This work was cloned from morvencao's tutoral showing how to build and deploy a MutatingAdmissionWebhook that injects a set of env vars to allow dynamically setting HTTP Proxy in Pods versus using a PodPreset.

Kubernetes 1.9.0 or above with the admissionregistration.k8s.io/v1beta1 API enabled. Verify that by the following command:

kubectl api-versions | grep admissionregistration.k8s.io/v1beta1

The result should be:

admissionregistration.k8s.io/v1beta1

In addition, the MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.

NOTE: You only need to perform these steps if you are modifying the webhook or want to rebuild it. Otherwise you can skip to Deploy and use the hosted image on Dockerhub to test.

1. Setup dep

   The repo uses dep as the dependency management tool for its Go codebase. Install dep by the following command:

go get -u github.com/golang/dep/cmd/dep

2. Build and push docker image

   Modify to push to your own registry :)

./build

1. Create a signed cert/key pair and store it in a Kubernetes secret that will be consumed by the webhook.

./deployment/webhook-create-signed-cert.sh \
    --service setenv-webhook-svc \
    --secret setenv-webhook-certs \
    --namespace default

2. Patch the MutatingWebhookConfiguration Yaml to include the cert just generated by setting caBundle with correct signed cert from Kubernetes cluster

cat deployment/mutatingwebhook.yaml | \
    deployment/webhook-patch-ca-bundle.sh > \
    deployment/mutatingwebhook-ca-bundle.yaml

3. Deploy resources

   Note:Change the configmap variables in the yaml to match your environment needs for proxy before creating the configmap.

kubectl create -f deployment/configmap.yaml
kubectl create -f deployment/deployment.yaml
kubectl create -f deployment/service.yaml
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml

1. The setenv webhook should be running

mg-imac:virtmerlin mglynn$ kubectl get pods
NAME                                         READY     STATUS        RESTARTS   AGE
setenv-webhook-deployment-69f77c8bb-m49zd    1/1       Running       0          16m

2. Deploy an app in the Kubernetes cluster, take sleep app as an example

cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sleep
spec:
  selector: 
    matchLabels:
      app: sleep
  replicas: 1
  template:
    metadata:
      labels:
        app: sleep
    spec:
      containers:
      - name: sleep
        image: tutum/curl
        command: ["/bin/sleep","infinity"]
EOF

3. Verify Variables Have Been Set

mg-imac:virtmerlin mglynn$ POD=$(kubectl get pod | grep sleep | awk '{print$1}') && kubectl exec $POD -- env | grep HTTP
HTTP_PROXY=http://USERNAME:[email protected]:8080/
HTTPS_PROXY=https://USERNAME:[email protected]:8080/
KUBERNETES_SERVICE_PORT_HTTPS=443