYn140tRXv 21 | LAY+YVJCFWrm0tEVqkHlZHfiUtRUfcgXXU/siUfwpRcS64Qaua0neSMEZR09cT4Y 22 | bvQRQEiQ9YAj9dfEgHCXa8VL1QB4adS/vitzzfM1F8g8YSGylh3fTZ+bQn7c2nHe 23 | pEtOaNT/VebD7u8tRVx1bSR1hMNYjYo1OXLLo+gkjQz+6v31VxGEPPwMlAf4RK+R 24 | miGmkbMT4GIlHS5lkWnRqwLmWj4WTI+GfnH29js8MPhU7aVVeA2Pz4kVkHQops+6 25 | vUnMklpNJlvs2cXmtHV3wZiFZTRr/Rv8atXxRO5elhMX8Xk/ZSH23IrwDS5f35pZ 26 | zUDtZ2KjbIhG392VRHGxz0kxyXAtnLyVdVp84GmwRG+Xe+c0ljSI+5I8eWPEEaIE 27 | fyXk/ettuN1KTd7H+cz19VfPSPi7yLLEicTP3tqIpmZycTbVT8TxqDzvueExl5CD 28 | 59U67UoGg8xKf+WX 29 | -----END CERTIFICATE REQUEST----- 30 | -------------------------------------------------------------------------------- /deploy/kubernetes/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: skywalking-injection 5 | namespace: skywalking 6 | spec: 7 | replicas: 3 8 | template: 9 | metadata: 10 | name: skywalking-injection 11 | namespace: skywalking 12 | labels: 13 | app: skywalking-injection 14 | spec: 15 | containers: 16 | - name: skywalking-injection 17 | image: 172.16.56.199:5000/yonyoucloud-kubernetes/skywalking-injection:7.0.0 18 | imagePullPolicy: Always 19 | ports: 20 | - containerPort: 80 21 | name: http 22 | - containerPort: 443 23 | name: https 24 | env: 25 | - name: TZ 26 | value: Asia/Shanghai 27 | - name: SWKAC_TRIGGER_ENV 28 | value: "true" 29 | - name: SKAC_OPTIONS 30 | value: -v 3 31 | - name: SWKAC_SW_IMAGE 32 | value: 172.16.56.199:5000/yonyoucloud-kubernetes/skywalking-java-agent:7.0.0 33 | - name: SWKAC_SW_AGENT_COLLECTOR_BACKEND_SERVICES 34 | value: apm-aop.apmtest:11800 35 | - name: SWKAC_SW_JAVA_ENV_NAME 36 | value: CATALINA_OPTS 37 | resources: 38 | requests: 39 | memory: 64Mi 40 | limits: 41 | memory: 128Mi 42 | livenessProbe: 43 | httpGet: 44 | port: https 45 | path: /health 46 | scheme: HTTPS 47 | readinessProbe: 48 | httpGet: 49 | port: https 50 | path: /health 51 | scheme: HTTPS 52 | volumeMounts: 53 | - mountPath: /etc/skac/ 54 | name: cert 55 | readOnly: true 56 | restartPolicy: Always 57 | volumes: 58 | - name: cert 59 | secret: 60 | secretName: skywalking 61 | selector: 62 | matchLabels: 63 | app: skywalking-injection -------------------------------------------------------------------------------- /config.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/tls" 5 | "flag" 6 | "k8s.io/klog" 7 | ) 8 | 9 | // 配置信息 10 | type Config struct { 11 | UseTLS bool `env:"SWKAC_USE_TLS"` 12 | CertFile string `env:"SWKAC_TLS_CERT"` 13 | KeyFile string `env:"SWKAC_TLS_KEY"` 14 | TLSClientAuth bool `env:"SWKAC_TLS_CLIENT_AUTH"` 15 | TriggerENV bool `env:"SWKAC_TRIGGER_ENV"` 16 | SWImage string `env:"SWKAC_SW_IMAGE"` 17 | SWAgentCollectorBackendServices string `env:"SWKAC_SW_AGENT_COLLECTOR_BACKEND_SERVICES"` 18 | SWJavaENVName string `env:"SWKAC_SW_JAVA_ENV_NAME"` 19 | } 20 | 21 | func (c *Config) addFlags() { 22 | flag.BoolVar(&c.UseTLS, "use-tls", c.UseTLS, "run whit https.") 23 | flag.StringVar(&c.CertFile, "tls-cert-file", c.CertFile, 24 | "File containing the default x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert).") 25 | flag.StringVar(&c.KeyFile, "tls-private-key-file", c.KeyFile, 26 | "File containing the default x509 private key matching --tls-cert-file.") 27 | flag.BoolVar(&c.TLSClientAuth, "require-tls-client-auth", c.TLSClientAuth, 28 | "Require client auth with TLS, uses mutual tls on apiserver.") 29 | flag.BoolVar(&c.TriggerENV, "trigger-env", c.TriggerENV, "enable env matcher") 30 | flag.StringVar(&c.SWImage, "sw-image", c.SWImage, "Skywalking Agent Image") 31 | flag.StringVar(&c.SWAgentCollectorBackendServices, "sw-agent-collector-backend-services", 32 | c.SWAgentCollectorBackendServices, "SW_AGENT_COLLECTOR_BACKEND_SERVICES") 33 | } 34 | 35 | func configTLS(config Config) *tls.Config { 36 | sCert, err := tls.LoadX509KeyPair(config.CertFile, config.KeyFile) 37 | if err != nil { 38 | klog.Fatal(err) 39 | } 40 | tlsConfig := &tls.Config{ 41 | Certificates: []tls.Certificate{sCert}, 42 | } 43 | 44 | if config.TLSClientAuth { 45 | tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert 46 | } 47 | 48 | return tlsConfig 49 | } 50 | -------------------------------------------------------------------------------- /deploy/cert/ca.crt.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFojCCA4oCCQDFXe4p3Z464DANBgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMC 3 | Q04xEDAOBgNVBAgMB0JlaWppbmcxEDAOBgNVBAcMB0JlaWppbmcxDzANBgNVBAoM 4 | BmlMZW1vbjEPMA0GA1UECwwGaUxlbW9uMRswGQYDVQQDDBJ3d3cuaWxlbW9udGVj 5 | aC5jb20xHzAdBgkqhkiG9w0BCQEWEGxpcGdAb3V0bG9vay5jb20wIBcNMjAwNzE3 6 | MDE0NDAxWhgPMjEyMDA3MTcwMTQ0MDFaMIGRMQswCQYDVQQGEwJDTjEQMA4GA1UE 7 | CAwHQmVpamluZzEQMA4GA1UEBwwHQmVpamluZzEPMA0GA1UECgwGaUxlbW9uMQ8w 8 | DQYDVQQLDAZpTGVtb24xGzAZBgNVBAMMEnd3dy5pbGVtb250ZWNoLmNvbTEfMB0G 9 | CSqGSIb3DQEJARYQbGlwZ0BvdXRsb29rLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQAD 10 | ggIPADCCAgoCggIBALHQ/gu14YBCb3Q5+aMkrOwDyJP+4/AJcE84bNmr/VlXD1oI 11 | s3L2orQbpkQCUDVfjTqNMkoOt+mZXXwm2u30mSNJBFhZxq3OgKIVqWb1Ud9X4A23 12 | 9IqIdDWCN2wUZXUwFnM7BanqS+wrbhovqjSEqB69BinGcjfoL+1ie3uXjyPGfIVj 13 | bzWUIGgc3iTIeslr/ZkS0Kh63lUm7CZHPZqZp3/oUSXBk3MsxvJBtVxBTP4nE0+b 14 | f/XI/xISo/urB5kdXemQ3igEKQBjSYp/nKaua/PrkgpGmYukdeXIUyxJBOk5BBuw 15 | oqbwCApAiCL3yC/fukxGOf7ztwbDfXShWOvSJK64WtcZ0DxlCNUL1Ng6kr1K24Mx 16 | Gk6cD5bQbcX+DW8SKnbKCZo8KGRov9upomEW4Ci3XO+N1zpdROipaZWU3KvrFga6 17 | 69fhI3Gg3dUlZk+hTk5d1A17+1SywAtQjWqxowGyccZOJtj9JYiIHMrlEORyfPO2 18 | 5X4PmUJkhIoAacRvmhidSDYQNcLeKxbmSUwVdHZJJFZ2ZV1irvO2c8TKj6PWd07a 19 | F54o+BK1T221V+HgRrVm9Z4NsAcMsPRpv3acBvMZYlq/HxjkmSSMHqmwE0cWuso2 20 | Fqvcb1pJPbLtjPgWwVdOnVqMG7i13aNnrMf85JseseZzTOs/1BvXr851U5LfAgMB 21 | AAEwDQYJKoZIhvcNAQELBQADggIBAIZ7ZXZW4HJ127zxvOYmHu7h/k5GpooxvJ+p 22 | YKoPF4iwpFDc7f0Pdy4+KUpmQKlcaRnHFVXd9XJ4GYg689kLTyZ7sobjnQt6NSKN 23 | lXNgoIJwfmN5zjWnGP+WMhoBRL3J4n3SYGmjY0e4s9MpRPQvISyGYs+EAD1Tj3dD 24 | vqh3NVNwvn2l6I2cIqPEhSMRct0SyOsj802/xPoj6me+jF98dg6WS9UHAJsjqEzX 25 | slwaA9zsvpBZ4N5cusQ2jGXGDnECAKL6mbvtUXpXwMvHWy0moCX8sKJpBd6VbPxL 26 | xeOWnNzCEd/awjeY57ps93bv6Uz6uke2Wfb9GLwPBFd9EK56Eyce9wgZI8oh2NIY 27 | b66Dp0lLaGi48dYZJFEMDLXNUEvEtfdJ7+ylSW2XnvnLCOnhB2bBowble075RYsj 28 | ltUJEl5a1YmHNZs3xgrwQ+/sxn85bP+zjSIIjRk5WPinn//notjzPrIHbfN64o/y 29 | 0/UikeTcTVneDDABptfyUyDmNiVXBhyhvK712DffuCMZrT5bQzUGus+APj8A8hgI 30 | mqRwnKvroprv8JwoeYnmk4LdflLJQXs2Uugv/ZuVedy1AJNke8TIxaEJ2KhS0gZq 31 | 0YvDVAQEH4VTLx8VE7qFn6A5ahDmUAtdBy1CdK/ICZ8x7JfDBa/s+Ju+VALky2oa 32 | 4qVSDPt2 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /deploy/cert/injection.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFszCCA5sCCQCxyCldEUEwdTANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC 3 | Q04xEDAOBgNVBAgMB0JlaWppbmcxEDAOBgNVBAcMB0JlaWppbmcxDzANBgNVBAoM 4 | BmlMZW1vbjEPMA0GA1UECwwGaUxlbW9uMRswGQYDVQQDDBJ3d3cuaWxlbW9udGVj 5 | aC5jb20xHzAdBgkqhkiG9w0BCQEWEGxpcGdAb3V0bG9vay5jb20wIBcNMjAwNzE3 6 | MDE1MzU1WhgPMjEyMDA3MTcwMTUzNTVaMIGiMQswCQYDVQQGEwJDTjEQMA4GA1UE 7 | CAwHQmVpamluZzEQMA4GA1UEBwwHQmVpamluZzEPMA0GA1UECgwGaUxlbW9uMQ8w 8 | DQYDVQQLDAZpTGVtb24xLDAqBgNVBAMMI3NreXdhbGtpbmctaW5qZWN0aW9uLnNr 9 | eXdhbGtpbmcuc3ZjMR8wHQYJKoZIhvcNAQkBFhBsaXBnQG91dGxvb2suY29tMIIC 10 | IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx+uWCQh2VE6maQy7AEkB1vu5 11 | UunRCZ9MqJGco8sIdCje8cxXNPmwr1us8Q2UP/qFXZL9UBzGh2WqZI7QsnCnnXqV 12 | qJrKB+Gy/Nw/ZqDWXIBxRa0ldGbpI1n7UK5rebD52cThLyPPqkAWb7z2QbqDm4ay 13 | lWqp7Hv18CPybvII1G60z+PTuY7VshpLBaCDWw/i9GWL+AZzRb7erpIyf1tkZ667 14 | he3mZP74rIGiRl+SGOpq6uXAF0YtlLWO0pBcfeiLeNoOqEWRdj05GRH4xq6o6vc4 15 | fSeS4oc/xGL0NuXWFD6+ZdA6WKIbo+Cl2wmZo1PEuEq4qRBaAzKfmDQ8kEzDso3y 16 | 1oepQErTUAPQjaVk98cqOQ8KHma2iFK90hsB/KCG5yiMAwWBarGQO8nBnrz6ExCw 17 | 36fVxyZfk9hctwO6pY3bmbn3A1iS04Ds5LatVZ3t+7g9TrvNoujpGu2KnXkqNh82 18 | kmS+6xPFmgVvuLz4kiKz1l7fi8sW1PwdAtqJBBld680p7zNrxZx19U65hnIyuXzZ 19 | 5XvRc28ECaYQa542m/kW54bCuAJ5NDfVuaXcbe8k7hebMQhaufN1G/+M2LUros7B 20 | /ZFqXukcCqu+73udS2BB3jVxoEM5wj3Y3FiaJmIHxnXN/espVytvMSxPUZcuibyl 21 | HeKD7+dK/+gqpXlwp0sCAwEAATANBgkqhkiG9w0BAQUFAAOCAgEAHsx72J5i27Sg 22 | joh67hgl0ieKwj7kVyc3bVRfoA/7580yEP29v1c0nK2VKic6+ps4xkvXti+5l5We 23 | jfoJuNaEUSG7LS5PYRmviBPdEWcfmygQc8Sr7XxUkyRrhan2qKXfpfEL2hwaYu7l 24 | jz68GcKGO/tIMJaXTYXuMBoRy7YcBsckWz9Hq6cbwdexatJ9yHczqyg0TQvkEpf1 25 | RrMCXM2dzuZmgxqf6HsjjwfoJqbFKr+d0A69APcIOCwAIZIOU7216J52k47rH6uZ 26 | dFudxAE9PLRYUlA46KTJzeDNlkdlQJsPSNPrPt17FNjMm0M7WKX8teoAPsRX90fn 27 | wm7BW7gdpARt4hVud6rlrriYYJJAsYF3GWYFOdniRkhurpdnRh3kVkeNwl8NovfN 28 | hckgCDooOc0vi4so5pp1ARXyLYAlRyZScGCu9Y2lRL/LbNoReDh+pBMlkRkbyKvr 29 | JFaFqmR/TXWVDpTSC4hPri39Q7x4IT4TAJYB0/3aSOSes9tavRyHVDAVGs/K2qh0 30 | xJZ+G95VjCVcY5640n76rp3YdEe1wmyOpyhB9+agBLdiqIS3CzimBIxHQsxluqzg 31 | 5+/GkW+e8tL0JFuJghdHMpO6dinW05B7lZuiUJ+1KilMfYVd4+ZhNZzl4fpfak86 32 | lfux6S3NJKUpT3SwHEnY9phFel/9G2k= 33 | -----END CERTIFICATE----- 34 | -------------------------------------------------------------------------------- /server.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | "io/ioutil" 7 | v1 "k8s.io/api/admission/v1beta1" 8 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 9 | "k8s.io/klog" 10 | "net/http" 11 | ) 12 | 13 | 14 | 15 | // admitFunc is the type we use for all of our validators and mutators 16 | type admitFunc func(v1.AdmissionReview) *v1.AdmissionResponse 17 | 18 | // serve handles the http portion of a request prior to handing to an admit 19 | // function 20 | func serve(w http.ResponseWriter, r *http.Request, admit admitFunc) { 21 | var body []byte 22 | if r.Body != nil { 23 | if data, err := ioutil.ReadAll(r.Body); err == nil { 24 | body = data 25 | } 26 | } 27 | 28 | // verify the content type is accurate 29 | contentType := r.Header.Get("Content-Type") 30 | if contentType != "application/json" { 31 | klog.Errorf("contentType=%s, expect application/json", contentType) 32 | return 33 | } 34 | 35 | klog.V(2).Info(fmt.Sprintf("handling request: %s", body)) 36 | 37 | // The AdmissionReview that was sent to the webhook 38 | requestedAdmissionReview := v1.AdmissionReview{} 39 | 40 | // The AdmissionReview that will be returned 41 | responseAdmissionReview := v1.AdmissionReview{} 42 | 43 | deserializer := codecs.UniversalDeserializer() 44 | if _, _, err := deserializer.Decode(body, nil, &requestedAdmissionReview); err != nil { 45 | klog.Error(err) 46 | responseAdmissionReview.Response = toAdmissionResponse(err) 47 | } else { 48 | // pass to admitFunc 49 | responseAdmissionReview.Response = admit(requestedAdmissionReview) 50 | } 51 | 52 | // Default 53 | responseAdmissionReview.Kind = requestedAdmissionReview.Kind 54 | responseAdmissionReview.APIVersion = requestedAdmissionReview.APIVersion 55 | 56 | // Return the same UID 57 | responseAdmissionReview.Response.UID = requestedAdmissionReview.Request.UID 58 | 59 | klog.V(2).Info(fmt.Sprintf("sending response: %v", responseAdmissionReview.Response)) 60 | 61 | respBytes, err := json.Marshal(responseAdmissionReview) 62 | if err != nil { 63 | klog.Error(err) 64 | } 65 | if _, err := w.Write(respBytes); err != nil { 66 | klog.Error(err) 67 | } 68 | } 69 | 70 | // toAdmissionResponse is a helper function to create an AdmissionResponse 71 | // with an embedded error 72 | func toAdmissionResponse(err error) *v1.AdmissionResponse { 73 | return &v1.AdmissionResponse{ 74 | Result: &metav1.Status{ 75 | Message: err.Error(), 76 | }, 77 | } 78 | } 79 | 80 | // Health Check 81 | func health(w http.ResponseWriter, r *http.Request) { 82 | _, _ = w.Write([]byte("ok")) 83 | } 84 | -------------------------------------------------------------------------------- /deploy/cert/ca.key.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJKAIBAAKCAgEAsdD+C7XhgEJvdDn5oySs7APIk/7j8AlwTzhs2av9WVcPWgiz 3 | cvaitBumRAJQNV+NOo0ySg636ZldfCba7fSZI0kEWFnGrc6AohWpZvVR31fgDbf0 4 | ioh0NYI3bBRldTAWczsFqepL7CtuGi+qNISoHr0GKcZyN+gv7WJ7e5ePI8Z8hWNv 5 | NZQgaBzeJMh6yWv9mRLQqHreVSbsJkc9mpmnf+hRJcGTcyzG8kG1XEFM/icTT5t/ 6 | 9cj/EhKj+6sHmR1d6ZDeKAQpAGNJin+cpq5r8+uSCkaZi6R15chTLEkE6TkEG7Ci 7 | pvAICkCIIvfIL9+6TEY5/vO3BsN9dKFY69Ikrrha1xnQPGUI1QvU2DqSvUrbgzEa 8 | TpwPltBtxf4NbxIqdsoJmjwoZGi/26miYRbgKLdc743XOl1E6KlplZTcq+sWBrrr 9 | 1+EjcaDd1SVmT6FOTl3UDXv7VLLAC1CNarGjAbJxxk4m2P0liIgcyuUQ5HJ887bl 10 | fg+ZQmSEigBpxG+aGJ1INhA1wt4rFuZJTBV0dkkkVnZlXWKu87ZzxMqPo9Z3TtoX 11 | nij4ErVPbbVX4eBGtWb1ng2wBwyw9Gm/dpwG8xliWr8fGOSZJIweqbATRxa6yjYW 12 | q9xvWkk9su2M+BbBV06dWowbuLXdo2esx/zkmx6x5nNM6z/UG9evznVTkt8CAwEA 13 | AQKCAgBR0IEzTipFY0v4xDwSTmup5EvDnIGwDge4y5N5y+Kz2pTbriky+jv+dsJX 14 | hGD3TdGjYRgEbyU7vC8BUrdkySg0zgHLzPLXQa555VGeZ72V787NQRipLQObIyDw 15 | /6l28/tAZaXDemQYdBsivU+o/miETCCr0/z1sEVtCeUbBq77nPXqQcgHdPI8NRwY 16 | /I1SY/e5GKkc+/uUXmZFbn3vxkcFWRUNNDXtxmp7SLRzkDAmuD/wXvHPWv3RiPYe 17 | c6D5WEO/lcJB0zgyT3yk1vZy0sok3vzA8Z7wW2lLopJyS96QmIVFYE5WVRa98Ncy 18 | j6NyM5R6R82jeut5lzUAFsTdLEFnxkbb1DBan1HezIxi1BFSKpYSCjcr1dpnIMIh 19 | LbtUeT9XzU88IEAw4J+S5QJo53ozsoGB4f67MhDNcF1l3q5QbEPiyTZIAnM6Fj1b 20 | kQ4jDPdUVs4k5zyiGz8LlpjfxwU67qjlJ9g2D1d+TEvmUfssSCdaU8lTXQvYMvGu 21 | gc5VWfHZ/6mJtFpzVgswb7cFMwyE/1YZPcX2IQqIXQ4GEyfgyMIuSOGnoC+gYI6v 22 | 4keqapv+R3qDnXmUgdBAJKW6Kp+d738zsCYog/KRhaaFHUiSfPrAqLxcf1wq2I27 23 | n50lgsGGcEiRzpF7Wb95jpoqkz0LxcyXJUsKWO5tQ5Us9x8dUQKCAQEA3FyH/+Re 24 | O2uJXviQqE7NnW5qa42hXHKNlDfazWIuebphKZj4Vf01u1MeoLKaRShq2uDaDD+p 25 | omamvR8vAGM1e4jYS1BJYLDjdEMvTI7GheqPp5hW5QydXH3jcOTTELfk3J7Br6Cc 26 | oehXcYqcW6+0eRblm/MfMhW0k5OZNH/oOCf8MHvXi1XrkHnY1L2KED/x9A2fBsJl 27 | uTc4jMY+op9WC+RXPee+qu5uZ88Z/UpelLB6HXNWLF/b20otXSjOOmLkohYXnqI/ 28 | sUNhjrNQ12OfGmKJzGPyKFebS8Pe7ivgp/PGLECirWK9Qlcm8ceqKwVHhUgkI80i 29 | uM5AsxqyKO6+cwKCAQEAzpL/Y/wCKXDB4gwVCVdkjFTCg2vJegmyUwDgEdjKJDtN 30 | ovYLkSHz8Dw7aI3bR80Byk5wlqiNPg1HKOZ9xffZRL5YWVr9fZWdDYTzHgTaXI3C 31 | FvHFHMB8jg9uTsS9u0MVd5KQvqwEFxHysLWULU3Yc1k7QtWmAZogSqsTGXgAuFxl 32 | DOtCo73m0Yz8tO1mNijRUZTnQF9WwXRBX1AThHGEtvAF5dg4cwY5YZiR7HSSkxEs 33 | MmSgEl+wKiURNUFp6SxP8k4EnScLnJ2fmk9Bp3LArX+UR2zCZjxv4GKU6EN8mPim 34 | mRMGw5zDUtUxLDknsKE0+mFHOiMpxPDIZb7+jDxy5QKCAQEAtLH7o020J61qm8Hf 35 | fOQBnxKnmUIuCwy0I9IZTUkxKwg2HFIfcQONR+pEtyk9b3BRDuJKarjZdR4PpA0q 36 | EXtIo9/23OsdAHiMSw28f16kU7Of0KIOvwu1Dd783doFaTQiKvbThByD1BAdhDFR 37 | Pa26o4CvD04xSnSZ+lmRy4cG+OVw2qDygoMWAwanUuuJhwGoeaOhv30wxMwPRwBY 38 | 5Ckb+exnzY92vdt+FQmyGg0duXds6zFkfEaulgchY77OPPpS2Mac36vT5puGJ+nK 39 | ZJSAJraeoEdkjsgnw9z9tPet5Ir0+dyWiO7qmre0a5Z6Z4SQvS4G1ISl8DzQuQ0v 40 | AnmjGQKCAQAwq5+yngCgZOm5aaFXNxkAm0PNFQs+TqSOO+mPKuXNjY9oMtJc2oQP 41 | +RECPFIK47llQf/y7zmAAj7e2xeNGi09rh9AxlhtS1/afJWPYBNWtSuinkoT0SJH 42 | kkkqE96kDVU0e/rQgdTg3qCwk8eauPmji8WTpKTdQcQT86SnXofE6DgCyDdGPwrw 43 | Gmi79Ccd4ZYXw56MoyncoJh6bXJ7xQdA1uJ82enK6A+C+CCBdqHGNsiUAvNYAOWP 44 | uHYKdyQOBRu8+jbKFBX/S3/8KmpMmpPdDO8RuQVAc0LkujVdV/E2VXdjH4F7eybm 45 | EEbqpXi9e+3whBT1FK3Vsel1V3+/6MolAoIBADB6tVUiMgoi6D+EZ2ePvTlPb0oY 46 | zGwB+uPAG+7HiIxjG5XlJCPwQawWpF+qDefroW4n7nnNIz1HOOOfaHYJ/u6XV2ON 47 | xOK1JaCBZWnRy8guo6OJj7RyBut0C9o/P5dnKKyxGkcO9wTMKTLcB0eI999VokpJ 48 | 8/n9PkwOA4N0XttAIwrN4MCsnwzXojJlk29xd2IPwLRXffP8MoqFOeVp/RZUvDw6 49 | i2sW8F3recCqEIG3UrkTJkcZUmwn1hsBASJtjeA5aGyvrigcbdP2q6gnjs+fQwdJ 50 | wQ3jexQ/vdLP/wq/1EHrNM0u5JxLdpEzPfW869cZ78zf9Sg1bhK672nS1eY= 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /deploy/cert/injection.key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIJJwIBAAKCAgEAx+uWCQh2VE6maQy7AEkB1vu5UunRCZ9MqJGco8sIdCje8cxX 3 | NPmwr1us8Q2UP/qFXZL9UBzGh2WqZI7QsnCnnXqVqJrKB+Gy/Nw/ZqDWXIBxRa0l 4 | dGbpI1n7UK5rebD52cThLyPPqkAWb7z2QbqDm4aylWqp7Hv18CPybvII1G60z+PT 5 | uY7VshpLBaCDWw/i9GWL+AZzRb7erpIyf1tkZ667he3mZP74rIGiRl+SGOpq6uXA 6 | F0YtlLWO0pBcfeiLeNoOqEWRdj05GRH4xq6o6vc4fSeS4oc/xGL0NuXWFD6+ZdA6 7 | WKIbo+Cl2wmZo1PEuEq4qRBaAzKfmDQ8kEzDso3y1oepQErTUAPQjaVk98cqOQ8K 8 | Hma2iFK90hsB/KCG5yiMAwWBarGQO8nBnrz6ExCw36fVxyZfk9hctwO6pY3bmbn3 9 | A1iS04Ds5LatVZ3t+7g9TrvNoujpGu2KnXkqNh82kmS+6xPFmgVvuLz4kiKz1l7f 10 | i8sW1PwdAtqJBBld680p7zNrxZx19U65hnIyuXzZ5XvRc28ECaYQa542m/kW54bC 11 | uAJ5NDfVuaXcbe8k7hebMQhaufN1G/+M2LUros7B/ZFqXukcCqu+73udS2BB3jVx 12 | oEM5wj3Y3FiaJmIHxnXN/espVytvMSxPUZcuibylHeKD7+dK/+gqpXlwp0sCAwEA 13 | AQKCAgB6jbnQ2cYoEnrC5RHxr8+X6YIHCNyjKGtG3tSGOB17j95znc9L41DjfrB6 14 | qNdbjQiaf1QX+zvcnn8g28ely5eE2zPJQvJceIhPp/iZwjkGRZqqmuTeAYQjrrJ4 15 | GCQ8WjgfvihIzIwuEtFuOAlB68Nn4N+y5ss59Bek2XRxfJ/bEe53jnMpSh1H7ARX 16 | c7lyZj+7kFCIf/PEKqi5nVelaPIY+S1tgZP+D6uDnIhM2aNm8LUQQD1MRzID+nSO 17 | Mf7xFFADirD3iIYOVKOe8bxul31nZJvVZSAPC9gUXJDW4ngkuv3ezhImaWHGSR2D 18 | M9RiIiTy0KN4yFRVp3/cPxFtaBGCWsfS3E8zwrzYBZLC+q9ht5DHVD1EeUckL2TK 19 | sR/8BQhkjwp8Rr56bjUDFHx7DHTCLbktNlGHE/qfx7o6K0O9P3+qRMPRdTLlMClX 20 | Fmm74AJ6qeVVLzVYIpB325PJfdqGosWXFFwOHdFK1awde7U6Sr5uui18tNM06w66 21 | 2P/cAEeoyyObKcnRQGtT8Hw3ThzmULlUVxAWG9C+JKf2AO8gTpssExgBNdbwn8RR 22 | P+dltWv8ss6dC3hZWx8qOlmbwOUDPCwjpK+cIHrOmWKqwYmnsWa/8mFLFMWElOBZ 23 | k0l0kDaq5kBeQD4dOJ3gTrmTRTeFKm05Y68y6Zn2dJJdU2+ooQKCAQEA8M3iOyHZ 24 | MB3qERdNxPIBlNtLEmZurMjVBv1QkPouy5OvTeN24RxUg6tf6N6R+iUI8aHp7oDY 25 | g6/Un7QAetcagNlwwYI02/p28FkvQw5wBg/U6jH8EM2qbXkqPSaU49+2iMlew+dD 26 | jLSTh9ZHNmMjH1MbEyTJ9oaOLfNy55se/p5GlF/N6m6iirr/ha9LjK32Zht0UBbK 27 | Q/B/hy1BPsQSUb/gWs5l67nAx+ZlGJd32BgsZXgZIsbrmWqAgBAzD971P5Y/xYHG 28 | hJXWr3Ki1iVN0rbb3XKrnYNWYZWT9FsRoxdd6iA4b0pu1bDGP80KgjVkLht8Rx6i 29 | io3FoITaoGA/ewKCAQEA1Ik8EtxeQPtpB5MYmj6++DxrVtH7UliDZ++e9bVq/mXp 30 | oJA/ni4wj9ZItgzIqaATqEYArkwCOFz5gUANNIdmJfmXTRPXMN98F/mPKCGc22qY 31 | YRF3Eye8osMc4SCDmwuAHveKmGekZ/SIDIA7/qFF5oOPAxYBtXfal56F8KgDCjIt 32 | bV6piaWYtbnWGRKkgYnoc3RFKZXcV+lZmCrUHTVYPVSNIZE7cx+g98n1Kod7epP0 33 | Au1e9Unb02UqcMZTxgJVZlegm2B7SMSHPhHDobaBgAS/D0aWjl/CGsR0n2/VyPej 34 | 2Fixq0bpDoP/oFF0Wc5kyaY5YpqGVI7jpB76YPtGcQKCAQBmILuJHrLxUE6cTwjh 35 | tU3sZxEwzZa02zxWCYto4WKFXq5j10vs70n8yesUZYj90UU4zdXcHHM3bpQ742is 36 | sJwB97Z1q5ZlkZVuHDUKOI5UU9SWOvrP2ZolcdTzOHC/MHtHCjiR13xzqYZEfyGW 37 | tHcJ6wI5nUm2r5yPaofaKJT9of0HIpa/jYqMUgDbHtxo3sL4zT4IVZIVPGOp3gyk 38 | 5R1r5Hfvq0fYsOBNJ67KvjrKwH3bzxLCCCGV4HB9X+F4IrRa8os7Ze3e/3mc0X60 39 | Wf/mlT0sb1zPogs5uemVIiaZx+hBysaElMnrAV0jY//H94L0dx2/QAPpxXUCvjXG 40 | /OsPAoIBACl6VuT/aM2ZwxedV3HSyQY9FF2vQTMC3zJLi2Q8cZMQZJXXUPMX5JZN 41 | pYcR259vBCcU8lERuGUzj+XvkCQuQHssyKBcPOTm2Jr9MzkLxkbz+KUI+YodeSzy 42 | kxJEfCqoBesFOGEh6O34xQxbglnhM3kXN7PMeazmpRxt7YnX4C//NupfTQr17GWa 43 | zPO7tasqNNlDWbQR8RyfB8MwqJDCtmPRunFQnJ+NDqcNHPGd2zVC5p4joSKRtXr+ 44 | BVhY/ERqdCwy8b8hBy5eXF56rQlESuWnB3p9tig2+/SpXnE3LCu6WJmCRbo9boJM 45 | tHifLOvR4c2QySY7LfgWosqG2SpQH6ECggEAJBtDqwCQyNMu6pCqFzSMsmvNtuqu 46 | JiWHE+4WPE0Ywr0X+sxWeQeAuJ6lceY6Ewu+oFYbrYjEPICOTH2VvQeCFYvRNOnY 47 | BtM1qd3a5hYZOv8S3VVV3epsfGcAILP92UGQHNPhMfn4gcirekL9WQV9AJ6AK7KA 48 | 5Cu30pbr144wcbiPSseTnCpzxwL+Rvz4F9azK/82qy7r/NYqYgDCTExgOFEAZX89 49 | 30hSl/ryGgWew8QKlDIJyqXSuocuFhvNM1Rd1mnSWpwGZb326q/JKyDZChEog/Uq 50 | /tjTpfzWdyFsoQr2xEeg5yzSdH58xKsHIIdhoRH463lCyM5eqqdNtSOanw== 51 | -----END RSA PRIVATE KEY----- 52 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Created by .ignore support plugin (hsz.mobi) 2 | ### Base Template template 3 | # Created by .ignore support plugin (hsz.mobi) 4 | ### Windows template 5 | # Windows thumbnail cache files 6 | Thumbs.db 7 | Thumbs.db:encryptable 8 | ehthumbs.db 9 | ehthumbs_vista.db 10 | 11 | # Dump file 12 | *.stackdump 13 | 14 | # Folder config file 15 | [Dd]esktop.ini 16 | 17 | # Recycle Bin used on file shares 18 | $RECYCLE.BIN/ 19 | 20 | # Windows Installer files 21 | *.cab 22 | *.msi 23 | *.msix 24 | *.msm 25 | *.msp 26 | 27 | # Windows shortcuts 28 | *.lnk 29 | 30 | ### macOS template 31 | # General 32 | .DS_Store 33 | .AppleDouble 34 | .LSOverride 35 | 36 | # Icon must end with two \r 37 | Icon 38 | 39 | # Thumbnails 40 | ._* 41 | 42 | # Files that might appear in the root of a volume 43 | .DocumentRevisions-V100 44 | .fseventsd 45 | .Spotlight-V100 46 | .TemporaryItems 47 | .Trashes 48 | .VolumeIcon.icns 49 | .com.apple.timemachine.donotpresent 50 | 51 | # Directories potentially created on remote AFP share 52 | .AppleDB 53 | .AppleDesktop 54 | Network Trash Folder 55 | Temporary Items 56 | .apdisk 57 | 58 | ### Linux template 59 | *~ 60 | 61 | # temporary files which can be created if a process still has a handle open of a deleted file 62 | .fuse_hidden* 63 | 64 | # KDE directory preferences 65 | .directory 66 | 67 | # Linux trash folder which might appear on any partition or disk 68 | .Trash-* 69 | 70 | # .nfs files are created when an open file is removed but is still being accessed 71 | .nfs* 72 | 73 | .idea/ 74 | 75 | ### JetBrains template 76 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider 77 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 78 | 79 | # User-specific stuff 80 | .idea/**/workspace.xml 81 | .idea/**/tasks.xml 82 | .idea/**/usage.statistics.xml 83 | .idea/**/dictionaries 84 | .idea/**/shelf 85 | 86 | # Generated files 87 | .idea/**/contentModel.xml 88 | 89 | # Sensitive or high-churn files 90 | .idea/**/dataSources/ 91 | .idea/**/dataSources.ids 92 | .idea/**/dataSources.local.xml 93 | .idea/**/sqlDataSources.xml 94 | .idea/**/dynamic.xml 95 | .idea/**/uiDesigner.xml 96 | .idea/**/dbnavigator.xml 97 | 98 | # Gradle 99 | .idea/**/gradle.xml 100 | .idea/**/libraries 101 | 102 | # Gradle and Maven with auto-import 103 | # When using Gradle or Maven with auto-import, you should exclude module files, 104 | # since they will be recreated, and may cause churn. Uncomment if using 105 | # auto-import. 106 | # .idea/artifacts 107 | # .idea/compiler.xml 108 | # .idea/jarRepositories.xml 109 | # .idea/modules.xml 110 | # .idea/*.iml 111 | # .idea/modules 112 | # *.iml 113 | # *.ipr 114 | 115 | # CMake 116 | cmake-build-*/ 117 | 118 | # Mongo Explorer plugin 119 | .idea/**/mongoSettings.xml 120 | 121 | # File-based project format 122 | *.iws 123 | 124 | # IntelliJ 125 | out/ 126 | 127 | # mpeltonen/sbt-idea plugin 128 | .idea_modules/ 129 | 130 | # JIRA plugin 131 | atlassian-ide-plugin.xml 132 | 133 | # Cursive Clojure plugin 134 | .idea/replstate.xml 135 | 136 | # Crashlytics plugin (for Android Studio and IntelliJ) 137 | com_crashlytics_export_strings.xml 138 | crashlytics.properties 139 | crashlytics-build.properties 140 | fabric.properties 141 | 142 | # Editor-based Rest Client 143 | .idea/httpRequests 144 | 145 | # Android studio 3.1+ serialized cache file 146 | .idea/caches/build_file_checksums.ser 147 | 148 | ### Eclipse template 149 | .metadata 150 | bin/ 151 | tmp/ 152 | *.tmp 153 | *.bak 154 | *.swp 155 | *~.nib 156 | local.properties 157 | .settings/ 158 | .loadpath 159 | .recommenders 160 | 161 | # External tool builders 162 | .externalToolBuilders/ 163 | 164 | # Locally stored "Eclipse launch configurations" 165 | *.launch 166 | 167 | # PyDev specific (Python IDE for Eclipse) 168 | *.pydevproject 169 | 170 | # CDT-specific (C/C++ Development Tooling) 171 | .cproject 172 | 173 | # CDT- autotools 174 | .autotools 175 | 176 | # Java annotation processor (APT) 177 | .factorypath 178 | 179 | # PDT-specific (PHP Development Tools) 180 | .buildpath 181 | 182 | # sbteclipse plugin 183 | .target 184 | 185 | # Tern plugin 186 | .tern-project 187 | 188 | # TeXlipse plugin 189 | .texlipse 190 | 191 | # STS (Spring Tool Suite) 192 | .springBeans 193 | 194 | # Code Recommenders 195 | .recommenders/ 196 | 197 | # Annotation Processing 198 | .apt_generated/ 199 | .apt_generated_test/ 200 | 201 | # Scala IDE specific (Scala & Java development for Eclipse) 202 | .cache-main 203 | .scala_dependencies 204 | .worksheet 205 | 206 | # Uncomment this line if you wish to ignore the project description file. 207 | # Typically, this file would be tracked if it contains build/dependency configurations: 208 | #.project 209 | 210 | ### VisualStudioCode template 211 | .vscode/* 212 | !.vscode/settings.json 213 | !.vscode/tasks.json 214 | !.vscode/launch.json 215 | !.vscode/extensions.json 216 | *.code-workspace 217 | 218 | # Local History for Visual Studio Code 219 | .history/ 220 | 221 | ### Xcode template 222 | # Xcode 223 | # 224 | # gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore 225 | 226 | ## User settings 227 | xcuserdata/ 228 | 229 | ## compatibility with Xcode 8 and earlier (ignoring not required starting Xcode 9) 230 | *.xcscmblueprint 231 | *.xccheckout 232 | 233 | ## compatibility with Xcode 3 and earlier (ignoring not required starting Xcode 4) 234 | build/ 235 | DerivedData/ 236 | *.moved-aside 237 | *.pbxuser 238 | !default.pbxuser 239 | *.mode1v3 240 | !default.mode1v3 241 | *.mode2v3 242 | !default.mode2v3 243 | *.perspectivev3 244 | !default.perspectivev3 245 | 246 | ## Gcc Patch 247 | /*.gcno 248 | !/.gitignore 249 | ### Go template 250 | # Binaries for programs and plugins 251 | *.exe 252 | *.exe~ 253 | *.dll 254 | *.so 255 | *.dylib 256 | 257 | # Test binary, built with `go test -c` 258 | *.test 259 | 260 | # Output of the go coverage tool, specifically when used with LiteIDE 261 | *.out 262 | 263 | # Dependency directories (remove the comment below to include it) 264 | # vendor/ 265 | 266 | -------------------------------------------------------------------------------- /deploy/kubernetes/admissionregistration.yaml: -------------------------------------------------------------------------------- 1 | # >= 1.16 2 | apiVersion: admissionregistration.k8s.io/v1 3 | kind: MutatingWebhookConfiguration 4 | metadata: 5 | name: skywalking-injector 6 | webhooks: 7 | - admissionReviewVersions: ["v1beta1"] 8 | failurePolicy: Fail 9 | clientConfig: 10 | caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZvakNDQTRvQ0NRREZYZTRwM1o0NjREQU5CZ2txaGtpRzl3MEJBUXNGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFME5EQXhXaGdQTWpFeU1EQTNNVGN3TVRRME1ERmFNSUdSTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4R3pBWkJnTlZCQU1NRW5kM2R5NXBiR1Z0YjI1MFpXTm9MbU52YlRFZk1CMEcKQ1NxR1NJYjNEUUVKQVJZUWJHbHdaMEJ2ZFhSc2IyOXJMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQUxIUS9ndTE0WUJDYjNRNSthTWtyT3dEeUpQKzQvQUpjRTg0Yk5tci9WbFhEMW9JCnMzTDJvclFicGtRQ1VEVmZqVHFOTWtvT3QrbVpYWHdtMnUzMG1TTkpCRmhaeHEzT2dLSVZxV2IxVWQ5WDRBMjMKOUlxSWREV0NOMndVWlhVd0ZuTTdCYW5xUyt3cmJob3ZxalNFcUI2OUJpbkdjamZvTCsxaWUzdVhqeVBHZklWagpieldVSUdnYzNpVEllc2xyL1prUzBLaDYzbFVtN0NaSFBacVpwMy9vVVNYQmszTXN4dkpCdFZ4QlRQNG5FMCtiCmYvWEkveElTby91ckI1a2RYZW1RM2lnRUtRQmpTWXAvbkthdWEvUHJrZ3BHbVl1a2RlWElVeXhKQk9rNUJCdXcKb3Fid0NBcEFpQ0wzeUMvZnVreEdPZjd6dHdiRGZYU2hXT3ZTSks2NFd0Y1owRHhsQ05VTDFOZzZrcjFLMjRNeApHazZjRDViUWJjWCtEVzhTS25iS0NabzhLR1Jvdjl1cG9tRVc0Q2kzWE8rTjF6cGRST2lwYVpXVTNLdnJGZ2E2CjY5ZmhJM0dnM2RVbFprK2hUazVkMUExNysxU3l3QXRRaldxeG93R3ljY1pPSnRqOUpZaUlITXJsRU9SeWZQTzIKNVg0UG1VSmtoSW9BYWNSdm1oaWRTRFlRTmNMZUt4Ym1TVXdWZEhaSkpGWjJaVjFpcnZPMmM4VEtqNlBXZDA3YQpGNTRvK0JLMVQyMjFWK0hnUnJWbTlaNE5zQWNNc1BScHYzYWNCdk1aWWxxL0h4amttU1NNSHFtd0UwY1d1c28yCkZxdmNiMXBKUGJMdGpQZ1d3VmRPblZxTUc3aTEzYU5uck1mODVKc2VzZVp6VE9zLzFCdlhyODUxVTVMZkFnTUIKQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJWjdaWFpXNEhKMTI3enh2T1ltSHU3aC9rNUdwb294dkorcApZS29QRjRpd3BGRGM3ZjBQZHk0K0tVcG1RS2xjYVJuSEZWWGQ5WEo0R1lnNjg5a0xUeVo3c29iam5RdDZOU0tOCmxYTmdvSUp3Zm1ONXpqV25HUCtXTWhvQlJMM0o0bjNTWUdtalkwZTRzOU1wUlBRdklTeUdZcytFQUQxVGozZEQKdnFoM05WTnd2bjJsNkkyY0lxUEVoU01SY3QwU3lPc2o4MDIveFBvajZtZStqRjk4ZGc2V1M5VUhBSnNqcUV6WApzbHdhQTl6c3ZwQlo0TjVjdXNRMmpHWEdEbkVDQUtMNm1idnRVWHBYd012SFd5MG1vQ1g4c0tKcEJkNlZiUHhMCnhlT1duTnpDRWQvYXdqZVk1N3BzOTNidjZVejZ1a2UyV2ZiOUdMd1BCRmQ5RUs1NkV5Y2U5d2daSThvaDJOSVkKYjY2RHAwbExhR2k0OGRZWkpGRU1ETFhOVUV2RXRmZEo3K3lsU1cyWG52bkxDT25oQjJiQm93YmxlMDc1UllzagpsdFVKRWw1YTFZbUhOWnMzeGdyd1ErL3N4bjg1YlArempTSUlqUms1V1Bpbm4vL25vdGp6UHJJSGJmTjY0by95CjAvVWlrZVRjVFZuZUREQUJwdGZ5VXlEbU5pVlhCaHlodks3MTJEZmZ1Q01aclQ1YlF6VUd1cytBUGo4QThoZ0kKbXFSd25LdnJvcHJ2OEp3b2VZbm1rNExkZmxMSlFYczJVdWd2L1p1VmVkeTFBSk5rZThUSXhhRUoyS2hTMGdacQowWXZEVkFRRUg0VlRMeDhWRTdxRm42QTVhaERtVUF0ZEJ5MUNkSy9JQ1o4eDdKZkRCYS9zK0p1K1ZBTGt5Mm9hCjRxVlNEUHQyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 11 | service: 12 | name: skywalking-injection 13 | namespace: skywalking 14 | namespaceSelector: 15 | matchLabels: 16 | skywalking-injection: "true" 17 | name: injection.skywalking.ilemontech.com 18 | timeoutSeconds: 5 19 | sideEffects: None 20 | rules: 21 | - apiGroups: [""] 22 | apiVersions: ["v1"] 23 | operations: ["CREATE"] 24 | resources: ["pods"] 25 | scope: "Namespaced" 26 | 27 | # > 1.9 & < 1.16 28 | --- 29 | apiVersion: admissionregistration.k8s.io/v1beta1 30 | kind: MutatingWebhookConfiguration 31 | metadata: 32 | name: skywalking-injector 33 | webhooks: 34 | - failurePolicy: Fail 35 | clientConfig: 36 | caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZvakNDQTRvQ0NRREZYZTRwM1o0NjREQU5CZ2txaGtpRzl3MEJBUXNGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFME5EQXhXaGdQTWpFeU1EQTNNVGN3TVRRME1ERmFNSUdSTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4R3pBWkJnTlZCQU1NRW5kM2R5NXBiR1Z0YjI1MFpXTm9MbU52YlRFZk1CMEcKQ1NxR1NJYjNEUUVKQVJZUWJHbHdaMEJ2ZFhSc2IyOXJMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQUxIUS9ndTE0WUJDYjNRNSthTWtyT3dEeUpQKzQvQUpjRTg0Yk5tci9WbFhEMW9JCnMzTDJvclFicGtRQ1VEVmZqVHFOTWtvT3QrbVpYWHdtMnUzMG1TTkpCRmhaeHEzT2dLSVZxV2IxVWQ5WDRBMjMKOUlxSWREV0NOMndVWlhVd0ZuTTdCYW5xUyt3cmJob3ZxalNFcUI2OUJpbkdjamZvTCsxaWUzdVhqeVBHZklWagpieldVSUdnYzNpVEllc2xyL1prUzBLaDYzbFVtN0NaSFBacVpwMy9vVVNYQmszTXN4dkpCdFZ4QlRQNG5FMCtiCmYvWEkveElTby91ckI1a2RYZW1RM2lnRUtRQmpTWXAvbkthdWEvUHJrZ3BHbVl1a2RlWElVeXhKQk9rNUJCdXcKb3Fid0NBcEFpQ0wzeUMvZnVreEdPZjd6dHdiRGZYU2hXT3ZTSks2NFd0Y1owRHhsQ05VTDFOZzZrcjFLMjRNeApHazZjRDViUWJjWCtEVzhTS25iS0NabzhLR1Jvdjl1cG9tRVc0Q2kzWE8rTjF6cGRST2lwYVpXVTNLdnJGZ2E2CjY5ZmhJM0dnM2RVbFprK2hUazVkMUExNysxU3l3QXRRaldxeG93R3ljY1pPSnRqOUpZaUlITXJsRU9SeWZQTzIKNVg0UG1VSmtoSW9BYWNSdm1oaWRTRFlRTmNMZUt4Ym1TVXdWZEhaSkpGWjJaVjFpcnZPMmM4VEtqNlBXZDA3YQpGNTRvK0JLMVQyMjFWK0hnUnJWbTlaNE5zQWNNc1BScHYzYWNCdk1aWWxxL0h4amttU1NNSHFtd0UwY1d1c28yCkZxdmNiMXBKUGJMdGpQZ1d3VmRPblZxTUc3aTEzYU5uck1mODVKc2VzZVp6VE9zLzFCdlhyODUxVTVMZkFnTUIKQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJWjdaWFpXNEhKMTI3enh2T1ltSHU3aC9rNUdwb294dkorcApZS29QRjRpd3BGRGM3ZjBQZHk0K0tVcG1RS2xjYVJuSEZWWGQ5WEo0R1lnNjg5a0xUeVo3c29iam5RdDZOU0tOCmxYTmdvSUp3Zm1ONXpqV25HUCtXTWhvQlJMM0o0bjNTWUdtalkwZTRzOU1wUlBRdklTeUdZcytFQUQxVGozZEQKdnFoM05WTnd2bjJsNkkyY0lxUEVoU01SY3QwU3lPc2o4MDIveFBvajZtZStqRjk4ZGc2V1M5VUhBSnNqcUV6WApzbHdhQTl6c3ZwQlo0TjVjdXNRMmpHWEdEbkVDQUtMNm1idnRVWHBYd012SFd5MG1vQ1g4c0tKcEJkNlZiUHhMCnhlT1duTnpDRWQvYXdqZVk1N3BzOTNidjZVejZ1a2UyV2ZiOUdMd1BCRmQ5RUs1NkV5Y2U5d2daSThvaDJOSVkKYjY2RHAwbExhR2k0OGRZWkpGRU1ETFhOVUV2RXRmZEo3K3lsU1cyWG52bkxDT25oQjJiQm93YmxlMDc1UllzagpsdFVKRWw1YTFZbUhOWnMzeGdyd1ErL3N4bjg1YlArempTSUlqUms1V1Bpbm4vL25vdGp6UHJJSGJmTjY0by95CjAvVWlrZVRjVFZuZUREQUJwdGZ5VXlEbU5pVlhCaHlodks3MTJEZmZ1Q01aclQ1YlF6VUd1cytBUGo4QThoZ0kKbXFSd25LdnJvcHJ2OEp3b2VZbm1rNExkZmxMSlFYczJVdWd2L1p1VmVkeTFBSk5rZThUSXhhRUoyS2hTMGdacQowWXZEVkFRRUg0VlRMeDhWRTdxRm42QTVhaERtVUF0ZEJ5MUNkSy9JQ1o4eDdKZkRCYS9zK0p1K1ZBTGt5Mm9hCjRxVlNEUHQyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 37 | service: 38 | name: skywalking-injection 39 | namespace: skywalking 40 | namespaceSelector: 41 | matchLabels: 42 | skywalking-injection: "true" 43 | name: injection.skywalking.ilemontech.com 44 | sideEffects: None 45 | rules: 46 | - apiGroups: [""] 47 | apiVersions: ["v1"] 48 | operations: ["CREATE"] 49 | resources: ["pods"] 50 | -------------------------------------------------------------------------------- /deploy/kubernetes/secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: skywalking 5 | namespace: skywalking 6 | data: 7 | tls.crt: | 8 | LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZzekNDQTVzQ0NRQ3h5Q2xkRVVFd2RUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFMU16VTFXaGdQTWpFeU1EQTNNVGN3TVRVek5UVmFNSUdpTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4TERBcUJnTlZCQU1NSTNOcmVYZGhiR3RwYm1jdGFXNXFaV04wYVc5dUxuTnIKZVhkaGJHdHBibWN1YzNaak1SOHdIUVlKS29aSWh2Y05BUWtCRmhCc2FYQm5RRzkxZEd4dmIyc3VZMjl0TUlJQwpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeCt1V0NRaDJWRTZtYVF5N0FFa0IxdnU1ClV1blJDWjlNcUpHY284c0lkQ2plOGN4WE5QbXdyMXVzOFEyVVAvcUZYWkw5VUJ6R2gyV3FaSTdRc25Dbm5YcVYKcUpyS0IrR3kvTncvWnFEV1hJQnhSYTBsZEdicEkxbjdVSzVyZWJENTJjVGhMeVBQcWtBV2I3ejJRYnFEbTRheQpsV3FwN0h2MThDUHlidklJMUc2MHorUFR1WTdWc2hwTEJhQ0RXdy9pOUdXTCtBWnpSYjdlcnBJeWYxdGtaNjY3CmhlM21aUDc0cklHaVJsK1NHT3BxNnVYQUYwWXRsTFdPMHBCY2ZlaUxlTm9PcUVXUmRqMDVHUkg0eHE2bzZ2YzQKZlNlUzRvYy94R0wwTnVYV0ZENitaZEE2V0tJYm8rQ2wyd21abzFQRXVFcTRxUkJhQXpLZm1EUThrRXpEc28zeQoxb2VwUUVyVFVBUFFqYVZrOThjcU9ROEtIbWEyaUZLOTBoc0IvS0NHNXlpTUF3V0JhckdRTzhuQm5yejZFeEN3CjM2ZlZ4eVpmazloY3R3TzZwWTNibWJuM0ExaVMwNERzNUxhdFZaM3QrN2c5VHJ2Tm91anBHdTJLblhrcU5oODIKa21TKzZ4UEZtZ1Z2dUx6NGtpS3oxbDdmaThzVzFQd2RBdHFKQkJsZDY4MHA3ek5yeFp4MTlVNjVobkl5dVh6Wgo1WHZSYzI4RUNhWVFhNTQybS9rVzU0YkN1QUo1TkRmVnVhWGNiZThrN2hlYk1RaGF1Zk4xRy8rTTJMVXJvczdCCi9aRnFYdWtjQ3F1KzczdWRTMkJCM2pWeG9FTTV3ajNZM0ZpYUptSUh4blhOL2VzcFZ5dHZNU3hQVVpjdWlieWwKSGVLRDcrZEsvK2dxcFhsd3Awc0NBd0VBQVRBTkJna3Foa2lHOXcwQkFRVUZBQU9DQWdFQUhzeDcySjVpMjdTZwpqb2g2N2hnbDBpZUt3ajdrVnljM2JWUmZvQS83NTgweUVQMjl2MWMwbksyVktpYzYrcHM0eGt2WHRpKzVsNVdlCmpmb0p1TmFFVVNHN0xTNVBZUm12aUJQZEVXY2ZteWdRYzhTcjdYeFVreVJyaGFuMnFLWGZwZkVMMmh3YVl1N2wKano2OEdjS0dPL3RJTUphWFRZWHVNQm9SeTdZY0JzY2tXejlIcTZjYndkZXhhdEo5eUhjenF5ZzBUUXZrRXBmMQpSck1DWE0yZHp1Wm1neHFmNkhzamp3Zm9KcWJGS3IrZDBBNjlBUGNJT0N3QUlaSU9VNzIxNko1Mms0N3JINnVaCmRGdWR4QUU5UExSWVVsQTQ2S1RKemVETmxrZGxRSnNQU05QclB0MTdGTmpNbTBNN1dLWDh0ZW9BUHNSWDkwZm4Kd203Qlc3Z2RwQVJ0NGhWdWQ2cmxycmlZWUpKQXNZRjNHV1lGT2RuaVJraHVycGRuUmgza1ZrZU53bDhOb3ZmTgpoY2tnQ0Rvb09jMHZpNHNvNXBwMUFSWHlMWUFsUnlaU2NHQ3U5WTJsUkwvTGJOb1JlRGgrcEJNbGtSa2J5S3ZyCkpGYUZxbVIvVFhXVkRwVFNDNGhQcmkzOVE3eDRJVDRUQUpZQjAvM2FTT1Nlczl0YXZSeUhWREFWR3MvSzJxaDAKeEpaK0c5NVZqQ1ZjWTU2NDBuNzZycDNZZEVlMXdteU9weWhCOSthZ0JMZGlxSVMzQ3ppbUJJeEhRc3hsdXF6Zwo1Ky9Ha1crZTh0TDBKRnVKZ2hkSE1wTzZkaW5XMDVCN2xadWlVSisxS2lsTWZZVmQ0K1poTlp6bDRmcGZhazg2CmxmdXg2UzNOSktVcFQzU3dIRW5ZOXBoRmVsLzlHMms9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 9 | tls.key: | 10 | LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKSndJQkFBS0NBZ0VBeCt1V0NRaDJWRTZtYVF5N0FFa0IxdnU1VXVuUkNaOU1xSkdjbzhzSWRDamU4Y3hYCk5QbXdyMXVzOFEyVVAvcUZYWkw5VUJ6R2gyV3FaSTdRc25Dbm5YcVZxSnJLQitHeS9Ody9acURXWElCeFJhMGwKZEdicEkxbjdVSzVyZWJENTJjVGhMeVBQcWtBV2I3ejJRYnFEbTRheWxXcXA3SHYxOENQeWJ2SUkxRzYweitQVAp1WTdWc2hwTEJhQ0RXdy9pOUdXTCtBWnpSYjdlcnBJeWYxdGtaNjY3aGUzbVpQNzRySUdpUmwrU0dPcHE2dVhBCkYwWXRsTFdPMHBCY2ZlaUxlTm9PcUVXUmRqMDVHUkg0eHE2bzZ2YzRmU2VTNG9jL3hHTDBOdVhXRkQ2K1pkQTYKV0tJYm8rQ2wyd21abzFQRXVFcTRxUkJhQXpLZm1EUThrRXpEc28zeTFvZXBRRXJUVUFQUWphVms5OGNxT1E4SwpIbWEyaUZLOTBoc0IvS0NHNXlpTUF3V0JhckdRTzhuQm5yejZFeEN3MzZmVnh5WmZrOWhjdHdPNnBZM2JtYm4zCkExaVMwNERzNUxhdFZaM3QrN2c5VHJ2Tm91anBHdTJLblhrcU5oODJrbVMrNnhQRm1nVnZ1THo0a2lLejFsN2YKaThzVzFQd2RBdHFKQkJsZDY4MHA3ek5yeFp4MTlVNjVobkl5dVh6WjVYdlJjMjhFQ2FZUWE1NDJtL2tXNTRiQwp1QUo1TkRmVnVhWGNiZThrN2hlYk1RaGF1Zk4xRy8rTTJMVXJvczdCL1pGcVh1a2NDcXUrNzN1ZFMyQkIzalZ4Cm9FTTV3ajNZM0ZpYUptSUh4blhOL2VzcFZ5dHZNU3hQVVpjdWlieWxIZUtENytkSy8rZ3FwWGx3cDBzQ0F3RUEKQVFLQ0FnQjZqYm5RMmNZb0VuckM1Ukh4cjgrWDZZSUhDTnlqS0d0RzN0U0dPQjE3ajk1em5jOUw0MURqZnJCNgpxTmRialFpYWYxUVgrenZjbm44ZzI4ZWx5NWVFMnpQSlF2SmNlSWhQcC9pWndqa0dSWnFxbXVUZUFZUWpycko0CkdDUThXamdmdmloSXpJd3VFdEZ1T0FsQjY4Tm40Tit5NXNzNTlCZWsyWFJ4ZkovYkVlNTNqbk1wU2gxSDdBUlgKYzdseVpqKzdrRkNJZi9QRUtxaTVuVmVsYVBJWStTMXRnWlArRDZ1RG5JaE0yYU5tOExVUVFEMU1SeklEK25TTwpNZjd4RkZBRGlyRDNpSVlPVktPZThieHVsMzFuWkp2VlpTQVBDOWdVWEpEVzRuZ2t1djNlemhJbWFXSEdTUjJECk05UmlJaVR5MEtONHlGUlZwMy9jUHhGdGFCR0NXc2ZTM0U4endyellCWkxDK3E5aHQ1REhWRDFFZVVja0wyVEsKc1IvOEJRaGtqd3A4UnI1NmJqVURGSHg3REhUQ0xia3RObEdIRS9xZng3bzZLME85UDMrcVJNUFJkVExsTUNsWApGbW03NEFKNnFlVlZMelZZSXBCMzI1UEpmZHFHb3NXWEZGd09IZEZLMWF3ZGU3VTZTcjV1dWkxOHROTTA2dzY2CjJQL2NBRWVveXlPYktjblJRR3RUOEh3M1Roem1VTGxVVnhBV0c5QytKS2YyQU84Z1Rwc3NFeGdCTmRid244UlIKUCtkbHRXdjhzczZkQzNoWld4OHFPbG1id09VRFBDd2pwSytjSUhyT21XS3F3WW1uc1dhLzhtRkxGTVdFbE9CWgprMGwwa0RhcTVrQmVRRDRkT0ozZ1RybVRSVGVGS20wNVk2OHk2Wm4yZEpKZFUyK29vUUtDQVFFQThNM2lPeUhaCk1CM3FFUmROeFBJQmxOdExFbVp1ck1qVkJ2MVFrUG91eTVPdlRlTjI0UnhVZzZ0ZjZONlIraVVJOGFIcDdvRFkKZzYvVW43UUFldGNhZ05sd3dZSTAyL3AyOEZrdlF3NXdCZy9VNmpIOEVNMnFiWGtxUFNhVTQ5KzJpTWxldytkRApqTFNUaDlaSE5tTWpIMU1iRXlUSjlvYU9MZk55NTVzZS9wNUdsRi9ONm02aWlyci9oYTlMakszMlpodDBVQmJLClEvQi9oeTFCUHNRU1ViL2dXczVsNjduQXgrWmxHSmQzMkJnc1pYZ1pJc2JybVdxQWdCQXpEOTcxUDVZL3hZSEcKaEpYV3IzS2kxaVZOMHJiYjNYS3JuWU5XWVpXVDlGc1JveGRkNmlBNGIwcHUxYkRHUDgwS2dqVmtMaHQ4Ung2aQppbzNGb0lUYW9HQS9ld0tDQVFFQTFJazhFdHhlUVB0cEI1TVltajYrK0R4clZ0SDdVbGlEWisrZTliVnEvbVhwCm9KQS9uaTR3ajlaSXRneklxYUFUcUVZQXJrd0NPRno1Z1VBTk5JZG1KZm1YVFJQWE1OOThGL21QS0NHYzIycVkKWVJGM0V5ZThvc01jNFNDRG13dUFIdmVLbUdla1ovU0lESUE3L3FGRjVvT1BBeFlCdFhmYWw1NkY4S2dEQ2pJdApiVjZwaWFXWXRibldHUktrZ1lub2MzUkZLWlhjVitsWm1DclVIVFZZUFZTTklaRTdjeCtnOThuMUtvZDdlcFAwCkF1MWU5VW5iMDJVcWNNWlR4Z0pWWmxlZ20yQjdTTVNIUGhIRG9iYUJnQVMvRDBhV2psL0NHc1IwbjIvVnlQZWoKMkZpeHEwYnBEb1Avb0ZGMFdjNWt5YVk1WXBxR1ZJN2pwQjc2WVB0R2NRS0NBUUJtSUx1SkhyTHhVRTZjVHdqaAp0VTNzWnhFd3paYTAyenhXQ1l0bzRXS0ZYcTVqMTB2czcwbjh5ZXNVWllqOTBVVTR6ZFhjSEhNM2JwUTc0MmlzCnNKd0I5N1oxcTVabGtaVnVIRFVLT0k1VVU5U1dPdnJQMlpvbGNkVHpPSEMvTUh0SENqaVIxM3h6cVlaRWZ5R1cKdEhjSjZ3STVuVW0ycjV5UGFvZmFLSlQ5b2YwSElwYS9qWXFNVWdEYkh0eG8zc0w0elQ0SVZaSVZQR09wM2d5awo1UjFyNUhmdnEwZllzT0JOSjY3S3Zqckt3SDNienhMQ0NDR1Y0SEI5WCtGNElyUmE4b3M3WmUzZS8zbWMwWDYwCldmL21sVDBzYjF6UG9nczV1ZW1WSWlhWngraEJ5c2FFbE1uckFWMGpZLy9IOTRMMGR4Mi9RQVBweFhVQ3ZqWEcKL09zUEFvSUJBQ2w2VnVUL2FNMlp3eGVkVjNIU3lRWTlGRjJ2UVRNQzN6SkxpMlE4Y1pNUVpKWFhVUE1YNUpaTgpwWWNSMjU5dkJDY1U4bEVSdUdVemorWHZrQ1F1UUhzc3lLQmNQT1RtMkpyOU16a0x4a2J6K0tVSStZb2RlU3p5Cmt4SkVmQ3FvQmVzRk9HRWg2TzM0eFF4YmdsbmhNM2tYTjdQTWVhem1wUnh0N1luWDRDLy9OdXBmVFFyMTdHV2EKelBPN3Rhc3FOTmxEV2JRUjhSeWZCOE13cUpEQ3RtUFJ1bkZRbkorTkRxY05IUEdkMnpWQzVwNGpvU0tSdFhyKwpCVmhZL0VScWRDd3k4YjhoQnk1ZVhGNTZyUWxFU3VXbkIzcDl0aWcyKy9TcFhuRTNMQ3U2V0ptQ1Jibzlib0pNCnRIaWZMT3ZSNGMyUXlTWTdMZmdXb3NxRzJTcFFINkVDZ2dFQUpCdERxd0NReU5NdTZwQ3FGelNNc212TnR1cXUKSmlXSEUrNFdQRTBZd3IwWCtzeFdlUWVBdUo2bGNlWTZFd3Urb0ZZYnJZakVQSUNPVEgyVnZRZUNGWXZSTk9uWQpCdE0xcWQzYTVoWVpPdjhTM1ZWVjNlcHNmR2NBSUxQOTJVR1FITlBoTWZuNGdjaXJla0w5V1FWOUFKNkFLN0tBCjVDdTMwcGJyMTQ0d2NiaVBTc2VUbkNwenh3TCtSdno0RjlheksvODJxeTdyL05ZcVlnRENURXhnT0ZFQVpYODkKMzBoU2wvcnlHZ1dldzhRS2xESUp5cVhTdW9jdUZodk5NMVJkMW1uU1dwd0daYjMyNnEvSkt5RFpDaEVvZy9VcQovdGpUcGZ6V2R5RnNvUXIyeEVlZzV5elNkSDU4eEtzSElJZGhvUkg0NjNsQ3lNNWVxcWROdFNPYW53PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= 2 | github.com/Netflix/go-env v0.0.0-20200512170851-5660fe1ab40a h1:lFjOd7Z9ZLqsfUAoypMQi1oI7XyZEuM7oh7E2U65IZM= 3 | github.com/Netflix/go-env v0.0.0-20200512170851-5660fe1ab40a/go.mod h1:9XMFaCeRyW7fC9XJOWQ+NdAv8VLG7ys7l3x4ozEGLUQ= 4 | github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= 5 | github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= 6 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 7 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 8 | github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= 9 | github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= 10 | github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= 11 | github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= 12 | github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= 13 | github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= 14 | github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= 15 | github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= 16 | github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= 17 | github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= 18 | github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= 19 | github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= 20 | github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= 21 | github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 22 | github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 23 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 24 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 25 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 26 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 27 | github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= 28 | github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 29 | github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 30 | github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= 31 | github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= 32 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 33 | github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= 34 | github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= 35 | github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= 36 | github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= 37 | github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= 38 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 39 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 40 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 41 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 42 | github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= 43 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 44 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 45 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 46 | github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 47 | github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= 48 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= 49 | github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= 50 | github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= 51 | github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 52 | github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 53 | github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= 54 | github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= 55 | github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= 56 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 57 | github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= 58 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 59 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 60 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 61 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 62 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 63 | golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 64 | golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 65 | golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= 66 | golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 67 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 68 | golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 69 | golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 70 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 71 | golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 72 | golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 73 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 74 | golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= 75 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 76 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 77 | golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 78 | golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 79 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 80 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 81 | gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= 82 | gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= 83 | gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= 84 | gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= 85 | gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 86 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 87 | gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= 88 | gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 89 | k8s.io/api v0.18.5 h1:fKbCxr+U3fu7k6jB+QeYPD/c6xKYeSJ2KVWmyUypuWM= 90 | k8s.io/api v0.18.5/go.mod h1:tN+e/2nbdGKOAH55NMV8oGrMG+3uRlA9GaRfvnCCSNk= 91 | k8s.io/apimachinery v0.18.5 h1:Lh6tgsM9FMkC12K5T5QjRm7rDs6aQN5JHkA0JomULDM= 92 | k8s.io/apimachinery v0.18.5/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= 93 | k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= 94 | k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= 95 | k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= 96 | k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= 97 | k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= 98 | sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= 99 | sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E= 100 | sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= 101 | sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= 102 | sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= 103 | sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= 104 | -------------------------------------------------------------------------------- /pods.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/json" 5 | "fmt" 6 | v1 "k8s.io/api/admission/v1beta1" 7 | corev1 "k8s.io/api/core/v1" 8 | "k8s.io/apimachinery/pkg/api/resource" 9 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 10 | "k8s.io/klog" 11 | "net/http" 12 | "strings" 13 | ) 14 | 15 | type PatchOP string 16 | 17 | const ( 18 | OP_ADD PatchOP = "add" 19 | OP_REPLACE PatchOP = "replace" 20 | OP_REMOVE PatchOP = "remove" 21 | DEFINE_AGENT_ENABLED = "SWKAC_ENABLE" 22 | DEFINE_AGENT_PATH = "/opt/skywalking" 23 | DEFINE_JAVA_AGENT_ENV = "SWKAC_JAVA_AGENT_ENV" 24 | ) 25 | 26 | type Patch struct { 27 | OP PatchOP `json:"op"` 28 | Path string `json:"path"` 29 | Value interface{} `json:"value"` 30 | } 31 | 32 | func serveMutatePods(w http.ResponseWriter, r *http.Request) { 33 | serve(w, r, mutatePods) 34 | } 35 | 36 | func mutatePods(ar v1.AdmissionReview) *v1.AdmissionResponse { 37 | klog.V(2).Info("mutating pods") 38 | 39 | podResource := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"} 40 | if ar.Request.Resource != podResource { 41 | klog.Errorf("expect resource to be %s", podResource) 42 | return nil 43 | } 44 | 45 | raw := ar.Request.Object.Raw 46 | pod := corev1.Pod{} 47 | deserializer := codecs.UniversalDeserializer() 48 | if _, _, err := deserializer.Decode(raw, nil, &pod); err != nil { 49 | klog.Error(err) 50 | return toAdmissionResponse(err) 51 | } 52 | 53 | reviewResponse := v1.AdmissionResponse{} 54 | reviewResponse.Allowed = true 55 | 56 | if matching(ar, pod) { 57 | klog.V(2).Info("matched pods") 58 | if marshal, err := json.Marshal(generatePatch(ar, pod)); err != nil { 59 | klog.Error(err) 60 | return toAdmissionResponse(err) 61 | } else { 62 | reviewResponse.Patch = marshal 63 | } 64 | 65 | pt := v1.PatchTypeJSONPatch 66 | reviewResponse.PatchType = &pt 67 | } else { 68 | klog.Warning("not match %s", podResource) 69 | } 70 | 71 | return &reviewResponse 72 | } 73 | 74 | // Match Rule,NameSpaces And Label use Kubernetes, Other use this. 75 | func matching(ar v1.AdmissionReview, pod corev1.Pod) bool { 76 | if config.TriggerENV { 77 | if len(pod.Spec.Containers) > 0 { 78 | for _, container := range pod.Spec.Containers { 79 | if len(container.Env) > 0 { 80 | for _, env := range container.Env { 81 | if env.Name == DEFINE_AGENT_ENABLED { 82 | if env.Value == "true" { 83 | return true 84 | } 85 | } 86 | } 87 | } 88 | } 89 | } 90 | } 91 | return !config.TriggerENV 92 | } 93 | 94 | func containerMatching(container corev1.Container) bool { 95 | if config.TriggerENV { 96 | if len(container.Env) > 0 { 97 | for _, env := range container.Env { 98 | if env.Name == DEFINE_AGENT_ENABLED { 99 | if env.Value == "true" { 100 | return true 101 | } 102 | } 103 | } 104 | } 105 | } 106 | return !config.TriggerENV 107 | } 108 | 109 | func generatePatch(ar v1.AdmissionReview, pod corev1.Pod) []Patch { 110 | var patches []Patch 111 | 112 | patches = addLabels(ar, pod, patches) 113 | 114 | patches = addSharedVolume(ar, pod, patches) 115 | 116 | patches = addInitContainer(ar, pod, patches) 117 | 118 | // container cycle 119 | for ic, container := range pod.Spec.Containers { 120 | if containerMatching(container) { 121 | patches = addContainerVolumeMount(ar, pod, ic, container, patches) 122 | 123 | patches = addContainerStartAgentCommand(ar, pod, ic, container, patches) 124 | 125 | patches = addContainerCollectorDefine(ar, pod, ic, container, patches) 126 | 127 | patches = addContainerAgentName(ar, pod, ic, container, patches) 128 | } 129 | } 130 | // Debug Patch 131 | if klog.V(2) { 132 | res, _ := json.Marshal(patches) 133 | klog.V(2).Info("Patch: ", string(res)) 134 | } 135 | return patches 136 | } 137 | 138 | // SW_AGENT_NAME 139 | func addContainerAgentName(ar v1.AdmissionReview, pod corev1.Pod, ic int, container corev1.Container, patches []Patch) []Patch { 140 | envPath := fmt.Sprintf("/spec/containers/%d/env", ic) 141 | appName := "pod-" + pod.Name 142 | 143 | envCache := map[string]string{} 144 | if len(container.Env) != 0 { 145 | for _, env := range container.Env { 146 | // Already exists, skip it 147 | if env.Name == "SW_AGENT_NAME" { 148 | return patches 149 | } 150 | envCache[env.Name] = env.Value 151 | } 152 | } else { 153 | patches = append(patches, Patch{OP: OP_ADD, Path: envPath, Value: [0]struct{}{}}) 154 | } 155 | 156 | if host, ok := envCache["HOST"]; ok { 157 | appName = host 158 | } else if len(pod.Labels) > 0 { 159 | // Deployment or Replication Set 160 | hash, ok := pod.Labels["pod-template-hash"] 161 | if ok { 162 | hashIndex := strings.Index(pod.Name, hash) 163 | appName = pod.Name[0 : hashIndex-1] 164 | } 165 | } 166 | 167 | patches = append(patches, Patch{OP: OP_ADD, Path: envPath + "/-", Value: corev1.EnvVar{Name: "SW_AGENT_NAME", Value: appName}}) 168 | 169 | return patches 170 | } 171 | 172 | // SW_AGENT_COLLECTOR_BACKEND_SERVICES 173 | func addContainerCollectorDefine(ar v1.AdmissionReview, pod corev1.Pod, ic int, container corev1.Container, patches []Patch) []Patch { 174 | envPath := fmt.Sprintf("/spec/containers/%d/env", ic) 175 | if len(container.Env) != 0 { 176 | for _, env := range container.Env { 177 | // Already exists, skip it 178 | if env.Name == "SW_AGENT_COLLECTOR_BACKEND_SERVICES" { 179 | return patches 180 | } 181 | } 182 | } else { 183 | patches = append(patches, Patch{OP: OP_ADD, Path: envPath, Value: [0]struct{}{}}) 184 | } 185 | patches = append(patches, Patch{OP: OP_ADD, Path: envPath + "/-", 186 | Value: corev1.EnvVar{Name: "SW_AGENT_COLLECTOR_BACKEND_SERVICES", Value: config.SWAgentCollectorBackendServices}}) 187 | return patches 188 | } 189 | 190 | func addContainerStartAgentCommand(ar v1.AdmissionReview, pod corev1.Pod, ic int, container corev1.Container, patches []Patch) []Patch { 191 | envName := config.SWJavaENVName 192 | envPath := fmt.Sprintf("/spec/containers/%d/env", ic) 193 | envSWArg := "-javaagent:" + DEFINE_AGENT_PATH + "/skywalking-agent.jar" 194 | envOP := OP_ADD 195 | 196 | // 定制环境变量,通过环境变量的定制,修改默认的Agent启动环境变量 197 | if len(container.Env) != 0 { 198 | for _, env := range container.Env { 199 | if env.Name == DEFINE_JAVA_AGENT_ENV { 200 | if len(env.Value) != 0 { 201 | envName = env.Value 202 | } 203 | } 204 | } 205 | } 206 | 207 | // 检查操作类型,如果变量已存在,则扩展该变量 208 | if len(container.Env) != 0 { 209 | for ie, env := range container.Env { 210 | if env.Name == envName { 211 | if len(env.Value) != 0 { 212 | envSWArg = env.Value + " " + envSWArg 213 | envPath = envPath + "/" + string(ie) 214 | envOP = OP_REPLACE 215 | } 216 | } 217 | } 218 | } 219 | 220 | if len(container.Env) == 0 { 221 | patches = append(patches, Patch{OP: OP_ADD, Path: envPath, Value: [0]struct{}{}}) 222 | } 223 | 224 | if envOP == OP_REPLACE { 225 | patches = append(patches, Patch{OP: envOP, Path: envPath, Value: envSWArg}) 226 | } else { 227 | patches = append(patches, Patch{OP: envOP, Path: envPath + "/-", 228 | Value: corev1.EnvVar{Name: envName, Value: envSWArg}}) 229 | } 230 | return patches 231 | } 232 | 233 | // ic: index of container 234 | func addContainerVolumeMount(ar v1.AdmissionReview, pod corev1.Pod, ic int, container corev1.Container, patches []Patch) []Patch { 235 | mountPath := fmt.Sprintf("/spec/containers/%d/volumeMounts", ic) 236 | 237 | mount := corev1.VolumeMount{ 238 | Name: volumeName(string(ar.Request.UID)), 239 | MountPath: DEFINE_AGENT_PATH, 240 | } 241 | 242 | if len(container.VolumeMounts) == 0 { 243 | patches = append(patches, Patch{OP: OP_ADD, Path: mountPath, Value: [0]struct{}{}}) 244 | } 245 | patches = append(patches, Patch{OP: OP_ADD, Path: mountPath + "/-", Value: mount}) 246 | return patches 247 | } 248 | 249 | func addInitContainer(ar v1.AdmissionReview, pod corev1.Pod, patches []Patch) []Patch { 250 | initContainer := corev1.Container{ 251 | Name: initContainerName(string(ar.Request.UID)), 252 | Image: config.SWImage, 253 | VolumeMounts: []corev1.VolumeMount{ 254 | { 255 | Name: volumeName(string(ar.Request.UID)), 256 | MountPath: DEFINE_AGENT_PATH, 257 | }, 258 | }, 259 | Env: []corev1.EnvVar{{ 260 | Name: "AGENT_HOME", 261 | Value: DEFINE_AGENT_PATH, 262 | }}, 263 | } 264 | 265 | if len(pod.Spec.InitContainers) == 0 { 266 | patches = append(patches, Patch{OP: OP_ADD, Path: "/spec/initContainers", Value: [0]struct{}{}}) 267 | } 268 | patches = append(patches, Patch{OP: OP_ADD, Path: "/spec/initContainers/-", Value: initContainer}) 269 | return patches 270 | } 271 | 272 | // Skywalking Agent Volume 273 | func addSharedVolume(ar v1.AdmissionReview, pod corev1.Pod, patches []Patch) []Patch { 274 | swVolumeQuantity, _ := resource.ParseQuantity("200Mi") 275 | swVolume := corev1.Volume{ 276 | Name: volumeName(string(ar.Request.UID)), 277 | VolumeSource: corev1.VolumeSource{ 278 | EmptyDir: &corev1.EmptyDirVolumeSource{ 279 | Medium: corev1.StorageMediumDefault, 280 | SizeLimit: &swVolumeQuantity, 281 | }, 282 | }, 283 | } 284 | 285 | if len(pod.Spec.Volumes) == 0 { 286 | patches = append(patches, Patch{OP: OP_ADD, Path: "/spec/volumes", Value: [0]struct{}{}}) 287 | } 288 | patches = append(patches, Patch{OP: OP_ADD, Path: "/spec/volumes/-", Value: swVolume}) 289 | return patches 290 | } 291 | 292 | // addLabels 293 | func addLabels(ar v1.AdmissionReview, pod corev1.Pod, patches []Patch) []Patch { 294 | if len(pod.Labels) == 0 { 295 | patches = append(patches, Patch{OP: OP_ADD, Path: "/metadata/labels", Value: make(map[string]string)}) 296 | } 297 | patches = append(patches, Patch{OP: OP_ADD, Path: "/metadata/labels/skywalking", Value: "enabled"}) 298 | patches = append(patches, Patch{OP: OP_ADD, Path: "/metadata/labels/skywalking-volume", 299 | Value: volumeName(string(ar.Request.UID))}) 300 | return patches 301 | } 302 | 303 | func volumeName(id string) string { 304 | if len(id) > 8 { 305 | id = id[0:8] 306 | } 307 | return "skywalking-" + id 308 | } 309 | 310 | func initContainerName(id string) string { 311 | if len(id) > 8 { 312 | id = id[0:8] 313 | } 314 | return "skywalking-init-" + id 315 | } 316 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.MD: -------------------------------------------------------------------------------- 1 | # Skywalking Injection 2 | 3 | # 前言 4 | 官方资料:[https://kubernetes.io/zh/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks](https://kubernetes.io/zh/docs/reference/access-authn-authz/extensible-admission-controllers/#admission-webhooks) 5 | 6 | JsonPach:[http://jsonpatch.com](http://jsonpatch.com) 7 | 8 | 基于Kubernetes Admission Controllers的Java Agent自动挂载方式 9 | 10 | 目前仅支持Java Agent的挂载 11 | 12 | # Kubernetes Admission Controllers 13 | Kubernetes 准入控制器是控制和强制使用集群的一种插件。我们可以把它看作是拦截(已认证)API 请求的拦截器,它可以更改请求对象,甚至完全拒绝请求。
Kubernetes 14 | 准入控制器的“准入控制链”分为两个阶段:变更(Mutating)准入控制,修改请求的对象;验证(Validating)准入控制,验证请求的对象。因此准入控制器即可以被用作变更和验证,也可以两者结合起来使用。
![ztrwd7qfd7.jpeg](https://cdn.nlark.com/yuque/0/2020/jpeg/87651/1596552543132-b3d3c55a-9863-4ed2-ab99-5c69a0e31a29.jpeg#align=left&display=inline&height=402&margin=%5Bobject%20Object%5D&name=ztrwd7qfd7.jpeg&originHeight=402&originWidth=1080&size=25626&status=done&style=none&width=1080) 15 | 16 | # 基本思路 17 | 通过变更控制器的Webhook方式,在发布时对POD的配置进行变更,从而挂载Skywalking Java Agent与启动命令。
其挂载方式使用InitContainer的方式,启动方式则可使用增加环境变量的方式。
最终生成的pod配置示例: 18 | ```yaml 19 | apiVersion: v1 20 | kind: Pod 21 | metadata: 22 | labels: 23 | app: nginx 24 | skywalking: enabled 25 | skywalking-volume: sw-volume-09befabe 26 | name: nginx 27 | namespace: skac 28 | spec: 29 | containers: 30 | - env: 31 | - name: SWKAC_ENABLE 32 | value: "true" 33 | - name: JAVA_TOOL_OPTIONS 34 | value: -javaagent:/opt/skywalking/skywalking-agent.jar 35 | - name: SW_AGENT_COLLECTOR_BACKEND_SERVICES 36 | value: apm-aop.apm:11800 37 | - name: SW_AGENT_NAME 38 | value: pod-nginx 39 | image: nginx 40 | imagePullPolicy: IfNotPresent 41 | name: nginx 42 | resources: {} 43 | terminationMessagePath: /dev/termination-log 44 | terminationMessagePolicy: File 45 | volumeMounts: 46 | - mountPath: /var/run/secrets/kubernetes.io/serviceaccount 47 | name: default-token-bptdb 48 | readOnly: true 49 | - mountPath: /opt/skywalking 50 | name: sw-volume-09befabe 51 | dnsPolicy: ClusterFirst 52 | enableServiceLinks: true 53 | initContainers: 54 | - env: 55 | - name: AGENT_HOME 56 | value: /opt/skywalking 57 | image: ilemontech/skywalking-java-agent 58 | imagePullPolicy: Always 59 | name: sw-init-09befabe 60 | resources: {} 61 | terminationMessagePath: /dev/termination-log 62 | terminationMessagePolicy: File 63 | volumeMounts: 64 | - mountPath: /opt/skywalking 65 | name: sw-volume-09befabe 66 | volumes: 67 | - name: default-token-bptdb 68 | secret: 69 | defaultMode: 420 70 | secretName: default-token-bptdb 71 | - emptyDir: 72 | sizeLimit: 200Mi 73 | name: sw-volume-09befabe 74 | ``` 75 | # 操作步骤 76 | 本示例中所有内容均部署在namespace: skywalking中 77 | ## 准备证书 78 | > 调用时会默认使用https方式调用。 79 | > 可以自行创建CA与证书文件。 80 | 81 | 示例: 82 | ```yaml 83 | CA: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZvakNDQTRvQ0NRREZYZTRwM1o0NjREQU5CZ2txaGtpRzl3MEJBUXNGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFME5EQXhXaGdQTWpFeU1EQTNNVGN3TVRRME1ERmFNSUdSTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4R3pBWkJnTlZCQU1NRW5kM2R5NXBiR1Z0YjI1MFpXTm9MbU52YlRFZk1CMEcKQ1NxR1NJYjNEUUVKQVJZUWJHbHdaMEJ2ZFhSc2IyOXJMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQUxIUS9ndTE0WUJDYjNRNSthTWtyT3dEeUpQKzQvQUpjRTg0Yk5tci9WbFhEMW9JCnMzTDJvclFicGtRQ1VEVmZqVHFOTWtvT3QrbVpYWHdtMnUzMG1TTkpCRmhaeHEzT2dLSVZxV2IxVWQ5WDRBMjMKOUlxSWREV0NOMndVWlhVd0ZuTTdCYW5xUyt3cmJob3ZxalNFcUI2OUJpbkdjamZvTCsxaWUzdVhqeVBHZklWagpieldVSUdnYzNpVEllc2xyL1prUzBLaDYzbFVtN0NaSFBacVpwMy9vVVNYQmszTXN4dkpCdFZ4QlRQNG5FMCtiCmYvWEkveElTby91ckI1a2RYZW1RM2lnRUtRQmpTWXAvbkthdWEvUHJrZ3BHbVl1a2RlWElVeXhKQk9rNUJCdXcKb3Fid0NBcEFpQ0wzeUMvZnVreEdPZjd6dHdiRGZYU2hXT3ZTSks2NFd0Y1owRHhsQ05VTDFOZzZrcjFLMjRNeApHazZjRDViUWJjWCtEVzhTS25iS0NabzhLR1Jvdjl1cG9tRVc0Q2kzWE8rTjF6cGRST2lwYVpXVTNLdnJGZ2E2CjY5ZmhJM0dnM2RVbFprK2hUazVkMUExNysxU3l3QXRRaldxeG93R3ljY1pPSnRqOUpZaUlITXJsRU9SeWZQTzIKNVg0UG1VSmtoSW9BYWNSdm1oaWRTRFlRTmNMZUt4Ym1TVXdWZEhaSkpGWjJaVjFpcnZPMmM4VEtqNlBXZDA3YQpGNTRvK0JLMVQyMjFWK0hnUnJWbTlaNE5zQWNNc1BScHYzYWNCdk1aWWxxL0h4amttU1NNSHFtd0UwY1d1c28yCkZxdmNiMXBKUGJMdGpQZ1d3VmRPblZxTUc3aTEzYU5uck1mODVKc2VzZVp6VE9zLzFCdlhyODUxVTVMZkFnTUIKQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJWjdaWFpXNEhKMTI3enh2T1ltSHU3aC9rNUdwb294dkorcApZS29QRjRpd3BGRGM3ZjBQZHk0K0tVcG1RS2xjYVJuSEZWWGQ5WEo0R1lnNjg5a0xUeVo3c29iam5RdDZOU0tOCmxYTmdvSUp3Zm1ONXpqV25HUCtXTWhvQlJMM0o0bjNTWUdtalkwZTRzOU1wUlBRdklTeUdZcytFQUQxVGozZEQKdnFoM05WTnd2bjJsNkkyY0lxUEVoU01SY3QwU3lPc2o4MDIveFBvajZtZStqRjk4ZGc2V1M5VUhBSnNqcUV6WApzbHdhQTl6c3ZwQlo0TjVjdXNRMmpHWEdEbkVDQUtMNm1idnRVWHBYd012SFd5MG1vQ1g4c0tKcEJkNlZiUHhMCnhlT1duTnpDRWQvYXdqZVk1N3BzOTNidjZVejZ1a2UyV2ZiOUdMd1BCRmQ5RUs1NkV5Y2U5d2daSThvaDJOSVkKYjY2RHAwbExhR2k0OGRZWkpGRU1ETFhOVUV2RXRmZEo3K3lsU1cyWG52bkxDT25oQjJiQm93YmxlMDc1UllzagpsdFVKRWw1YTFZbUhOWnMzeGdyd1ErL3N4bjg1YlArempTSUlqUms1V1Bpbm4vL25vdGp6UHJJSGJmTjY0by95CjAvVWlrZVRjVFZuZUREQUJwdGZ5VXlEbU5pVlhCaHlodks3MTJEZmZ1Q01aclQ1YlF6VUd1cytBUGo4QThoZ0kKbXFSd25LdnJvcHJ2OEp3b2VZbm1rNExkZmxMSlFYczJVdWd2L1p1VmVkeTFBSk5rZThUSXhhRUoyS2hTMGdacQowWXZEVkFRRUg0VlRMeDhWRTdxRm42QTVhaERtVUF0ZEJ5MUNkSy9JQ1o4eDdKZkRCYS9zK0p1K1ZBTGt5Mm9hCjRxVlNEUHQyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 84 | TLS.CRT: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZzekNDQTVzQ0NRQ3h5Q2xkRVVFd2RUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFMU16VTFXaGdQTWpFeU1EQTNNVGN3TVRVek5UVmFNSUdpTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4TERBcUJnTlZCQU1NSTNOcmVYZGhiR3RwYm1jdGFXNXFaV04wYVc5dUxuTnIKZVhkaGJHdHBibWN1YzNaak1SOHdIUVlKS29aSWh2Y05BUWtCRmhCc2FYQm5RRzkxZEd4dmIyc3VZMjl0TUlJQwpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeCt1V0NRaDJWRTZtYVF5N0FFa0IxdnU1ClV1blJDWjlNcUpHY284c0lkQ2plOGN4WE5QbXdyMXVzOFEyVVAvcUZYWkw5VUJ6R2gyV3FaSTdRc25Dbm5YcVYKcUpyS0IrR3kvTncvWnFEV1hJQnhSYTBsZEdicEkxbjdVSzVyZWJENTJjVGhMeVBQcWtBV2I3ejJRYnFEbTRheQpsV3FwN0h2MThDUHlidklJMUc2MHorUFR1WTdWc2hwTEJhQ0RXdy9pOUdXTCtBWnpSYjdlcnBJeWYxdGtaNjY3CmhlM21aUDc0cklHaVJsK1NHT3BxNnVYQUYwWXRsTFdPMHBCY2ZlaUxlTm9PcUVXUmRqMDVHUkg0eHE2bzZ2YzQKZlNlUzRvYy94R0wwTnVYV0ZENitaZEE2V0tJYm8rQ2wyd21abzFQRXVFcTRxUkJhQXpLZm1EUThrRXpEc28zeQoxb2VwUUVyVFVBUFFqYVZrOThjcU9ROEtIbWEyaUZLOTBoc0IvS0NHNXlpTUF3V0JhckdRTzhuQm5yejZFeEN3CjM2ZlZ4eVpmazloY3R3TzZwWTNibWJuM0ExaVMwNERzNUxhdFZaM3QrN2c5VHJ2Tm91anBHdTJLblhrcU5oODIKa21TKzZ4UEZtZ1Z2dUx6NGtpS3oxbDdmaThzVzFQd2RBdHFKQkJsZDY4MHA3ek5yeFp4MTlVNjVobkl5dVh6Wgo1WHZSYzI4RUNhWVFhNTQybS9rVzU0YkN1QUo1TkRmVnVhWGNiZThrN2hlYk1RaGF1Zk4xRy8rTTJMVXJvczdCCi9aRnFYdWtjQ3F1KzczdWRTMkJCM2pWeG9FTTV3ajNZM0ZpYUptSUh4blhOL2VzcFZ5dHZNU3hQVVpjdWlieWwKSGVLRDcrZEsvK2dxcFhsd3Awc0NBd0VBQVRBTkJna3Foa2lHOXcwQkFRVUZBQU9DQWdFQUhzeDcySjVpMjdTZwpqb2g2N2hnbDBpZUt3ajdrVnljM2JWUmZvQS83NTgweUVQMjl2MWMwbksyVktpYzYrcHM0eGt2WHRpKzVsNVdlCmpmb0p1TmFFVVNHN0xTNVBZUm12aUJQZEVXY2ZteWdRYzhTcjdYeFVreVJyaGFuMnFLWGZwZkVMMmh3YVl1N2wKano2OEdjS0dPL3RJTUphWFRZWHVNQm9SeTdZY0JzY2tXejlIcTZjYndkZXhhdEo5eUhjenF5ZzBUUXZrRXBmMQpSck1DWE0yZHp1Wm1neHFmNkhzamp3Zm9KcWJGS3IrZDBBNjlBUGNJT0N3QUlaSU9VNzIxNko1Mms0N3JINnVaCmRGdWR4QUU5UExSWVVsQTQ2S1RKemVETmxrZGxRSnNQU05QclB0MTdGTmpNbTBNN1dLWDh0ZW9BUHNSWDkwZm4Kd203Qlc3Z2RwQVJ0NGhWdWQ2cmxycmlZWUpKQXNZRjNHV1lGT2RuaVJraHVycGRuUmgza1ZrZU53bDhOb3ZmTgpoY2tnQ0Rvb09jMHZpNHNvNXBwMUFSWHlMWUFsUnlaU2NHQ3U5WTJsUkwvTGJOb1JlRGgrcEJNbGtSa2J5S3ZyCkpGYUZxbVIvVFhXVkRwVFNDNGhQcmkzOVE3eDRJVDRUQUpZQjAvM2FTT1Nlczl0YXZSeUhWREFWR3MvSzJxaDAKeEpaK0c5NVZqQ1ZjWTU2NDBuNzZycDNZZEVlMXdteU9weWhCOSthZ0JMZGlxSVMzQ3ppbUJJeEhRc3hsdXF6Zwo1Ky9Ha1crZTh0TDBKRnVKZ2hkSE1wTzZkaW5XMDVCN2xadWlVSisxS2lsTWZZVmQ0K1poTlp6bDRmcGZhazg2CmxmdXg2UzNOSktVcFQzU3dIRW5ZOXBoRmVsLzlHMms9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 85 | TLS.KEY: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKSndJQkFBS0NBZ0VBeCt1V0NRaDJWRTZtYVF5N0FFa0IxdnU1VXVuUkNaOU1xSkdjbzhzSWRDamU4Y3hYCk5QbXdyMXVzOFEyVVAvcUZYWkw5VUJ6R2gyV3FaSTdRc25Dbm5YcVZxSnJLQitHeS9Ody9acURXWElCeFJhMGwKZEdicEkxbjdVSzVyZWJENTJjVGhMeVBQcWtBV2I3ejJRYnFEbTRheWxXcXA3SHYxOENQeWJ2SUkxRzYweitQVAp1WTdWc2hwTEJhQ0RXdy9pOUdXTCtBWnpSYjdlcnBJeWYxdGtaNjY3aGUzbVpQNzRySUdpUmwrU0dPcHE2dVhBCkYwWXRsTFdPMHBCY2ZlaUxlTm9PcUVXUmRqMDVHUkg0eHE2bzZ2YzRmU2VTNG9jL3hHTDBOdVhXRkQ2K1pkQTYKV0tJYm8rQ2wyd21abzFQRXVFcTRxUkJhQXpLZm1EUThrRXpEc28zeTFvZXBRRXJUVUFQUWphVms5OGNxT1E4SwpIbWEyaUZLOTBoc0IvS0NHNXlpTUF3V0JhckdRTzhuQm5yejZFeEN3MzZmVnh5WmZrOWhjdHdPNnBZM2JtYm4zCkExaVMwNERzNUxhdFZaM3QrN2c5VHJ2Tm91anBHdTJLblhrcU5oODJrbVMrNnhQRm1nVnZ1THo0a2lLejFsN2YKaThzVzFQd2RBdHFKQkJsZDY4MHA3ek5yeFp4MTlVNjVobkl5dVh6WjVYdlJjMjhFQ2FZUWE1NDJtL2tXNTRiQwp1QUo1TkRmVnVhWGNiZThrN2hlYk1RaGF1Zk4xRy8rTTJMVXJvczdCL1pGcVh1a2NDcXUrNzN1ZFMyQkIzalZ4Cm9FTTV3ajNZM0ZpYUptSUh4blhOL2VzcFZ5dHZNU3hQVVpjdWlieWxIZUtENytkSy8rZ3FwWGx3cDBzQ0F3RUEKQVFLQ0FnQjZqYm5RMmNZb0VuckM1Ukh4cjgrWDZZSUhDTnlqS0d0RzN0U0dPQjE3ajk1em5jOUw0MURqZnJCNgpxTmRialFpYWYxUVgrenZjbm44ZzI4ZWx5NWVFMnpQSlF2SmNlSWhQcC9pWndqa0dSWnFxbXVUZUFZUWpycko0CkdDUThXamdmdmloSXpJd3VFdEZ1T0FsQjY4Tm40Tit5NXNzNTlCZWsyWFJ4ZkovYkVlNTNqbk1wU2gxSDdBUlgKYzdseVpqKzdrRkNJZi9QRUtxaTVuVmVsYVBJWStTMXRnWlArRDZ1RG5JaE0yYU5tOExVUVFEMU1SeklEK25TTwpNZjd4RkZBRGlyRDNpSVlPVktPZThieHVsMzFuWkp2VlpTQVBDOWdVWEpEVzRuZ2t1djNlemhJbWFXSEdTUjJECk05UmlJaVR5MEtONHlGUlZwMy9jUHhGdGFCR0NXc2ZTM0U4endyellCWkxDK3E5aHQ1REhWRDFFZVVja0wyVEsKc1IvOEJRaGtqd3A4UnI1NmJqVURGSHg3REhUQ0xia3RObEdIRS9xZng3bzZLME85UDMrcVJNUFJkVExsTUNsWApGbW03NEFKNnFlVlZMelZZSXBCMzI1UEpmZHFHb3NXWEZGd09IZEZLMWF3ZGU3VTZTcjV1dWkxOHROTTA2dzY2CjJQL2NBRWVveXlPYktjblJRR3RUOEh3M1Roem1VTGxVVnhBV0c5QytKS2YyQU84Z1Rwc3NFeGdCTmRid244UlIKUCtkbHRXdjhzczZkQzNoWld4OHFPbG1id09VRFBDd2pwSytjSUhyT21XS3F3WW1uc1dhLzhtRkxGTVdFbE9CWgprMGwwa0RhcTVrQmVRRDRkT0ozZ1RybVRSVGVGS20wNVk2OHk2Wm4yZEpKZFUyK29vUUtDQVFFQThNM2lPeUhaCk1CM3FFUmROeFBJQmxOdExFbVp1ck1qVkJ2MVFrUG91eTVPdlRlTjI0UnhVZzZ0ZjZONlIraVVJOGFIcDdvRFkKZzYvVW43UUFldGNhZ05sd3dZSTAyL3AyOEZrdlF3NXdCZy9VNmpIOEVNMnFiWGtxUFNhVTQ5KzJpTWxldytkRApqTFNUaDlaSE5tTWpIMU1iRXlUSjlvYU9MZk55NTVzZS9wNUdsRi9ONm02aWlyci9oYTlMakszMlpodDBVQmJLClEvQi9oeTFCUHNRU1ViL2dXczVsNjduQXgrWmxHSmQzMkJnc1pYZ1pJc2JybVdxQWdCQXpEOTcxUDVZL3hZSEcKaEpYV3IzS2kxaVZOMHJiYjNYS3JuWU5XWVpXVDlGc1JveGRkNmlBNGIwcHUxYkRHUDgwS2dqVmtMaHQ4Ung2aQppbzNGb0lUYW9HQS9ld0tDQVFFQTFJazhFdHhlUVB0cEI1TVltajYrK0R4clZ0SDdVbGlEWisrZTliVnEvbVhwCm9KQS9uaTR3ajlaSXRneklxYUFUcUVZQXJrd0NPRno1Z1VBTk5JZG1KZm1YVFJQWE1OOThGL21QS0NHYzIycVkKWVJGM0V5ZThvc01jNFNDRG13dUFIdmVLbUdla1ovU0lESUE3L3FGRjVvT1BBeFlCdFhmYWw1NkY4S2dEQ2pJdApiVjZwaWFXWXRibldHUktrZ1lub2MzUkZLWlhjVitsWm1DclVIVFZZUFZTTklaRTdjeCtnOThuMUtvZDdlcFAwCkF1MWU5VW5iMDJVcWNNWlR4Z0pWWmxlZ20yQjdTTVNIUGhIRG9iYUJnQVMvRDBhV2psL0NHc1IwbjIvVnlQZWoKMkZpeHEwYnBEb1Avb0ZGMFdjNWt5YVk1WXBxR1ZJN2pwQjc2WVB0R2NRS0NBUUJtSUx1SkhyTHhVRTZjVHdqaAp0VTNzWnhFd3paYTAyenhXQ1l0bzRXS0ZYcTVqMTB2czcwbjh5ZXNVWllqOTBVVTR6ZFhjSEhNM2JwUTc0MmlzCnNKd0I5N1oxcTVabGtaVnVIRFVLT0k1VVU5U1dPdnJQMlpvbGNkVHpPSEMvTUh0SENqaVIxM3h6cVlaRWZ5R1cKdEhjSjZ3STVuVW0ycjV5UGFvZmFLSlQ5b2YwSElwYS9qWXFNVWdEYkh0eG8zc0w0elQ0SVZaSVZQR09wM2d5awo1UjFyNUhmdnEwZllzT0JOSjY3S3Zqckt3SDNienhMQ0NDR1Y0SEI5WCtGNElyUmE4b3M3WmUzZS8zbWMwWDYwCldmL21sVDBzYjF6UG9nczV1ZW1WSWlhWngraEJ5c2FFbE1uckFWMGpZLy9IOTRMMGR4Mi9RQVBweFhVQ3ZqWEcKL09zUEFvSUJBQ2w2VnVUL2FNMlp3eGVkVjNIU3lRWTlGRjJ2UVRNQzN6SkxpMlE4Y1pNUVpKWFhVUE1YNUpaTgpwWWNSMjU5dkJDY1U4bEVSdUdVemorWHZrQ1F1UUhzc3lLQmNQT1RtMkpyOU16a0x4a2J6K0tVSStZb2RlU3p5Cmt4SkVmQ3FvQmVzRk9HRWg2TzM0eFF4YmdsbmhNM2tYTjdQTWVhem1wUnh0N1luWDRDLy9OdXBmVFFyMTdHV2EKelBPN3Rhc3FOTmxEV2JRUjhSeWZCOE13cUpEQ3RtUFJ1bkZRbkorTkRxY05IUEdkMnpWQzVwNGpvU0tSdFhyKwpCVmhZL0VScWRDd3k4YjhoQnk1ZVhGNTZyUWxFU3VXbkIzcDl0aWcyKy9TcFhuRTNMQ3U2V0ptQ1Jibzlib0pNCnRIaWZMT3ZSNGMyUXlTWTdMZmdXb3NxRzJTcFFINkVDZ2dFQUpCdERxd0NReU5NdTZwQ3FGelNNc212TnR1cXUKSmlXSEUrNFdQRTBZd3IwWCtzeFdlUWVBdUo2bGNlWTZFd3Urb0ZZYnJZakVQSUNPVEgyVnZRZUNGWXZSTk9uWQpCdE0xcWQzYTVoWVpPdjhTM1ZWVjNlcHNmR2NBSUxQOTJVR1FITlBoTWZuNGdjaXJla0w5V1FWOUFKNkFLN0tBCjVDdTMwcGJyMTQ0d2NiaVBTc2VUbkNwenh3TCtSdno0RjlheksvODJxeTdyL05ZcVlnRENURXhnT0ZFQVpYODkKMzBoU2wvcnlHZ1dldzhRS2xESUp5cVhTdW9jdUZodk5NMVJkMW1uU1dwd0daYjMyNnEvSkt5RFpDaEVvZy9VcQovdGpUcGZ6V2R5RnNvUXIyeEVlZzV5elNkSDU4eEtzSElJZGhvUkg0NjNsQ3lNNWVxcWROdFNPYW53PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K 86 | ``` 87 | ## 创建Secret 88 | 可以使用自定义证书。
示例: 89 | ```yaml 90 | apiVersion: v1 91 | kind: Secret 92 | metadata: 93 | name: skywalking 94 | namespace: skywalking 95 | data: 96 | tls.crt: | 97 | LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZzekNDQTVzQ0NRQ3h5Q2xkRVVFd2RUQU5CZ2txaGtpRzl3MEJBUVVGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFMU16VTFXaGdQTWpFeU1EQTNNVGN3TVRVek5UVmFNSUdpTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4TERBcUJnTlZCQU1NSTNOcmVYZGhiR3RwYm1jdGFXNXFaV04wYVc5dUxuTnIKZVhkaGJHdHBibWN1YzNaak1SOHdIUVlKS29aSWh2Y05BUWtCRmhCc2FYQm5RRzkxZEd4dmIyc3VZMjl0TUlJQwpJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBeCt1V0NRaDJWRTZtYVF5N0FFa0IxdnU1ClV1blJDWjlNcUpHY284c0lkQ2plOGN4WE5QbXdyMXVzOFEyVVAvcUZYWkw5VUJ6R2gyV3FaSTdRc25Dbm5YcVYKcUpyS0IrR3kvTncvWnFEV1hJQnhSYTBsZEdicEkxbjdVSzVyZWJENTJjVGhMeVBQcWtBV2I3ejJRYnFEbTRheQpsV3FwN0h2MThDUHlidklJMUc2MHorUFR1WTdWc2hwTEJhQ0RXdy9pOUdXTCtBWnpSYjdlcnBJeWYxdGtaNjY3CmhlM21aUDc0cklHaVJsK1NHT3BxNnVYQUYwWXRsTFdPMHBCY2ZlaUxlTm9PcUVXUmRqMDVHUkg0eHE2bzZ2YzQKZlNlUzRvYy94R0wwTnVYV0ZENitaZEE2V0tJYm8rQ2wyd21abzFQRXVFcTRxUkJhQXpLZm1EUThrRXpEc28zeQoxb2VwUUVyVFVBUFFqYVZrOThjcU9ROEtIbWEyaUZLOTBoc0IvS0NHNXlpTUF3V0JhckdRTzhuQm5yejZFeEN3CjM2ZlZ4eVpmazloY3R3TzZwWTNibWJuM0ExaVMwNERzNUxhdFZaM3QrN2c5VHJ2Tm91anBHdTJLblhrcU5oODIKa21TKzZ4UEZtZ1Z2dUx6NGtpS3oxbDdmaThzVzFQd2RBdHFKQkJsZDY4MHA3ek5yeFp4MTlVNjVobkl5dVh6Wgo1WHZSYzI4RUNhWVFhNTQybS9rVzU0YkN1QUo1TkRmVnVhWGNiZThrN2hlYk1RaGF1Zk4xRy8rTTJMVXJvczdCCi9aRnFYdWtjQ3F1KzczdWRTMkJCM2pWeG9FTTV3ajNZM0ZpYUptSUh4blhOL2VzcFZ5dHZNU3hQVVpjdWlieWwKSGVLRDcrZEsvK2dxcFhsd3Awc0NBd0VBQVRBTkJna3Foa2lHOXcwQkFRVUZBQU9DQWdFQUhzeDcySjVpMjdTZwpqb2g2N2hnbDBpZUt3ajdrVnljM2JWUmZvQS83NTgweUVQMjl2MWMwbksyVktpYzYrcHM0eGt2WHRpKzVsNVdlCmpmb0p1TmFFVVNHN0xTNVBZUm12aUJQZEVXY2ZteWdRYzhTcjdYeFVreVJyaGFuMnFLWGZwZkVMMmh3YVl1N2wKano2OEdjS0dPL3RJTUphWFRZWHVNQm9SeTdZY0JzY2tXejlIcTZjYndkZXhhdEo5eUhjenF5ZzBUUXZrRXBmMQpSck1DWE0yZHp1Wm1neHFmNkhzamp3Zm9KcWJGS3IrZDBBNjlBUGNJT0N3QUlaSU9VNzIxNko1Mms0N3JINnVaCmRGdWR4QUU5UExSWVVsQTQ2S1RKemVETmxrZGxRSnNQU05QclB0MTdGTmpNbTBNN1dLWDh0ZW9BUHNSWDkwZm4Kd203Qlc3Z2RwQVJ0NGhWdWQ2cmxycmlZWUpKQXNZRjNHV1lGT2RuaVJraHVycGRuUmgza1ZrZU53bDhOb3ZmTgpoY2tnQ0Rvb09jMHZpNHNvNXBwMUFSWHlMWUFsUnlaU2NHQ3U5WTJsUkwvTGJOb1JlRGgrcEJNbGtSa2J5S3ZyCkpGYUZxbVIvVFhXVkRwVFNDNGhQcmkzOVE3eDRJVDRUQUpZQjAvM2FTT1Nlczl0YXZSeUhWREFWR3MvSzJxaDAKeEpaK0c5NVZqQ1ZjWTU2NDBuNzZycDNZZEVlMXdteU9weWhCOSthZ0JMZGlxSVMzQ3ppbUJJeEhRc3hsdXF6Zwo1Ky9Ha1crZTh0TDBKRnVKZ2hkSE1wTzZkaW5XMDVCN2xadWlVSisxS2lsTWZZVmQ0K1poTlp6bDRmcGZhazg2CmxmdXg2UzNOSktVcFQzU3dIRW5ZOXBoRmVsLzlHMms9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 98 | tls.key: | 99 | LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKSndJQkFBS0NBZ0VBeCt1V0NRaDJWRTZtYVF5N0FFa0IxdnU1VXVuUkNaOU1xSkdjbzhzSWRDamU4Y3hYCk5QbXdyMXVzOFEyVVAvcUZYWkw5VUJ6R2gyV3FaSTdRc25Dbm5YcVZxSnJLQitHeS9Ody9acURXWElCeFJhMGwKZEdicEkxbjdVSzVyZWJENTJjVGhMeVBQcWtBV2I3ejJRYnFEbTRheWxXcXA3SHYxOENQeWJ2SUkxRzYweitQVAp1WTdWc2hwTEJhQ0RXdy9pOUdXTCtBWnpSYjdlcnBJeWYxdGtaNjY3aGUzbVpQNzRySUdpUmwrU0dPcHE2dVhBCkYwWXRsTFdPMHBCY2ZlaUxlTm9PcUVXUmRqMDVHUkg0eHE2bzZ2YzRmU2VTNG9jL3hHTDBOdVhXRkQ2K1pkQTYKV0tJYm8rQ2wyd21abzFQRXVFcTRxUkJhQXpLZm1EUThrRXpEc28zeTFvZXBRRXJUVUFQUWphVms5OGNxT1E4SwpIbWEyaUZLOTBoc0IvS0NHNXlpTUF3V0JhckdRTzhuQm5yejZFeEN3MzZmVnh5WmZrOWhjdHdPNnBZM2JtYm4zCkExaVMwNERzNUxhdFZaM3QrN2c5VHJ2Tm91anBHdTJLblhrcU5oODJrbVMrNnhQRm1nVnZ1THo0a2lLejFsN2YKaThzVzFQd2RBdHFKQkJsZDY4MHA3ek5yeFp4MTlVNjVobkl5dVh6WjVYdlJjMjhFQ2FZUWE1NDJtL2tXNTRiQwp1QUo1TkRmVnVhWGNiZThrN2hlYk1RaGF1Zk4xRy8rTTJMVXJvczdCL1pGcVh1a2NDcXUrNzN1ZFMyQkIzalZ4Cm9FTTV3ajNZM0ZpYUptSUh4blhOL2VzcFZ5dHZNU3hQVVpjdWlieWxIZUtENytkSy8rZ3FwWGx3cDBzQ0F3RUEKQVFLQ0FnQjZqYm5RMmNZb0VuckM1Ukh4cjgrWDZZSUhDTnlqS0d0RzN0U0dPQjE3ajk1em5jOUw0MURqZnJCNgpxTmRialFpYWYxUVgrenZjbm44ZzI4ZWx5NWVFMnpQSlF2SmNlSWhQcC9pWndqa0dSWnFxbXVUZUFZUWpycko0CkdDUThXamdmdmloSXpJd3VFdEZ1T0FsQjY4Tm40Tit5NXNzNTlCZWsyWFJ4ZkovYkVlNTNqbk1wU2gxSDdBUlgKYzdseVpqKzdrRkNJZi9QRUtxaTVuVmVsYVBJWStTMXRnWlArRDZ1RG5JaE0yYU5tOExVUVFEMU1SeklEK25TTwpNZjd4RkZBRGlyRDNpSVlPVktPZThieHVsMzFuWkp2VlpTQVBDOWdVWEpEVzRuZ2t1djNlemhJbWFXSEdTUjJECk05UmlJaVR5MEtONHlGUlZwMy9jUHhGdGFCR0NXc2ZTM0U4endyellCWkxDK3E5aHQ1REhWRDFFZVVja0wyVEsKc1IvOEJRaGtqd3A4UnI1NmJqVURGSHg3REhUQ0xia3RObEdIRS9xZng3bzZLME85UDMrcVJNUFJkVExsTUNsWApGbW03NEFKNnFlVlZMelZZSXBCMzI1UEpmZHFHb3NXWEZGd09IZEZLMWF3ZGU3VTZTcjV1dWkxOHROTTA2dzY2CjJQL2NBRWVveXlPYktjblJRR3RUOEh3M1Roem1VTGxVVnhBV0c5QytKS2YyQU84Z1Rwc3NFeGdCTmRid244UlIKUCtkbHRXdjhzczZkQzNoWld4OHFPbG1id09VRFBDd2pwSytjSUhyT21XS3F3WW1uc1dhLzhtRkxGTVdFbE9CWgprMGwwa0RhcTVrQmVRRDRkT0ozZ1RybVRSVGVGS20wNVk2OHk2Wm4yZEpKZFUyK29vUUtDQVFFQThNM2lPeUhaCk1CM3FFUmROeFBJQmxOdExFbVp1ck1qVkJ2MVFrUG91eTVPdlRlTjI0UnhVZzZ0ZjZONlIraVVJOGFIcDdvRFkKZzYvVW43UUFldGNhZ05sd3dZSTAyL3AyOEZrdlF3NXdCZy9VNmpIOEVNMnFiWGtxUFNhVTQ5KzJpTWxldytkRApqTFNUaDlaSE5tTWpIMU1iRXlUSjlvYU9MZk55NTVzZS9wNUdsRi9ONm02aWlyci9oYTlMakszMlpodDBVQmJLClEvQi9oeTFCUHNRU1ViL2dXczVsNjduQXgrWmxHSmQzMkJnc1pYZ1pJc2JybVdxQWdCQXpEOTcxUDVZL3hZSEcKaEpYV3IzS2kxaVZOMHJiYjNYS3JuWU5XWVpXVDlGc1JveGRkNmlBNGIwcHUxYkRHUDgwS2dqVmtMaHQ4Ung2aQppbzNGb0lUYW9HQS9ld0tDQVFFQTFJazhFdHhlUVB0cEI1TVltajYrK0R4clZ0SDdVbGlEWisrZTliVnEvbVhwCm9KQS9uaTR3ajlaSXRneklxYUFUcUVZQXJrd0NPRno1Z1VBTk5JZG1KZm1YVFJQWE1OOThGL21QS0NHYzIycVkKWVJGM0V5ZThvc01jNFNDRG13dUFIdmVLbUdla1ovU0lESUE3L3FGRjVvT1BBeFlCdFhmYWw1NkY4S2dEQ2pJdApiVjZwaWFXWXRibldHUktrZ1lub2MzUkZLWlhjVitsWm1DclVIVFZZUFZTTklaRTdjeCtnOThuMUtvZDdlcFAwCkF1MWU5VW5iMDJVcWNNWlR4Z0pWWmxlZ20yQjdTTVNIUGhIRG9iYUJnQVMvRDBhV2psL0NHc1IwbjIvVnlQZWoKMkZpeHEwYnBEb1Avb0ZGMFdjNWt5YVk1WXBxR1ZJN2pwQjc2WVB0R2NRS0NBUUJtSUx1SkhyTHhVRTZjVHdqaAp0VTNzWnhFd3paYTAyenhXQ1l0bzRXS0ZYcTVqMTB2czcwbjh5ZXNVWllqOTBVVTR6ZFhjSEhNM2JwUTc0MmlzCnNKd0I5N1oxcTVabGtaVnVIRFVLT0k1VVU5U1dPdnJQMlpvbGNkVHpPSEMvTUh0SENqaVIxM3h6cVlaRWZ5R1cKdEhjSjZ3STVuVW0ycjV5UGFvZmFLSlQ5b2YwSElwYS9qWXFNVWdEYkh0eG8zc0w0elQ0SVZaSVZQR09wM2d5awo1UjFyNUhmdnEwZllzT0JOSjY3S3Zqckt3SDNienhMQ0NDR1Y0SEI5WCtGNElyUmE4b3M3WmUzZS8zbWMwWDYwCldmL21sVDBzYjF6UG9nczV1ZW1WSWlhWngraEJ5c2FFbE1uckFWMGpZLy9IOTRMMGR4Mi9RQVBweFhVQ3ZqWEcKL09zUEFvSUJBQ2w2VnVUL2FNMlp3eGVkVjNIU3lRWTlGRjJ2UVRNQzN6SkxpMlE4Y1pNUVpKWFhVUE1YNUpaTgpwWWNSMjU5dkJDY1U4bEVSdUdVemorWHZrQ1F1UUhzc3lLQmNQT1RtMkpyOU16a0x4a2J6K0tVSStZb2RlU3p5Cmt4SkVmQ3FvQmVzRk9HRWg2TzM0eFF4YmdsbmhNM2tYTjdQTWVhem1wUnh0N1luWDRDLy9OdXBmVFFyMTdHV2EKelBPN3Rhc3FOTmxEV2JRUjhSeWZCOE13cUpEQ3RtUFJ1bkZRbkorTkRxY05IUEdkMnpWQzVwNGpvU0tSdFhyKwpCVmhZL0VScWRDd3k4YjhoQnk1ZVhGNTZyUWxFU3VXbkIzcDl0aWcyKy9TcFhuRTNMQ3U2V0ptQ1Jibzlib0pNCnRIaWZMT3ZSNGMyUXlTWTdMZmdXb3NxRzJTcFFINkVDZ2dFQUpCdERxd0NReU5NdTZwQ3FGelNNc212TnR1cXUKSmlXSEUrNFdQRTBZd3IwWCtzeFdlUWVBdUo2bGNlWTZFd3Urb0ZZYnJZakVQSUNPVEgyVnZRZUNGWXZSTk9uWQpCdE0xcWQzYTVoWVpPdjhTM1ZWVjNlcHNmR2NBSUxQOTJVR1FITlBoTWZuNGdjaXJla0w5V1FWOUFKNkFLN0tBCjVDdTMwcGJyMTQ0d2NiaVBTc2VUbkNwenh3TCtSdno0RjlheksvODJxeTdyL05ZcVlnRENURXhnT0ZFQVpYODkKMzBoU2wvcnlHZ1dldzhRS2xESUp5cVhTdW9jdUZodk5NMVJkMW1uU1dwd0daYjMyNnEvSkt5RFpDaEVvZy9VcQovdGpUcGZ6V2R5RnNvUXIyeEVlZzV5elNkSDU4eEtzSElJZGhvUkg0NjNsQ3lNNWVxcWROdFNPYW53PT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K 100 | ``` 101 | ## 部署准入控制器 - SWKAC 102 | 准入控制器提供大量的环境变量以及参数可配置,清单如下: 103 | 104 | | 参数名称(环境变量) | 默认值 | 说明 | 105 | | --- | --- | --- | 106 | | SWKAC_USE_TLS | true | 是否启用HTTPS | 107 | | SWKAC_TLS_CERT | /etc/swkac/tls.crt | HTTPS证书路径 | 108 | | SWKAC_TLS_KEY | /etc/swkac/tls.key | HTTPS证书路径 | 109 | | SWKAC_TRIGGER_ENV | false | 通过POD环境变量配置,来识别是否启用自动注入功能。
true:如果目标POD存在环境变量SWKAC_ENABLE且值为true是才会加载agent,否则不对pod做任何变更。
false:关闭该检测功能。 | 110 | | SWKAC_SW_IMAGE | lipangeng/skywalking-initcontainer:latest | 默认的InitContainer镜像地址 | 111 | | SWKAC_SW_AGENT_COLLECTOR_BACKEND_SERVICES | skywalking-aop.skywalking:11800 | 默认的Skywalking AOP地址 | 112 | | SWKAC_SW_JAVA_ENV_NAME | JAVA_TOOL_OPTIONS | 写入到pod中的环境变量,将增加启动命令至该环境变量中,通常设置为:-javaagent:/opt/skywalking/skywalking-agent.jar | 113 | 114 | 示例: 115 | ```yaml 116 | apiVersion: apps/v1 117 | kind: Deployment 118 | metadata: 119 | name: skywalking-injection 120 | spec: 121 | replicas: 3 122 | template: 123 | metadata: 124 | name: skywalking-injection 125 | labels: 126 | app: skywalking-injection 127 | spec: 128 | containers: 129 | - name: skywalking-injection 130 | image: lipangeng/skywalking-injection:latest 131 | imagePullPolicy: Always 132 | ports: 133 | - containerPort: 80 134 | name: http 135 | - containerPort: 443 136 | name: https 137 | env: 138 | - name: TZ 139 | value: Asia/Shanghai 140 | - name: SWKAC_TRIGGER_ENV 141 | value: "true" 142 | - name: SKAC_OPTIONS 143 | value: -v 3 144 | - name: SWKAC_SW_IMAGE 145 | value: lipangeng/skywalking-initcontainer:7.0.0 146 | - name: SWKAC_SW_AGENT_COLLECTOR_BACKEND_SERVICES 147 | value: skywalking-aop.skywalking:11800 148 | - name: SWKAC_SW_JAVA_ENV_NAME 149 | value: CATALINA_OPTS 150 | resources: 151 | requests: 152 | memory: 64Mi 153 | limits: 154 | memory: 128Mi 155 | livenessProbe: 156 | httpGet: 157 | port: https 158 | path: /health 159 | scheme: HTTPS 160 | readinessProbe: 161 | httpGet: 162 | port: https 163 | path: /health 164 | scheme: HTTPS 165 | volumeMounts: 166 | - mountPath: /etc/swkac/ 167 | name: cert 168 | readOnly: true 169 | restartPolicy: Always 170 | volumes: 171 | - name: cert 172 | secret: 173 | secretName: skywalking 174 | selector: 175 | matchLabels: 176 | app: skywalking-injection 177 | ``` 178 | ## 创建Service 179 | ```yaml 180 | apiVersion: v1 181 | kind: Service 182 | metadata: 183 | name: skywalking-injection 184 | namespace: skywalking 185 | spec: 186 | selector: 187 | app: skywalking-injection 188 | ports: 189 | - port: 80 190 | name: http 191 | - port: 443 192 | name: https 193 | ``` 194 | ## 注册Skywalking Injection准入控制器 195 | > 需要Kubernetes1.9版本以上可用,且以1.16为分界点,两种不同的配置。 196 | 197 | 本示例中,对于哪些pod会被拦截做了筛选。
如果namespace被打上skywalking-injection=true标签,它下面发布的pod才会经过该准入控制器。除此之外还支持其它规则,详情参考官方文档。
示例: 198 | ```yaml 199 | # >= 1.16 200 | apiVersion: admissionregistration.k8s.io/v1 201 | kind: MutatingWebhookConfiguration 202 | metadata: 203 | name: skywalking-injector 204 | webhooks: 205 | - admissionReviewVersions: ["v1beta1"] 206 | failurePolicy: Fail 207 | clientConfig: 208 | caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZvakNDQTRvQ0NRREZYZTRwM1o0NjREQU5CZ2txaGtpRzl3MEJBUXNGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFME5EQXhXaGdQTWpFeU1EQTNNVGN3TVRRME1ERmFNSUdSTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4R3pBWkJnTlZCQU1NRW5kM2R5NXBiR1Z0YjI1MFpXTm9MbU52YlRFZk1CMEcKQ1NxR1NJYjNEUUVKQVJZUWJHbHdaMEJ2ZFhSc2IyOXJMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQUxIUS9ndTE0WUJDYjNRNSthTWtyT3dEeUpQKzQvQUpjRTg0Yk5tci9WbFhEMW9JCnMzTDJvclFicGtRQ1VEVmZqVHFOTWtvT3QrbVpYWHdtMnUzMG1TTkpCRmhaeHEzT2dLSVZxV2IxVWQ5WDRBMjMKOUlxSWREV0NOMndVWlhVd0ZuTTdCYW5xUyt3cmJob3ZxalNFcUI2OUJpbkdjamZvTCsxaWUzdVhqeVBHZklWagpieldVSUdnYzNpVEllc2xyL1prUzBLaDYzbFVtN0NaSFBacVpwMy9vVVNYQmszTXN4dkpCdFZ4QlRQNG5FMCtiCmYvWEkveElTby91ckI1a2RYZW1RM2lnRUtRQmpTWXAvbkthdWEvUHJrZ3BHbVl1a2RlWElVeXhKQk9rNUJCdXcKb3Fid0NBcEFpQ0wzeUMvZnVreEdPZjd6dHdiRGZYU2hXT3ZTSks2NFd0Y1owRHhsQ05VTDFOZzZrcjFLMjRNeApHazZjRDViUWJjWCtEVzhTS25iS0NabzhLR1Jvdjl1cG9tRVc0Q2kzWE8rTjF6cGRST2lwYVpXVTNLdnJGZ2E2CjY5ZmhJM0dnM2RVbFprK2hUazVkMUExNysxU3l3QXRRaldxeG93R3ljY1pPSnRqOUpZaUlITXJsRU9SeWZQTzIKNVg0UG1VSmtoSW9BYWNSdm1oaWRTRFlRTmNMZUt4Ym1TVXdWZEhaSkpGWjJaVjFpcnZPMmM4VEtqNlBXZDA3YQpGNTRvK0JLMVQyMjFWK0hnUnJWbTlaNE5zQWNNc1BScHYzYWNCdk1aWWxxL0h4amttU1NNSHFtd0UwY1d1c28yCkZxdmNiMXBKUGJMdGpQZ1d3VmRPblZxTUc3aTEzYU5uck1mODVKc2VzZVp6VE9zLzFCdlhyODUxVTVMZkFnTUIKQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJWjdaWFpXNEhKMTI3enh2T1ltSHU3aC9rNUdwb294dkorcApZS29QRjRpd3BGRGM3ZjBQZHk0K0tVcG1RS2xjYVJuSEZWWGQ5WEo0R1lnNjg5a0xUeVo3c29iam5RdDZOU0tOCmxYTmdvSUp3Zm1ONXpqV25HUCtXTWhvQlJMM0o0bjNTWUdtalkwZTRzOU1wUlBRdklTeUdZcytFQUQxVGozZEQKdnFoM05WTnd2bjJsNkkyY0lxUEVoU01SY3QwU3lPc2o4MDIveFBvajZtZStqRjk4ZGc2V1M5VUhBSnNqcUV6WApzbHdhQTl6c3ZwQlo0TjVjdXNRMmpHWEdEbkVDQUtMNm1idnRVWHBYd012SFd5MG1vQ1g4c0tKcEJkNlZiUHhMCnhlT1duTnpDRWQvYXdqZVk1N3BzOTNidjZVejZ1a2UyV2ZiOUdMd1BCRmQ5RUs1NkV5Y2U5d2daSThvaDJOSVkKYjY2RHAwbExhR2k0OGRZWkpGRU1ETFhOVUV2RXRmZEo3K3lsU1cyWG52bkxDT25oQjJiQm93YmxlMDc1UllzagpsdFVKRWw1YTFZbUhOWnMzeGdyd1ErL3N4bjg1YlArempTSUlqUms1V1Bpbm4vL25vdGp6UHJJSGJmTjY0by95CjAvVWlrZVRjVFZuZUREQUJwdGZ5VXlEbU5pVlhCaHlodks3MTJEZmZ1Q01aclQ1YlF6VUd1cytBUGo4QThoZ0kKbXFSd25LdnJvcHJ2OEp3b2VZbm1rNExkZmxMSlFYczJVdWd2L1p1VmVkeTFBSk5rZThUSXhhRUoyS2hTMGdacQowWXZEVkFRRUg0VlRMeDhWRTdxRm42QTVhaERtVUF0ZEJ5MUNkSy9JQ1o4eDdKZkRCYS9zK0p1K1ZBTGt5Mm9hCjRxVlNEUHQyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 209 | service: 210 | name: skywalking-injection 211 | namespace: skywalking 212 | namespaceSelector: 213 | matchLabels: 214 | skywalking-injection: "true" 215 | name: injection.skywalking.ilemontech.com 216 | timeoutSeconds: 5 217 | sideEffects: None 218 | rules: 219 | - apiGroups: [""] 220 | apiVersions: ["v1"] 221 | operations: ["CREATE"] 222 | resources: ["pods"] 223 | scope: "Namespaced" 224 | 225 | # > 1.9 & < 1.16 226 | --- 227 | apiVersion: admissionregistration.k8s.io/v1beta1 228 | kind: MutatingWebhookConfiguration 229 | metadata: 230 | name: skywalking-injector 231 | webhooks: 232 | - failurePolicy: Fail 233 | clientConfig: 234 | caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZvakNDQTRvQ0NRREZYZTRwM1o0NjREQU5CZ2txaGtpRzl3MEJBUXNGQURDQmtURUxNQWtHQTFVRUJoTUMKUTA0eEVEQU9CZ05WQkFnTUIwSmxhV3BwYm1jeEVEQU9CZ05WQkFjTUIwSmxhV3BwYm1jeER6QU5CZ05WQkFvTQpCbWxNWlcxdmJqRVBNQTBHQTFVRUN3d0dhVXhsYlc5dU1Sc3dHUVlEVlFRRERCSjNkM2N1YVd4bGJXOXVkR1ZqCmFDNWpiMjB4SHpBZEJna3Foa2lHOXcwQkNRRVdFR3hwY0dkQWIzVjBiRzl2YXk1amIyMHdJQmNOTWpBd056RTMKTURFME5EQXhXaGdQTWpFeU1EQTNNVGN3TVRRME1ERmFNSUdSTVFzd0NRWURWUVFHRXdKRFRqRVFNQTRHQTFVRQpDQXdIUW1WcGFtbHVaekVRTUE0R0ExVUVCd3dIUW1WcGFtbHVaekVQTUEwR0ExVUVDZ3dHYVV4bGJXOXVNUTh3CkRRWURWUVFMREFacFRHVnRiMjR4R3pBWkJnTlZCQU1NRW5kM2R5NXBiR1Z0YjI1MFpXTm9MbU52YlRFZk1CMEcKQ1NxR1NJYjNEUUVKQVJZUWJHbHdaMEJ2ZFhSc2IyOXJMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0lQQURDQ0Fnb0NnZ0lCQUxIUS9ndTE0WUJDYjNRNSthTWtyT3dEeUpQKzQvQUpjRTg0Yk5tci9WbFhEMW9JCnMzTDJvclFicGtRQ1VEVmZqVHFOTWtvT3QrbVpYWHdtMnUzMG1TTkpCRmhaeHEzT2dLSVZxV2IxVWQ5WDRBMjMKOUlxSWREV0NOMndVWlhVd0ZuTTdCYW5xUyt3cmJob3ZxalNFcUI2OUJpbkdjamZvTCsxaWUzdVhqeVBHZklWagpieldVSUdnYzNpVEllc2xyL1prUzBLaDYzbFVtN0NaSFBacVpwMy9vVVNYQmszTXN4dkpCdFZ4QlRQNG5FMCtiCmYvWEkveElTby91ckI1a2RYZW1RM2lnRUtRQmpTWXAvbkthdWEvUHJrZ3BHbVl1a2RlWElVeXhKQk9rNUJCdXcKb3Fid0NBcEFpQ0wzeUMvZnVreEdPZjd6dHdiRGZYU2hXT3ZTSks2NFd0Y1owRHhsQ05VTDFOZzZrcjFLMjRNeApHazZjRDViUWJjWCtEVzhTS25iS0NabzhLR1Jvdjl1cG9tRVc0Q2kzWE8rTjF6cGRST2lwYVpXVTNLdnJGZ2E2CjY5ZmhJM0dnM2RVbFprK2hUazVkMUExNysxU3l3QXRRaldxeG93R3ljY1pPSnRqOUpZaUlITXJsRU9SeWZQTzIKNVg0UG1VSmtoSW9BYWNSdm1oaWRTRFlRTmNMZUt4Ym1TVXdWZEhaSkpGWjJaVjFpcnZPMmM4VEtqNlBXZDA3YQpGNTRvK0JLMVQyMjFWK0hnUnJWbTlaNE5zQWNNc1BScHYzYWNCdk1aWWxxL0h4amttU1NNSHFtd0UwY1d1c28yCkZxdmNiMXBKUGJMdGpQZ1d3VmRPblZxTUc3aTEzYU5uck1mODVKc2VzZVp6VE9zLzFCdlhyODUxVTVMZkFnTUIKQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJWjdaWFpXNEhKMTI3enh2T1ltSHU3aC9rNUdwb294dkorcApZS29QRjRpd3BGRGM3ZjBQZHk0K0tVcG1RS2xjYVJuSEZWWGQ5WEo0R1lnNjg5a0xUeVo3c29iam5RdDZOU0tOCmxYTmdvSUp3Zm1ONXpqV25HUCtXTWhvQlJMM0o0bjNTWUdtalkwZTRzOU1wUlBRdklTeUdZcytFQUQxVGozZEQKdnFoM05WTnd2bjJsNkkyY0lxUEVoU01SY3QwU3lPc2o4MDIveFBvajZtZStqRjk4ZGc2V1M5VUhBSnNqcUV6WApzbHdhQTl6c3ZwQlo0TjVjdXNRMmpHWEdEbkVDQUtMNm1idnRVWHBYd012SFd5MG1vQ1g4c0tKcEJkNlZiUHhMCnhlT1duTnpDRWQvYXdqZVk1N3BzOTNidjZVejZ1a2UyV2ZiOUdMd1BCRmQ5RUs1NkV5Y2U5d2daSThvaDJOSVkKYjY2RHAwbExhR2k0OGRZWkpGRU1ETFhOVUV2RXRmZEo3K3lsU1cyWG52bkxDT25oQjJiQm93YmxlMDc1UllzagpsdFVKRWw1YTFZbUhOWnMzeGdyd1ErL3N4bjg1YlArempTSUlqUms1V1Bpbm4vL25vdGp6UHJJSGJmTjY0by95CjAvVWlrZVRjVFZuZUREQUJwdGZ5VXlEbU5pVlhCaHlodks3MTJEZmZ1Q01aclQ1YlF6VUd1cytBUGo4QThoZ0kKbXFSd25LdnJvcHJ2OEp3b2VZbm1rNExkZmxMSlFYczJVdWd2L1p1VmVkeTFBSk5rZThUSXhhRUoyS2hTMGdacQowWXZEVkFRRUg0VlRMeDhWRTdxRm42QTVhaERtVUF0ZEJ5MUNkSy9JQ1o4eDdKZkRCYS9zK0p1K1ZBTGt5Mm9hCjRxVlNEUHQyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K 235 | service: 236 | name: skywalking-injection 237 | namespace: skywalking 238 | namespaceSelector: 239 | matchLabels: 240 | skywalking-injection: "true" 241 | name: injection.skywalking.ilemontech.com 242 | sideEffects: None 243 | rules: 244 | - apiGroups: [""] 245 | apiVersions: ["v1"] 246 | operations: ["CREATE"] 247 | resources: ["pods"] 248 | ``` --------------------------------------------------------------------------------