Home

Awesome

dsv-k8s-sidecar

Overview

There are two applications that are built in this repo:

ApplicationDescription
dsv-k8s-sidecarResponsible for fetching and periodically updating a configuration file stored at a shared volume that is used by the pods.
dsv-k8s-controllerThe controller watches for new pods with the specific annotation dsv to come online with the value of the tenant intended to be used, it then adds this pod to the internal registry.

Note There is no guarantee that the file has been created by the time the companion containers are online.

Installing

Both the sidecar & controller have helm charts located in charts with README.md files containing a reference for the input values required.

How It Works

See Architecture for more detail.

The general concept is:

FAQ

Development

Possible Future Improvements

If there are needs missing for your usage, feel free to open a GitHub issue describing your challenges and any suggestions for improvement.

Sample Applications for QA Testing

Running Project Against Local Kind Cluster

Note Further directions on development setup are in Developer.

Currently if you copy these into artifacts, it will apply.

Dev Deployment:

Optional Running Locally with TLS

There are two communication channels between sidecar and controller:

  1. Getting JWT token via http/https
  2. Secrets via GRPC

Optionally we can encrypt these communications at container level.

Generate self signed certificate

Sidecar to Controller GRPC

Add above k8 secret as volume in Controller's k8 deployment and add the name of cert and private key name env in k8 values.yml.

Sidecar to Controller Token

Add above k8 secret as volume in sidecar's k8 deployment and add the name of cert env in k8 values.yml.

Once the above setup is done all kubernetes secret will mapped to volume and both the sidecar and controller will pick certificates up from volume.

Additional Resources