in pkg/inject/envoy.go [76:137]
func (m *envoyMutator) mutate(pod *corev1.Pod) error {
if ok, _ := containsEnvoyContainer(pod); ok {
return nil
}
secretMounts, err := m.getSecretMounts(pod)
if err != nil {
return err
}
volumeMounts, err := m.getVolumeMounts(pod)
if err != nil {
return err
}
variables := m.buildTemplateVariables(pod)
customEnv, err := m.getCustomEnv(pod)
if err != nil {
return err
}
customEnvJson, err := m.getCustomEnvJson(pod)
if err != nil {
return err
}
if customEnvJson != nil {
for k, v := range customEnvJson {
customEnv[k] = v
}
}
container, err := buildEnvoySidecar(variables, customEnv)
if err != nil {
return err
}
// add resource requests and limits
container.Resources, err = sidecarResources(getSidecarCPURequest(m.mutatorConfig.sidecarCPURequests, pod),
getSidecarMemoryRequest(m.mutatorConfig.sidecarMemoryRequests, pod),
getSidecarCPULimit(m.mutatorConfig.sidecarCPULimits, pod),
getSidecarMemoryLimit(m.mutatorConfig.sidecarMemoryLimits, pod))
if err != nil {
return err
}
// add readiness probe
container.ReadinessProbe = envoyReadinessProbe(m.mutatorConfig.readinessProbeInitialDelay,
m.mutatorConfig.readinessProbePeriod, strconv.Itoa(int(m.mutatorConfig.adminAccessPort)))
m.mutateSecretMounts(pod, &container, secretMounts)
m.mutateVolumeMounts(pod, &container, volumeMounts)
if m.mutatorConfig.enableSDS && !isSDSDisabled(pod) {
mutateSDSMounts(pod, &container, m.mutatorConfig.sdsUdsPath)
}
// waitUntilProxyReady requires starting sidecar container first
if m.mutatorConfig.waitUntilProxyReady {
pod.Spec.Containers = append([]corev1.Container{container}, pod.Spec.Containers...)
} else {
pod.Spec.Containers = append(pod.Spec.Containers, container)
}
return nil
}