chore: add ut and docs for sidecar injector

Signed-off-by: seeflood <zhou.qunli@foxmail.com>

docs/_sidebar.md

@@ -90,6 +90,7 @@
         - [Snowflake](en/component_specs/sequencer/snowflake.md)
       - [Secret Store](en/component_specs/secret/common.md)
   - [How to deploy and upgrade Layotto](en/operation/)
+  - [Layotto sidecar injector](en/operation/sidecar_injector.md)
 - Design documents
   - [Actuator design doc](en/design/actuator/actuator-design-doc.md)
   - [Configuration API with Apollo](en/design/configuration/configuration-api-with-apollo.md)

docs/en/operation/sidecar_injector.md

@@ -0,0 +1,58 @@
+# Layotto sidecar injector
+Sidecar injector can inject the Layotto sidecar to your pods automatically.  
+
+## Prerequisites
+This Layotto state SDK client demo requires you to have the following installed on your machine:
+
+- [kubectl](https://kubernetes.io/docs/tasks/tools/)
+- A Kubernetes cluster, such as [Minikube](https://minikube.sigs.k8s.io/docs/start/), [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
+- [Helm v3](https://helm.sh/docs/intro/install/)
+
+## Step 1 - Setup Layotto sidecar injector on your Kubernetes cluster
+1. Use Kind to quickly build a local Kubernetes cluster
+```
+kind create cluster --name layotto-cluster
+kubectl config use-context kind-layotto-cluster
+```
+2. Install the layotto sidecar injector chart on your cluster in the layotto-system namespace
+```
+helm install injector oci://docker.io/layotto/injector-helm --version v0.5.0 -n layotto-system --create-namespace --wait
+```
+
+## Step 2 - Use Helm to deploy Redis on your Kubernetes cluster
+`Redis` is an open source, advanced key-value store. It is often referred to as a data structure server since keys
+can contain strings, hashes, lists, sets and sorted sets.
+
+Here we use `Redis` to persist and retrieve state.
+
+```
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo update
+helm install redis bitnami/redis --set image.tag=6.2 --set auth.enabled=false
+```
+
+## Step 3 - Deploy the layotto state client with the Layotto sidecar
+1. Create a ConfigMap named `layotto-config` and populate its data from the `config.json` file
+```
+kubectl create configmap layotto-config --from-file=./config.json
+```
+2. Deploy Layotto state SDK client App
+```
+kubectl apply -f ./state-sdk-demo.yaml
+```
+
+Let's take a look at the important annotations in state-sdk-demo.yaml
+- `layotto/sidecar-inject: "true"` - this tells the Layotto sidecar injector to inject a sidecar to this deployment.
+- `layotto/config-volume: "layotto-config-vol` - this tells the Layotto sidecar injector which config Volume resource to
+  mount into layout container.
+
+The `layotto-config` ConfigMap is mounted as a volume, and all contents stored in its `config.json` entry are mounted into
+the layotto sidecar container at path `/runtime/configs`. The successfully mounted `config.json` file will be used as the configuration
+file when Layotto starts.
+
+## View program running results
+If the following information is printed, the demo succeeded:
+
+![pods.jpg](https://raw.githubusercontent.com/mosn/layotto/6e0fa2c49dde40ba9a3400f193ef35ff2c670754/demo/state/k8s/images/pods.jpg)
+
+![log.jpg](https://raw.githubusercontent.com/mosn/layotto/6e0fa2c49dde40ba9a3400f193ef35ff2c670754/demo/state/k8s/images/log.jpg)

docs/zh/_sidebar.md

@@ -97,6 +97,7 @@
             - [Secret Store](zh/component_specs/secret/common.md)  
             - [自定义组件](zh/component_specs/custom/common.md)
     - [如何部署、升级 Layotto](zh/operation/)
+    - [Layotto sidecar injector](zh/operation/sidecar_injector.md)
     - [如何本地开发、本地调试](zh/operation/local.md)
 - 设计文档
     - [动态配置下发、组件热重载](zh/design/lifecycle/apply_configuration.md)

docs/zh/operation/sidecar_injector.md

@@ -0,0 +1,58 @@
+# Layotto sidecar injector
+Sidecar injector can inject the Layotto sidecar to your pods automatically.  
+
+## Prerequisites
+This Layotto state SDK client demo requires you to have the following installed on your machine:
+
+- [kubectl](https://kubernetes.io/docs/tasks/tools/)
+- A Kubernetes cluster, such as [Minikube](https://minikube.sigs.k8s.io/docs/start/), [Kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
+- [Helm v3](https://helm.sh/docs/intro/install/)
+
+## Step 1 - Setup Layotto sidecar injector on your Kubernetes cluster
+1. Use Kind to quickly build a local Kubernetes cluster
+```
+kind create cluster --name layotto-cluster
+kubectl config use-context kind-layotto-cluster
+```
+2. Install the layotto sidecar injector chart on your cluster in the layotto-system namespace
+```
+helm install injector oci://docker.io/layotto/injector-helm --version v0.5.0 -n layotto-system --create-namespace --wait
+```
+
+## Step 2 - Use Helm to deploy Redis on your Kubernetes cluster
+`Redis` is an open source, advanced key-value store. It is often referred to as a data structure server since keys
+can contain strings, hashes, lists, sets and sorted sets.
+
+Here we use `Redis` to persist and retrieve state.
+
+```
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo update
+helm install redis bitnami/redis --set image.tag=6.2 --set auth.enabled=false
+```
+
+## Step 3 - Deploy the layotto state client with the Layotto sidecar
+1. Create a ConfigMap named `layotto-config` and populate its data from the `config.json` file
+```
+kubectl create configmap layotto-config --from-file=./config.json
+```
+2. Deploy Layotto state SDK client App
+```
+kubectl apply -f ./state-sdk-demo.yaml
+```
+
+Let's take a look at the important annotations in state-sdk-demo.yaml
+- `layotto/sidecar-inject: "true"` - this tells the Layotto sidecar injector to inject a sidecar to this deployment.
+- `layotto/config-volume: "layotto-config-vol` - this tells the Layotto sidecar injector which config Volume resource to
+  mount into layout container.
+
+The `layotto-config` ConfigMap is mounted as a volume, and all contents stored in its `config.json` entry are mounted into
+the layotto sidecar container at path `/runtime/configs`. The successfully mounted `config.json` file will be used as the configuration
+file when Layotto starts.
+
+## View program running results
+If the following information is printed, the demo succeeded:
+
+![pods.jpg](https://raw.githubusercontent.com/mosn/layotto/6e0fa2c49dde40ba9a3400f193ef35ff2c670754/demo/state/k8s/images/pods.jpg)
+
+![log.jpg](https://raw.githubusercontent.com/mosn/layotto/6e0fa2c49dde40ba9a3400f193ef35ff2c670754/demo/state/k8s/images/log.jpg)

pkg/injector/patcher/sidecar_patcher_test.go

@@ -0,0 +1,125 @@
+package patcher
+
+import (
+	"testing"
+
+	corev1 "k8s.io/api/core/v1"
+	injectorConsts "mosn.io/layotto/pkg/injector/consts"
+)
+
+func TestInjectRequired(t *testing.T) {
+	t.Run("returns true when sidecar injection is enabled and pod does not contain sidecar", func(t *testing.T) {
+		config := &SidecarConfig{
+			SidecarInject: true,
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{Name: "not-sidecar"},
+					},
+				},
+			},
+		}
+
+		if !config.injectRequired() {
+			t.Errorf("Expected true, got false")
+		}
+	})
+
+	t.Run("returns false when sidecar injection is disabled", func(t *testing.T) {
+		config := &SidecarConfig{
+			SidecarInject: false,
+		}
+
+		if config.injectRequired() {
+			t.Errorf("Expected false, got true")
+		}
+	})
+
+	t.Run("returns false when pod already contains sidecar", func(t *testing.T) {
+		config := &SidecarConfig{
+			SidecarInject: true,
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{Name: injectorConsts.SidecarContainerName},
+					},
+				},
+			},
+		}
+
+		if config.injectRequired() {
+			t.Errorf("Expected false, got true")
+		}
+	})
+}
+
+func TestGetPatch(t *testing.T) {
+	t.Run("returns nil when sidecar injection is not required", func(t *testing.T) {
+		config := &SidecarConfig{
+			SidecarInject: false,
+		}
+
+		patch, err := config.GetPatch()
+		if err != nil {
+			t.Errorf("Unexpected error: %v", err)
+		}
+		if patch != nil {
+			t.Errorf("Expected nil, got %v", patch)
+		}
+	})
+
+	t.Run("returns patch when sidecar injection is required", func(t *testing.T) {
+		config := &SidecarConfig{
+			SidecarInject: true,
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{Name: "not-sidecar"},
+					},
+				},
+			},
+		}
+
+		patch, err := config.GetPatch()
+		if err != nil {
+			t.Errorf("Unexpected error: %v", err)
+		}
+		if patch == nil || len(patch) == 0 {
+			t.Errorf("Expected patch, got nil or empty")
+		}
+	})
+}
+
+func TestPodContainsSidecarContainer(t *testing.T) {
+	t.Run("returns true when pod contains sidecar container", func(t *testing.T) {
+		config := &SidecarConfig{
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{Name: injectorConsts.SidecarContainerName},
+					},
+				},
+			},
+		}
+
+		if !config.podContainsSidecarContainer() {
+			t.Errorf("Expected true, got false")
+		}
+	})
+
+	t.Run("returns false when pod does not contain sidecar container", func(t *testing.T) {
+		config := &SidecarConfig{
+			pod: &corev1.Pod{
+				Spec: corev1.PodSpec{
+					Containers: []corev1.Container{
+						{Name: "not-sidecar"},
+					},
+				},
+			},
+		}
+
+		if config.podContainsSidecarContainer() {
+			t.Errorf("Expected false, got true")
+		}
+	})
+}

pkg/injector/service/handle.go

@@ -27,47 +27,57 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 )
 
+// handleRequest processes the incoming HTTP request for the injector.
 func (i *injector) handleRequest(w http.ResponseWriter, r *http.Request) {
+	// 1. Validate the incoming request.
 	if err := validateRequest(r); err != nil {
 		log.Error(err.Error())
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
+	// 2. Read and deserialize the request body.
 	body, err := readRequestBody(r)
 	if err != nil {
 		log.Error(err.Error())
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 
+	// Initialize variables for patch operations and success flag.
 	var patchOps jsonpatch.Patch
 	patchedSuccessfully := false
 
+	// Decode the request body into an AdmissionReview object.
 	ar := admissionv1.AdmissionReview{}
 	_, gvk, err := i.deserializer.Decode(body, nil, &ar)
 	if err != nil {
 		log.Errorf("Can't decode body: %v", err)
 	} else {
+		// 3. Attempt to get patch operations for the pod.
 		patchOps, err = i.getPodPatchOperations(r.Context(), &ar)
 		if err == nil {
 			patchedSuccessfully = true
 		}
 	}
 
+	// 4. Prepare the admission response.
 	var admissionResponse *admissionv1.AdmissionResponse
 	if err != nil {
 		admissionResponse = errorToAdmissionResponse(err)
 		log.Errorf("Sidecar layotto-injector failed to inject. Error: %s", err)
 	} else if len(patchOps) == 0 {
+		// Allow the request without modifications if no patch operations were found.
 		admissionResponse = &admissionv1.AdmissionResponse{
 			Allowed: true,
 		}
 	} else {
+		// Marshal the patch operations into bytes.
 		var patchBytes []byte
 		patchBytes, err = json.Marshal(patchOps)
 		if err != nil {
 			admissionResponse = errorToAdmissionResponse(err)
 		} else {
+			// Create a successful response with the patch operations.
 			admissionResponse = &admissionv1.AdmissionResponse{
 				Allowed: true,
 				Patch:   patchBytes,
@@ -79,20 +89,24 @@ func (i *injector) handleRequest(w http.ResponseWriter, r *http.Request) {
 		}
 	}
 
+	// 5. Prepare the final AdmissionReview response.
 	admissionReview := admissionv1.AdmissionReview{
 		Response: admissionResponse,
 	}
 	if admissionResponse != nil && ar.Request != nil {
+		// Set the UID and GVK based on the original request.
 		admissionReview.Response.UID = ar.Request.UID
 		admissionReview.SetGroupVersionKind(*gvk)
 	}
 
+	// 6. Marshal the AdmissionReview into bytes for the response.
 	respBytes, err := json.Marshal(admissionReview)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		log.Errorf("Sidecar layotto-injector failed to inject. Can't serialize response: %s", err)
 		return
 	}
+	// 7. Set the content type of the response and write the response bytes.
 	w.Header().Set("Content-Type", runtime.ContentTypeJSON)
 	_, err = w.Write(respBytes)
 	if err != nil {