azure-workload-identity icon indicating copy to clipboard operation
azure-workload-identity copied to clipboard

Published 20 hours ago verified publisher icon Azure

feat: allow proxies to be injected using a native sidecar

Open devjoes opened this issue 6 months ago • 2 comments

Reason for Change:

Fixes Issue 773 by using native sidecars so that pods exit cleanly when running as cronjobs, currently azwi sidecar prevents the pod from terminating.

It also addresses an annoyance where the first container in the pod is the proxy, so any kubectl commands target that container, previously I was working around this by adding the default-container annotation.

I've kept the current behaviour as the default because this change requires at least k8s 1.28, adding the annotation azure.workload.identity/use-native-sidecar enables native sidecars. But it seems to work well so at some point in the future you could just make this the default behaviour.

No update to deployment.yaml

No change to Helm chart

Requirements

  • [X] squashed commits
  • [X] included documentation
  • [X] added unit tests and e2e tests (if applicable).

Issue Fixed:

Fixes #733

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

  • [ ] yes
  • [X] no

Notes for Reviewers: Tested on v1.30.0-eks-fff26e3

devjoes avatar Aug 21 '24 10:08 devjoes