This work was cloned from morvencao's tutoral showing how to build and deploy a MutatingAdmissionWebhook that injects a set of env vars to allow dynamically setting HTTP Proxy in Pods versus using a PodPreset.
Kubernetes 1.9.0 or above with the admissionregistration.k8s.io/v1beta1 API enabled. Verify that by the following command:
kubectl api-versions | grep admissionregistration.k8s.io/v1beta1
The result should be:
admissionregistration.k8s.io/v1beta1
In addition, the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.
NOTE: You only need to perform these steps if you are modifying the webhook or want to rebuild it. Otherwise you can skip to Deploy and use the hosted image on Dockerhub to test.
-
Setup dep
The repo uses dep as the dependency management tool for its Go codebase. Install
depby the following command:
go get -u github.com/golang/dep/cmd/dep-
Build and push docker image
Modify to push to your own registry :)
./build- Create a signed cert/key pair and store it in a Kubernetes
secretthat will be consumed by the webhook.
./deployment/webhook-create-signed-cert.sh \
--service setenv-webhook-svc \
--secret setenv-webhook-certs \
--namespace default- Patch the
MutatingWebhookConfigurationYaml to include the cert just generated by settingcaBundlewith correct signed cert from Kubernetes cluster
cat deployment/mutatingwebhook.yaml | \
deployment/webhook-patch-ca-bundle.sh > \
deployment/mutatingwebhook-ca-bundle.yaml-
Deploy resources
Note:Change the configmap variables in the yaml to match your environment needs for proxy before creating the configmap.
kubectl create -f deployment/configmap.yaml
kubectl create -f deployment/deployment.yaml
kubectl create -f deployment/service.yaml
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml
- The setenv webhook should be running
mg-imac:virtmerlin mglynn$ kubectl get pods
NAME READY STATUS RESTARTS AGE
setenv-webhook-deployment-69f77c8bb-m49zd 1/1 Running 0 16m- Deploy an app in the Kubernetes cluster, take
sleepapp as an example
cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: sleep
spec:
selector:
matchLabels:
app: sleep
replicas: 1
template:
metadata:
labels:
app: sleep
spec:
containers:
- name: sleep
image: tutum/curl
command: ["/bin/sleep","infinity"]
EOF- Verify Variables Have Been Set
mg-imac:virtmerlin mglynn$ POD=$(kubectl get pod | grep sleep | awk '{print$1}') && kubectl exec $POD -- env | grep HTTP
HTTP_PROXY=http://USERNAME:[email protected]:8080/
HTTPS_PROXY=https://USERNAME:[email protected]:8080/
KUBERNETES_SERVICE_PORT_HTTPS=443