A playground to try build a crude k8s mutating webhook; the goal is to mutate a Pod CREATE request to always use a debian image and by doing this, learning more about the k8s api, objects, etc. - eventually figure out how scalable this is (could be made) if one had 1000 pods to schedule (concurrently)

This is a companion to the blog post Writing a very basic kubernetes mutating admission webhook

make

make test

the ssl/ dir contains a script to create a self-signed certificate, not sure this will even work when running in k8s but that's part of figuring this out I guess

NOTE: the app expects the cert/key to be in ssl/ dir relative to where the app is running/started and currently is hardcoded to mutateme.{key,pem}

cd ssl/ 
make 

to create a docker image ..

make docker

it'll be tagged with the current git commit (short ref) and :latest

don't forget to update IMAGE_PREFIX in the Makefile or set it when running make

alexleonhardt/k8s-mutate-webhook

useful during devving ...

watcher -watch github.com/alex-leonhardt/k8s-mutate-webhook -run github.com/alex-leonhardt/k8s-mutate-webhook/cmd/

cd ssl && make && cd -
make docker
sed -i '' 's/imagePullPolicy: Always/imagePullPolicy: Never/' deploy/webhook.yaml # use local image
sed -i '' "s/caBundle:.*/caBundle: $(cat ssl/mutateme.pem | base64)/" deploy/webhook.yaml # use local CA 
kubectl label namespace default mutateme=enabled
kubectl apply -f deploy/webhook.yaml

# make sure it's running ...
kubectl get pods
kubectl logs <PDO> --follow

# create example pod to see it working
kubectl apply -f pod.yaml
kubectl get pod c7m -o yaml | grep image: # should be debian

• https://github.com/morvencao/kube-mutating-webhook-tutorial