network health admission controller

This admission controller acts as a MutatingAdmissionWebhook and adds network health sidecars to pods.

Installation

1. install the dependencies
2. download and verify setup.yaml
3. deploy admission controller kubectl apply -f setup.yaml

Dependencies

• Cert Manager is used to set up certificates to validate the webhook against the kubernetes control plane.

Usage

Enable admission controller for a namespace

Create a namespace and add the label network-health-sidecar/enabled: "true".

apiVersion: v1
kind: Namespace
metadata:
  name: network-health-test
  labels:
    network-health-sidecar/enabled: "true"

All pods created in this namespace start with an additional network health sidecar container.

Disable for a pod

Create a pod and add the label network-health-sidecar/enabled: "false".

apiVersion: v1
kind: Pod
metadata:
  name: network-health-test-pod-disabled
  namespace: network-health-test
  labels:
    network-health-sidecar/enabled: "false"
spec:
  containers:
    - name: example
      image: nginx

Pods with this label will skip the sidecar setup.

Use network port instead of unix socket

The sidecar communicates by default via a unix socket.

To communicate via a network port add the label network-health-sidecar/port: "8181".

apiVersion: v1
kind: Pod
metadata:
  name: network-health-test-pod-disabled
  namespace: network-health-test
  labels:
    network-health-sidecar/port: "8181"
spec:
  containers:
    - name: example
      image: nginx

Pods with this label will use port 8181 and define a http redinessProbe instead of a exec readinessProbe.

local development

1. install tilt, helm, helmfile, helm diff, and kind
2. setup kind with local registry
3. deploy dependencies helmfile sync
4. start environment tilt up