From cdd8a5ab787c8dcac190a8ccd53ac5697b19916f Mon Sep 17 00:00:00 2001
From: "liheng.zms" <liheng.zms@alibaba-inc.com>
Date: Thu, 22 Sep 2022 17:35:57 +0800
Subject: [PATCH] sidecarset support pods ns(kube-system, kube-public)

Signed-off-by: liheng.zms <liheng.zms@alibaba-inc.com>
---
 pkg/control/sidecarcontrol/util.go                | 6 +++---
 pkg/controller/sidecarset/sidecarset_processor.go | 5 ++---
 pkg/webhook/pod/mutating/sidecarset.go            | 4 +---
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/pkg/control/sidecarcontrol/util.go b/pkg/control/sidecarcontrol/util.go
index 991ec320a0..984a1466c0 100644
--- a/pkg/control/sidecarcontrol/util.go
+++ b/pkg/control/sidecarcontrol/util.go
@@ -62,7 +62,7 @@ const (
 
 var (
 	// SidecarIgnoredNamespaces specifies the namespaces where Pods won't get injected
-	SidecarIgnoredNamespaces = []string{"kube-system", "kube-public"}
+	// SidecarIgnoredNamespaces = []string{"kube-system", "kube-public"}
 	// SubPathExprEnvReg format: $(ODD_NAME)、$(POD_NAME)...
 	SubPathExprEnvReg, _ = regexp.Compile(`\$\(([-._a-zA-Z][-._a-zA-Z0-9]*)\)`)
 )
@@ -95,11 +95,11 @@ func PodMatchedSidecarSet(pod *corev1.Pod, sidecarSet appsv1alpha1.SidecarSet) (
 
 // IsActivePod determines the pod whether need be injected and updated
 func IsActivePod(pod *corev1.Pod) bool {
-	for _, namespace := range SidecarIgnoredNamespaces {
+	/*for _, namespace := range SidecarIgnoredNamespaces {
 		if pod.Namespace == namespace {
 			return false
 		}
-	}
+	}*/
 	return kubecontroller.IsPodActive(pod)
 }
 
diff --git a/pkg/controller/sidecarset/sidecarset_processor.go b/pkg/controller/sidecarset/sidecarset_processor.go
index 9cd1d6309f..f4c10a1c8e 100644
--- a/pkg/controller/sidecarset/sidecarset_processor.go
+++ b/pkg/controller/sidecarset/sidecarset_processor.go
@@ -269,9 +269,8 @@ func (p *Processor) getMatchingPods(s *appsv1alpha1.SidecarSet) ([]*corev1.Pod,
 	}
 
 	// filter out pods that don't require updated, include the following:
-	// 1. Deletion pod
-	// 2. ignore namespace: "kube-system", "kube-public"
-	// 3. never be injected sidecar container
+	// 1. inActive pod
+	// 2. never be injected sidecar container
 	var filteredPods []*corev1.Pod
 	for _, pod := range selectedPods {
 		if sidecarcontrol.IsActivePod(pod) && sidecarcontrol.IsPodInjectedSidecarSet(pod, s) &&
diff --git a/pkg/webhook/pod/mutating/sidecarset.go b/pkg/webhook/pod/mutating/sidecarset.go
index dc1f754c3e..5a8eca1b05 100644
--- a/pkg/webhook/pod/mutating/sidecarset.go
+++ b/pkg/webhook/pod/mutating/sidecarset.go
@@ -45,9 +45,7 @@ func (h *PodCreateHandler) sidecarsetMutatingPod(ctx context.Context, req admiss
 		req.AdmissionRequest.Resource.Resource != "pods" {
 		return true, nil
 	}
-	// filter out pods that don't require inject, include the following:
-	// 1. Deletion pod
-	// 2. ignore namespace: "kube-system", "kube-public"
+	// filter out pods that don't require inject
 	if !sidecarcontrol.IsActivePod(pod) {
 		return true, nil
 	}