Coder Social home page Coder Social logo

kennychenfight / kube-mutating-webhook-tutorial Goto Github PK

View Code? Open in Web Editor NEW

This project forked from morvencao/kube-sidecar-injector

0.0 2.0 0.0 246 KB

A Kubernetes mutating webhook server that implements sidecar injection

Go 64.98% Shell 24.35% Dockerfile 3.89% Makefile 6.77%

kube-mutating-webhook-tutorial's Introduction

Kubernetes Mutating Webhook for Sidecar Injection

This tutoral shows how to build and deploy a MutatingAdmissionWebhook that injects a nginx sidecar container into pod prior to persistence of the object.

kubectl api-versions | grep admissionregistration.k8s.io

The result should be:

admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1

Note: In addition, the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.

Build

  1. Build binary
# make build
  1. Build docker image
# make build-image
  1. push docker image
# make push-image

Note: log into the docker registry before pushing the image.

Deploy

  1. Create namespace sidecar-injector in which the sidecar injector webhook is deployed:
kubectl create ns sidecar-injector
  1. Create a signed cert/key pair and store it in a Kubernetes secret that will be consumed by sidecar injector deployment:
./deployment/webhook-create-signed-cert.sh \
    --service sidecar-injector-webhook-svc \
    --secret sidecar-injector-webhook-certs \
    --namespace sidecar-injector
  1. Patch the MutatingWebhookConfiguration by set caBundle with correct value from Kubernetes cluster:
cat deployment/mutatingwebhook.yaml | \
    deployment/webhook-patch-ca-bundle.sh > \
    deployment/mutatingwebhook-ca-bundle.yaml
  1. Deploy resources:
kubectl create -f deployment/nginxconfigmap.yaml
kubectl create -f deployment/configmap.yaml
kubectl create -f deployment/deployment.yaml
kubectl create -f deployment/service.yaml
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml

Verify

  1. The sidecar inject webhook should be in running state:
kubectl -n sidecar-injector get pod
kubectl -n sidecar-injector get deploy
  1. Create new namespace injection and label it with sidecar-injector=enabled:
kubectl label namespace default sidecar-injection=enabled
kubectl get namespace -L sidecar-injection
  1. Deploy an app in Kubernetes cluster, take alpine app as an example
kubectl run alpine --image=alpine --restart=Never -n injection --overrides='{"apiVersion":"v1","metadata":{"annotations":{"sidecar-injector-webhook.morven.me/inject":"yes"}}}' --command -- sleep infinity
  1. Verify sidecar container is injected:
kubectl get pod

kube-mutating-webhook-tutorial's People

Contributors

morvencao avatar kennychenfight avatar kelepirci avatar asnowfix avatar bvwells avatar falfaro avatar josegonzalez avatar aholic avatar tariq1890 avatar vlatombe avatar woosley avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.