Categorygithub.com/liangrog/admission-webhook-server
repositorypackage
1.0.1
Repository: https://github.com/liangrog/admission-webhook-server.git
Documentation: pkg.go.dev
Overview
Dependencies
5
Dependents
0

# Packages

No description provided by the author

# README

Kubernetes Admission Webhook Server

Version GoDoc

API server providing webhook endpoints for Kubernetes admission controller to mutate objects.

Currently it can handle mutating nodeSelector based on namespaces. This same functionality exists in standard Kubernetes cluster installation if enabled. However it's not enabled in EKS.

The server can be easily extended by adding more handlers for different mutations needs.

The repo also includes a Helm chart for easy deployment to your Kubernetes cluster.

Installation

Firstly you need to determine what your SSL CN is. The self-signed ssl CN follows the format of [service name].[namespace].svc. For example, the default service name is admission-webhook (It can be changed in helm value). You want to deploy to namespace tools. The CN will be admission-webhook.tools.svc. Below steps will use this CN for demo purpose.

Secondly you need to update helm value podNodesSelectorConfig in chart/values.yaml so it can use the value to mutate the pods.

Note: below example using Helm v3. However the chart is compatible with helm version older than v3.

$ git clone https://github.com/liangrog/admission-webhook-server
$ cd admission-webhook-server
$
$ sh ssl.sh admission-webhook.tools.svc
$
$ cd helm
$ helm install admission-webhook-server .

Helm

The following table lists the configuration parameters for the helm chart.

ParameterDescriptionDefault
nameOverrideOverride general resource name
basePathOverrideUrl base pathmutate
podNodesSelectorPathOverrideUrl sub path for podnodesselectorpod-nodes-selector
podNodesSelectorConfigConfiguration for podnodesselector. The namespace and labels are set here following the format: namespace: key=label,key=label; namespace2: key=label. Multiple namespaces seperate by ";". Example: devel: node-role.kubernetes.io/development=true, beta.kubernetes.io/instance-type=t3.large
service.nameName of the service. It forms part of the ssl CNadmission-webhook
service.annotationsAnotation for the service{}
replicasNumber of replicas1
strategy.typeType of update strategyRollingUpdate
imageDocker image nameliangrog/admission-webhook-server
imageTagDocker image taglatest
imagePullPolicyDocker image pull policyAlways