A playground to try build a crude k8s mutating webhook; the goal is to mutate a Pod CREATE request to always use a debian image and by doing this, learning more about the k8s api, objects, etc. - eventually figure out how scalable this is (could be made) if one had 1000 pods to schedule (concurrently)
This is a companion to the blog post Writing a very basic kubernetes mutating admission webhook
make
make test
the ssl/ dir contains a script to create a self-signed certificate, not sure this will even work when running in k8s but that's part of figuring this out I guess
NOTE: the app expects the cert/key to be in ssl/ dir relative to where the app is running/started and currently is hardcoded to mutateme.{key,pem}
cd ssl/
make
to create a docker image ..
make docker
it'll be tagged with the current git commit (short ref) and :latest
don't forget to update IMAGE_PREFIX in the Makefile or set it when running make
alexleonhardt/k8s-mutate-webhook
useful during devving ...
watcher -watch github.com/alex-leonhardt/k8s-mutate-webhook -run github.com/alex-leonhardt/k8s-mutate-webhook/cmd/
cd ssl && make && cd -
make docker
sed -i '' 's/imagePullPolicy: Always/imagePullPolicy: Never/' deploy/webhook.yaml # use local image
sed -i '' "s/caBundle:.*/caBundle: $(cat ssl/mutateme.pem | base64)/" deploy/webhook.yaml # use local CA
kubectl label namespace default mutateme=enabled
kubectl apply -f deploy/webhook.yaml
# make sure it's running ...
kubectl get pods
kubectl logs <PDO> --follow
# create example pod to see it working
kubectl apply -f pod.yaml
kubectl get pod c7m -o yaml | grep image: # should be debian