search

aws / aws-app-mesh-controller-for-k8s

A controller to help manage App Mesh resources for a Kubernetes cluster.
Apache License 2.0
182 stars 110 forks source link

Override APPMESH_EGRESS_IGNORED_PORTS in injected proxyInit container #751

Closed imishchuk-carbon closed 7 months ago

imishchuk-carbon commented 7 months ago

Hey, team.

Is your feature request related to a problem? No

Describe the solution you'd like Ability to override APPMESH_EGRESS_IGNORED_PORTS in injected proxyInit container.

Current default value 

- name: APPMESH_EGRESS_IGNORED_PORTS
   value: "22"

But I would like to add additional ports to this env var, like

- name: APPMESH_EGRESS_IGNORED_PORTS
   value: "22,443,5432"

Describe alternatives you've considered Alternative is to use 

egressFilter:
    type: ALLOW_ALL

and control egress in NACL, for example, but I'd prefer to have this controlled on EKS side

Another option I'm looking into is using mutating webhook, yet it's unclear for now, how to target that specific environmental variable.

Thank you.

bendu commented 7 months ago

Hello @imishchuk-carbon

Thanks for reaching out. The controller already supports overriding the ignored ports using the "appmesh.k8s.aws/egressIgnoredPorts" annotation on the pod/deployment yaml.

Here's an example of someone someone setting the annotation

imishchuk-carbon commented 7 months ago

Hey @bendu

Thanks for quick response.

Okay, I see. And I guess other possible annotations could be glimpsed here, right?

Any other place I should look for such kind of info?

Thank you.

bendu commented 7 months ago

Hi @imishchuk-carbon

Okay, I see. And I guess other possible annotations could be glimpsed here, right?

Yeah. That would be a good place to start.

Any other place I should look for such kind of info?

There is a little but of information in the docs but not much.

imishchuk-carbon commented 7 months ago

Gotcha.

Thank you.