Sometimes, user wants to inject customized content in pod manifest on the fly. For example, adding an additional network by injecting net-attach-defs in pod annotation.

This can be achieved by defining a configMap which contains key:value in its data entry, key is a user defined k8s label, value is the content to be injected in pod manifest. NRI inspects the pod label and inject the corresponding data value in pod manifest if the pre-defined label is found. For example:

apiVersion: v1
data:
  network-resource-injector-pod-annotation: '{"op": "add", "path": "/metadata/annotations", "value": {"k8s.v1.cni.cncf.io/networks": "sriov-net-attach-def"} }'
kind: ConfigMap
metadata:
  name: network-resource-injector-customized-injection-config
  namespace: network-resource-injector-namespace

In above example, network-resource-injector-pod-annotation is the k8s label defined by user, followed by the value (json string) defining customized content to be injected in pod spec.

NRI would listen to the configMap change and record the configmap data entry in its internal data structure.
During pod creation, NRI receives the pod manifest and inspects the pod labels, if any of pod label is found to match with the key of recorded data entry, NRI would inject the corresponding data entry value to pod manifest.
If configMap is not provided or data is empty in configMap, NRI would skip the customized injection.

As discussed in the bi-weekly meeting today, IMO i think its worth limiting the scope of what this configmap can and cannot change. This can later be revisited and extended when more use-cases rise.