Confusion arises regarding how the ctrlmesh-proxy's sidecar effectively proxies requests to the operator's k8s api-server

[village-way]

General Question

I am confused about how the sidecar of ctrlmesh-proxy proxies requests to the operator's k8s api-server. Although ctrlmesh-proxy has been successfully injected into the operator, it has not been injected into initContainers. The proxy-init.sh script is also used as an init image, and the image address is not filled in at startup. Additionally, transparent proxying for http_proxy only proxies fault injection and circuit breaker because the operator typically accesses via serviceAccount, so fake-kubeconfig should not take effect. I hope you can help clarify this. Thank you. @Eikykun

[Eikykun]

There are currently two methods to implement proxying requests to the apiserver:

• (Default) Replace kubeconfig's args or env with fake-kubeconfig. In controller-runtime(controller-runtime/pkg/client/config/config.go), the priority for using certificates is --kubeconfig arg > KUBECONFIG > ServiceAccount. However, this method cannot proxy all HTTP requests.

• (In testing) Modify iptables to forward requests to a specific port on localhost.
  At the moment, an init container is not being used by default to initialize iptables. We plan to make this feature available in a future release.

If you are interested in this, welcome you to participate in construction with us 👏 @village-way

[village-way]

There are currently two methods to implement proxying requests to the apiserver:

• (Default) Replace kubeconfig's args or env with fake-kubeconfig. In controller-runtime(controller-runtime/pkg/client/config/config.go), the priority for using certificates is --kubeconfig arg > KUBECONFIG > ServiceAccount. However, this method cannot proxy all HTTP requests.
• (In testing) Modify iptables to forward requests to a specific port on localhost.
  At the moment, an init container is not being used by default to initialize iptables. We plan to make this feature available in a future release.

If you are interested in this, welcome you to participate in construction with us 👏 @village-way

I finally got it, thank you very much for your answer.