Trait Injector

Trait injector is a k8s admission webhook to inject data into workload.

How it works with AppConfig controller:

Build

make generate
make manifests
make

Test

make test

SSL

the ssl/ dir contains a script to create a self-signed certificate, not sure this will even work when running in k8s but that's part of figuring this out I guess

NOTE: the app expects the cert/key to be in ssl/ dir relative to where the app is running/started and currently is hardcoded to mutateme.{key,pem}

pushd ssl/
make
popd

Docker

make docker-build

Quickstart

Gererate SSL certs if haven't done yet:

pushd ssl/
make
popd

Replace caBundle field value in example/manager.yaml with the data from below:

kubectl config view --raw --minify --flatten -o jsonpath='{.clusters[].cluster.certificate-authority-data}'

Deploy to Minikube:

make minikube

Inject Deployment

Create ServiceBinding:

kubectl create -f ./example/servicebinding.yaml

Create the Deployment whose env to inject secret to, and also the Secret:

kubectl create -f ./example/test-deploy.yaml

Verify the envFrom field of the Deployment updated:

kubectl get deploy busybox1 -o json | jq -r '.spec.template.spec.containers[0]'

Inject StatefulSet

Create ServiceBinding for StatefulSet example:

kubectl create -f ./example/statefulSet/binding.yaml

Create the StatefulSet whose env to inject secret to, and also the Secret:

kubectl create -f ./example/statefulSet/statefulset.yaml

Verify the envFrom field of the Deployment updated:

kubectl get statefulset busybox1 -o json | jq -r '.spec.template.spec.containers[0]'