nsinjector

module
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2021 License: Apache-2.0

README

nsinjector

nsinjector is a Kubernetes controller that automatically deploys resources into a namespace when it is created.

Here's a blog post I wrote about it: Deploy Kubernetes resources automatically with nsinjector .

How to use it

You can find a chart with an example values.yaml file in deploy/helm. With helm3, you can deploy it with:

helm install nsinjector-controller ./deploy/helm

Alternatively, you can manually deploy manifest stored in deploy/k8s:

# Deploy CRD first. If your cluster is >= v1.16, you can use namespaceresourcesinjector-crd-1.16.yaml instead
kubectl apply -f deploy/k8s/namespaceresourcesinjector-crd.yaml
# Deploy the controller
kubectl apply -f deploy/k8s/nsinjector-controller.yaml
# Then deploy an injector custom resource
# This is the file that you'll want to customize to your needs
kubectl apply -f deploy/k8s/namespaceresourcesinjector.yaml

Example

When a namespace starting with dev- is created, the following resource will automatically inject a role and rolebinding in it:

kind: NamespaceResourcesInjector
apiVersion: blakelead.com/v1alpha1
metadata:
  name: nri-test
spec:
  namespaces:
  - dev-.*
  excludedNamespaces:
  - dev-excluded-.* 
  resources:
  - |
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      name: dev-role
    rules:
      - apiGroups: [""]
        resources: ["pods","pods/portforward", "services", "deployments", "ingresses"]
        verbs: ["list", "get"]
      - apiGroups: [""]
        resources: ["pods/portforward"]
        verbs: ["create"]
      - apiGroups: [""]
        resources: ["namespaces"]
        verbs: ["list", "get"]
  - |
    apiVersion: rbac.authorization.k8s.io/v1
    kind: RoleBinding
    metadata:
      name: dev-rolebinding
    subjects:
    - kind: User
      name: dev
    roleRef:
      kind: Role
      name: dev-role
      apiGroup: rbac.authorization.k8s.io
  • namespaces: a list of namespace names or regex
  • excludedNamespaces: a list of namespace names or regex to be excluded
  • resources: a list of any Kubernetes resources

Contributing

Although this project is currently used in production, it is relatively young and has not been extensively tested. Suggestions and contributions are therefore very welcome.

Directories

Path Synopsis
cmd
nsinjector
internal
config
utils
pkg
apis/namespaceresourcesinjector/v1alpha1
controller
generated/clientset/versioned
This package has the automatically generated clientset.
 This package has the automatically generated clientset.
generated/clientset/versioned/fake
This package has the automatically generated fake clientset.
 This package has the automatically generated fake clientset.
generated/clientset/versioned/scheme
This package contains the scheme of the automatically generated clientset.
 This package contains the scheme of the automatically generated clientset.
generated/clientset/versioned/typed/namespaceresourcesinjector/v1alpha1
This package has the automatically generated typed clients.
 This package has the automatically generated typed clients.
generated/clientset/versioned/typed/namespaceresourcesinjector/v1alpha1/fake
Package fake has the automatically generated clients.
 Package fake has the automatically generated clients.
generated/informers/externalversions
generated/informers/externalversions/internalinterfaces
generated/informers/externalversions/namespaceresourcesinjector
generated/informers/externalversions/namespaceresourcesinjector/v1alpha1
generated/listers/namespaceresourcesinjector/v1alpha1

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.