Skip to content
/ joylive-injector Public

A webhook component for automatically injecting the joylive-agent into Java applications in the K8s environment. 适用于K8s环境中,为Java应用程序自动注入joylive-agent的Webhook组件。

License

Apache-2.0 license
11 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jd-opensource/joylive-injector

BranchesTags

Repository files navigation

joylive-injector

GitHub repo GitHub release Slack Status

pic

English | 简体中文

Description

This is a dynamic admission control webhook for kubernetes, it can be used to mutate kubernetes resources. This program monitors the CREATE, UPDATE, DELETE events for deployments and the CREATE events for pods and adds the initContainer for Pod , adds the environment variable JAVA_TOOL_OPTIONS by default, mounts the configmap, modifies the volume load for the main container, and so on.

Features

  • Supports automatically injecting joylive-agent into Pods of Java applications.
  • Supports multi-version joylive-agent and corresponding configuration management.
  • Support injection of specified version joylive-agent and corresponding configuration.

Used

Full mode

  • Install CFSSL (HTTP API tool for signing, verifying, and bundling TLS certificates) in the environment to be deployed 
    wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo 
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssl-certinfo /usr/local/bin/cfssl /usr/local/bin/cfssljson
  • Copy cfssl and joylive webhook from the deploy directory to the environment to be deployed
  • The namespace in cfssl/dac-csr.json is currently filled in as joylive and needs to be modified according to the actual situation
  • Execute the create-secret.sh script in the joylive-injector/deploy/cfssl directory to generate a secret. If the joylive-injector package is in the same directory as cfssl, it can automatically replace the value of the caBundle, caKeyBundle and caPubBundle field
  • If the value of caBundle, caKeyBundle and caPubBundle are not replaced, it is necessary to manually replace the value of the caBundle, caKeyBundle and caPubBundle field in the value.yaml in the chart package. Use the content generated by cat dac-ca.pem | base64 | tr -d '\n' as caBundle, cat dac-key.pem | base64 | tr -d '\n' as caKeyBundle, cat dac.pem | base64 | tr -d '\n' as caPubBundle to replace them
  • Execute helm install joylive-injector ./joylive-injector -n joylive Install webhook
  • Modify the configuration in the value.yaml section of the chart package as needed

Simple mode

Since the certificate signature has been pre-generated according to the namespace joylive, it is necessary to specify installation to the corresponding namespace. Execute the command:

helm repo add joylive https://jd-opensource.github.io/joylive-helm-charts
kubectl create namespace joylive
helm install joylive-injector joylive/joylive-injector -n joylive

About

A webhook component for automatically injecting the joylive-agent into Java applications in the K8s environment. 适用于K8s环境中,为Java应用程序自动注入joylive-agent的Webhook组件。

Topics

webhook k8s injector joylive

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

11 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases 3

v1.2.0 Latest
Oct 10, 2024
+ 2 releases

Packages

 
 
 

Contributors 2

  •  
  •  

Languages