An implementation of k8s-sidecar using kopf, an Python-based framework for kubernetes operators.
UPDATE:
The issue with the kiwigrid k8s-sidecar hanging is no longer present as of version 1.15.0.
The WATCH_CLIENT_TIMEOUT and WATCH_SERVER_TIMEOUT settings that were introduced in this fork to fix the issue, have now been ported there.
Thus, I advise users of this repo to switch back to the kiwigrid k8s-sidecar at this point.
Thank you.
Initial description
At the moment of writing this documentation, there is an issue with k8s-sidecar where it will "hang" after a short amount of time while watching for resources.
Upon inspecting the codebase for the issue, I soon concluded that much of the logic could be drastically simplified by using an operator framework.
Initially, I considered using operator-sdk but I'm not a huge fan of Go.
Additionally, I hope to contribute this rewrite to k8s-sidecar at some point and I figured that keeping things in Python would ease that transition significantly.
In essence, it works the same way as the original k8s-sidecar does.
In its most minimal form, it will look for a defined LABEL in a ConfigMap and/or Secret and write the contents defined in their data field to a given FOLDER in a file.
To see kopf-k8s-sidecar in action, I recommend deploying the resources located in /examples to your k8s cluster.
Once that's done, you can view the sidecar container logs to view events happen as you create, delete or update ConfigMaps or Secrets.
Similarly, you can view the bash container logs to see how the files defined by your ConfigMaps and Secrets are populated there.
All tags are automatically built and pushed to Dockerhub.
If you are looking to use this image with the Grafana Helm chart, then this is the section for you.
- Set
.Values.sidecar.image.repositorytoomegavveapon/kopf-k8s-sidecar - Set
.Values.sidecar.image.tagto the latest tag in Releases
The sidecar offers a simple healthcheck endpoint for use in a liveness probe (don't use it for readiness is it makes no sense for an operator).
Should this port conflict with other containers in your pod, you can change it via the HEALTHCHECK_PORT env var.
livenessProbe:
httpGet:
path: /healthz
port: 8181
| Variable | Required? | Default | Description |
|---|---|---|---|
| LABEL | Yes | None |
Label that should be used for filtering |
| FOLDER | Yes | None |
Folder where the files should be placed. |
| FOLDER_ANNOTATION | No | k8s-sidecar-target-directory |
The annotation the sidecar will look for in ConfigMaps and/or Secrets to override the destination folder for files. If the value is a relative path, it will relative to FOLDER |
| LABEL_VALUE | No | None |
The value for the label you want to filter your resources on. Don't set a value to filter by any value |
| NAMESPACE | No | ALL |
The Namespace(s) from which resources will be watched. For multiple namespaces, use a comma-separated string like "default,test". If not set or set to ALL, it will watch all Namespaces. |
| RESOURCE | No | configmap |
The resource type that the operator will filter for. Can be configmap, secret or both |
| METHOD | No | WATCH |
Determines how kopf-k8s-sidecar will run. If WATCH it will run like like a normal operator forever. If LIST it will gather the matching configmaps and secrets currently present, write those files to the destination directory and die |
| DEFAULT_FILE_MODE | No | None |
The default file system permission for every file. Use three digits (e.g. '500', '440', ...) |
| DEBUG | No | False |
A value of true will enable the kopf debug logs |
| WATCH_CLIENT_TIMEOUT | No | 660 |
(seconds) is how long the session with a watching request will exist before closing it from the client side. This includes the connection establishing and event streaming. |
| WATCH_SERVER_TIMEOUT | No | 600 |
(seconds) is how long the session with a watching request will exist before closing it from the server side. This value is passed to the server side in a query string, and the server decides on how to follow it. The watch-stream is then gracefully closed. |
| UNIQUE_FILENAMES | No (but recommended!) | False |
A value of true will produce unique filenames to avoid issues when duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. |
| HEALTHCHECK_PORT | No | 8181 |
Port on which the /healthz endpoint will be listening on |
Contrary to the original k8s-sidecar, we will look in ALL namespaces by default as documented in the Configuration Environment Variables section.
If you only want to look for resources in the namespace where the sidecar is installed, feel free to specify it.