setenv-webhook

command module

v0.0.0-...-546b3c4 Latest Latest Go to latest Published: Apr 10, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/virtmerlin/setenv-webhook

Links

Open Source Insights

README ¶

Example Mutating Admission Webhook for Setting Pod HTTP Proxy

This work was cloned from morvencao's tutoral showing how to build and deploy a MutatingAdmissionWebhook that injects a set of env vars to allow dynamically setting HTTP Proxy in Pods versus using a PodPreset.

Prerequisites

Kubernetes 1.9.0 or above with the admissionregistration.k8s.io/v1beta1 API enabled. Verify that by the following command:

kubectl api-versions | grep admissionregistration.k8s.io/v1beta1

The result should be:

admissionregistration.k8s.io/v1beta1

In addition, the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.

Build

NOTE: You only need to perform these steps if you are modifying the webhook or want to rebuild it. Otherwise you can skip to Deploy and use the hosted image on Dockerhub to test.

Setup dep

The repo uses dep as the dependency management tool for its Go codebase. Install dep by the following command:

go get -u github.com/golang/dep/cmd/dep

Build and push docker image

Modify to push to your own registry :)

./build

Deploy

Create a signed cert/key pair and store it in a Kubernetes secret that will be consumed by the webhook.

./deployment/webhook-create-signed-cert.sh \
    --service setenv-webhook-svc \
    --secret setenv-webhook-certs \
    --namespace default

Patch the MutatingWebhookConfiguration Yaml to include the cert just generated by setting caBundle with correct signed cert from Kubernetes cluster

cat deployment/mutatingwebhook.yaml | \
    deployment/webhook-patch-ca-bundle.sh > \
    deployment/mutatingwebhook-ca-bundle.yaml

Deploy resources

Note:Change the configmap variables in the yaml to match your environment needs for proxy before creating the configmap.

kubectl create -f deployment/configmap.yaml
kubectl create -f deployment/deployment.yaml
kubectl create -f deployment/service.yaml
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml

Verify

The setenv webhook should be running

mg-imac:virtmerlin mglynn$ kubectl get pods
NAME                                         READY     STATUS        RESTARTS   AGE
setenv-webhook-deployment-69f77c8bb-m49zd    1/1       Running       0          16m

Deploy an app in the Kubernetes cluster, take sleep app as an example

cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  selector: 
    matchLabels:
      app: sleep
  replicas: 1
  template:
    metadata:
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: tutum/curl
        command: ["/bin/sleep","infinity"]
EOF

Verify Variables Have Been Set

mg-imac:virtmerlin mglynn$ POD=$(kubectl get pod | grep sleep | awk '{print$1}') && kubectl exec $POD -- env | grep HTTP
HTTP_PROXY=http://USERNAME:PASSWORD@10.0.1.1:8080/
HTTPS_PROXY=https://USERNAME:PASSWORD@10.0.0.1:8080/
KUBERNETES_SERVICE_PORT_HTTPS=443

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL