update docs

README.md

@@ -10,28 +10,6 @@ gcloud alpha container clusters create k0 \
   --cluster-version 1.7.0
 ```
 
-Store the envoy config in a configmap:
+## Tutorial
 
-```
-kubectl create configmap envoy --from-file envoy.json
-```
-
-### Deploy the Envoy Initializer
-
-Store the Envoy Initializer configuration in a configmap:
-
-```
-kubectl apply -f configmaps/envoy-initializer.yaml
-```
-
-Create the envoy initializer configuration:
-
-```
-kubectl apply -f initializer-configurations/envoy.yaml 
-```
-
-Create the `envoy-initializer` deployment:
-
-```
-kubectl apply -f deployments/envoy-initializer.yaml
-```
+* [Deploy the Envoy Initializer](docs/deploy-envoy-initializer.md)

configmaps/envoy-initializer.yaml

@@ -3,27 +3,28 @@ kind: ConfigMap
 metadata:
   name: envoy-initializer
 data:
-  containers:
-    - name: envoy
-      image: lyft/envoy:845747db88f102c0fd262ab234308e9e22f693a1
-      args:
-        - "--concurrency=4"
-        - "--config-path=/etc/envoy/envoy.json"
-        - "--mode=serve"
-	  ports:
-		- containerPort: 80
-		  protocol: TCP
-	  resources:
-		limits:
-		  cpu: 1000m
-		  memory: 512Mi
-		requests:
-		  cpu: 100m
-		  memory: 64Mi
-	  volumeMounts:
-		- name: envoy-conf
-		  mountPath: /etc/envoy
-  volumes:
-    - name: envoy-conf
-      configMap:
-        name: envoy
+  config: |
+    containers:
+      - name: envoy
+        image: lyft/envoy:845747db88f102c0fd262ab234308e9e22f693a1
+        args:
+          - "--concurrency=4"
+          - "--config-path=/etc/envoy/envoy.json"
+          - "--mode=serve"
+        ports:
+          - containerPort: 80
+            protocol: TCP
+        resources:
+          limits:
+            cpu: "1000m"
+            memory: "512Mi"
+          requests:
+            cpu: "100m"
+            memory: "64Mi"
+        volumeMounts:
+          - name: envoy-conf
+            mountPath: /etc/envoy
+    volumes:
+      - name: envoy-conf
+        configMap:
+          name: envoy

docs/deploy-envoy-initializer.md

@@ -0,0 +1,25 @@
+# Deploy the Envoy Initializer
+
+The Envoy Initializer is a [Kubernetes initializer](https://kubernetes.io/docs/admin/extensible-admission-controllers/#what-are-initializers) that injects the [envoy](https://lyft.github.io/envoy) proxy into a pod based on policy.
+
+## Install
+
+The envoy proxy requires a [configuration file](https://lyft.github.io/envoy/docs/configuration/configuration.html) before it canbe used to forward trafic to other containers in a pod. Store the default `envoy.json` configuration in a configmap:
+
+```
+kubectl create configmap envoy --from-file envoy.json
+```
+
+The `envoy-initializer` is configured using a configmap, identified by the `-configmap` flag, which provides the containers and volumes to inject into a pod. Create the `envoy-initializer` configmap:
+
+```
+kubectl apply -f configmaps/envoy-initializer.yaml
+```
+
+```
+kubectl apply -f initializer-configurations/envoy.yaml 
+```
+
+```
+kubectl apply -f deployments/envoy-initializer.yaml
+```

envoy-initializer/Dockerfile

@@ -0,0 +1,3 @@
+FROM scratch
+ADD envoy-initializer /envoy-initializer
+ENTRYPOINT ["/envoy-initializer"]

envoy-initializer/README.md

@@ -0,0 +1,18 @@
+# Envoy Initializer
+
+The Envoy Initializer is a [Kubernetes initializer](https://kubernetes.io/docs/admin/extensible-admission-controllers/#what-are-initializers) that injects the [envoy](https://lyft.github.io/envoy) proxy into a pod based on policy.
+
+## Usage
+
+```
+envoy-initializer -h
+```
+```
+Usage of envoy-initializer:
+  -configmap string
+    	The envoy-initializer configmap name (default "envoy-initializer")
+  -initializer-name string
+    	Set the initializer name (default "envoy.initializer.kubernetes.io")
+  -namespace string
+    	The Kubernetes namespace (default "default")
+```

envoy-initializer/main.go

@@ -16,50 +16,55 @@ import (
 	"log"
 	"os"
 	"os/signal"
-	"strconv"
 	"syscall"
 	"time"
 
+	"github.com/ghodss/yaml"
+
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/watch"
 	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/cache"
-	"k8s.io/client-go/tools/clientcmd"
 )
 
-const defaultInitializerName = "initializer.kubernetes.io"
+const defaultInitializerName = "envoy.initializer.kubernetes.io"
+const defaultConfigmapName = "envoy-initializer"
 
 var (
+	configmapName   string
 	initializerName string
-	kubeconfig      string
+	namespace       string
 )
 
 type config struct {
-	containers []corev1.Container
+	Containers []corev1.Container
+	Volumes    []corev1.Volume
 }
 
 func main() {
-	flag.StringVar(&initializerName, "initializer-name", defaultInitializerName, "set the initializer name")
-	flag.StringVar(&kubeconfig, "kubeconfig", "", "absolute path to the kubeconfig file")
+	flag.StringVar(&configmapName, "configmap", defaultConfigmapName, "The envoy-initializer configmap name")
+	flag.StringVar(&initializerName, "initializer-name", defaultInitializerName, "Set the initializer name")
+	flag.StringVar(&namespace, "namespace", "default", "The Kubernetes namespace")
 	flag.Parse()
 
 	log.Println("Starting the Kubernetes initializer...")
 	log.Printf("Initializer name set to: %s", initializerName)
 
-	kconfig, err := clientcmd.BuildConfigFromFlags("", *kubeconfig)
+	clusterConfig, err := rest.InClusterConfig()
 	if err != nil {
-		log.Fatal(err)
+		log.Fatal(err.Error())
 	}
 
-	clientset, err := kubernetes.NewForConfig(kconfig)
+	clientset, err := kubernetes.NewForConfig(clusterConfig)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	cm, err := clientset.CoreV1().ConfigMaps("default").Get("istio-initializer", metav1.GetOptions{})
+	cm, err := clientset.CoreV1().ConfigMaps(namespace).Get(configmapName, metav1.GetOptions{})
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -111,7 +116,7 @@ func initializePod(pod *corev1.Pod, c *config, clientset *kubernetes.Clientset)
 		pendingInitializers := pod.ObjectMeta.GetInitializers().Pending
 
 		if initializerName == pendingInitializers[0].Name {
-			log.Printf("initializing pod: %s", pod.Name)
+			log.Printf("Initializing pod: %s", pod.Name)
 
 			// Remove self from the list of pending Initializers while preserving ordering.
 			if len(pendingInitializers) == 1 {
@@ -121,6 +126,9 @@ func initializePod(pod *corev1.Pod, c *config, clientset *kubernetes.Clientset)
 			}
 
 			// Modify the PodSec and post an update.
+			pod.Spec.Containers = append(pod.Spec.Containers, c.Containers...)
+			pod.Spec.Volumes = append(pod.Spec.Volumes, c.Volumes...)
+
 			_, err := clientset.CoreV1().Pods(pod.Namespace).Update(pod)
 			if err != nil {
 				return err
@@ -130,3 +138,12 @@ func initializePod(pod *corev1.Pod, c *config, clientset *kubernetes.Clientset)
 
 	return nil
 }
+
+func configmapToConfig(configmap *corev1.ConfigMap) (*config, error) {
+	var c config
+	err := yaml.Unmarshal([]byte(configmap.Data["config"]), &c)
+	if err != nil {
+		return nil, err
+	}
+	return &c, nil
+}