This repository was archived by the owner on Jun 11, 2025. It is now read-only.
Merged
Conversation
to include appropriate sysctl policies on pod
Refactor pod-pinger to use pro-bing for ping operations
DEPRECATES: logging.Logger in kubectl.YAMLClient, migrating to `log/slog`
It allows one app to access another app running inside the same namespace with it's name
feat: add service account name handling, and improves in-cluster DNS resolution of kloudlite Apps
- initial reference was from k8s default pod /etc/resolv.conf, but it assumes `ndots:5`, which means a domain to have at least 5 dots to be qualified as a FQDN, which is kind of wrong in our use case
Reviewer's Guide by SourceryThis pull request introduces a new Sequence diagram for ServiceIntercept webhook flowsequenceDiagram
participant K8s as Kubernetes API
participant W as ServiceIntercept Webhook
participant P as Pod
participant S as Service
K8s->>W: Admission Request (Pod Creation)
W->>W: Check if pod matches intercept selector
alt Pod matches intercept selector
W->>W: Add intercept labels
W->>W: Add node selector
W->>K8s: Allow with patches
else Pod doesn't match
W->>K8s: Allow without changes
end
K8s->>P: Create Pod
P->>S: Register with Service
Class diagram for new GatewayResource message typeclassDiagram
class GatewayResource {
+bytes gateway
}
class MessageDispatchService {
+ValidateAccessToken(ValidateAccessTokenIn) ValidateAccessTokenOut
+GetAccessToken(GetAccessTokenIn) GetAccessTokenOut
+SendActions(Empty) Action
+SendClusterGatewayResource(Empty) GatewayResource
+ReceiveError(ErrorData) Empty
+ReceiveConsoleResourceUpdate(ResourceUpdate) Empty
+ReceiveIotConsoleResourceUpdate(ResourceUpdate) Empty
+ReceiveInfraResourceUpdate(ResourceUpdate) Empty
+ReceiveContainerRegistryUpdate(ResourceUpdate) Empty
+Ping(Empty) PingOutput
}
MessageDispatchService ..> GatewayResource : returns
Class diagram for new ServiceIntercept CRDclassDiagram
class ServiceIntercept {
+ServiceInterceptSpec spec
+ServiceInterceptStatus status
+EnsureGVK()
+GetStatus() *Status
+GetEnsuredLabels() map[string]string
+GetEnsuredAnnotations() map[string]string
}
class ServiceInterceptSpec {
+string toAddr
+SvcInterceptPortMappings[] portMappings
}
class ServiceInterceptStatus {
+Status status
+map[string]string selector
}
class SvcInterceptPortMappings {
+uint16 containerPort
+uint16 servicePort
}
ServiceIntercept *-- ServiceInterceptSpec
ServiceIntercept *-- ServiceInterceptStatus
ServiceInterceptSpec *-- SvcInterceptPortMappings
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey @nxtcoder17 - I've reviewed your changes - here's some feedback:
Overall Comments:
- Please add documentation explaining the purpose and usage of the service intercept feature. The code looks good but some context would help users understand how to use it effectively.
Here's what I looked at during the review
- 🟡 General issues: 1 issue found
- 🟢 Security: all looks good
- 🟢 Testing: all looks good
- 🟢 Complexity: all looks good
- 🟢 Documentation: all looks good
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.
| name: {{ .ServiceName | squote }} | ||
| namespace: {{.ServiceNamespace | squote}} | ||
| path: /mutate/pod | ||
| port: 443 |
There was a problem hiding this comment.
suggestion: Make webhook port configuration consistent
The webhook port is hardcoded to 443 here but uses 9443 elsewhere in the code. Consider making this configurable and consistent.
Suggested implementation:
port: {{ .WebhookPort | default "9443" }}
This change will require:
- Ensuring the WebhookPort variable is passed in the template data structure where this template is rendered
- Verifying that other parts of the code using port 9443 are using the same configuration variable
- If there isn't already a central configuration for this port, consider creating one to maintain consistency
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
release v1.1.3
Summary by Sourcery
Add support for intercepting services.
New Features:
Tests: