{"id":26115604,"url":"https://github.com/andreistefanciprian/k8s-priorityclass-webhook","last_synced_at":"2026-04-24T07:33:42.864Z","repository":{"id":191076217,"uuid":"683253901","full_name":"andreistefanciprian/k8s-priorityclass-webhook","owner":"andreistefanciprian","description":"Build a simple K8s Mutating webhook that intercepts all CREATE/UPDATE Deployment requests to the k8s API and adds or updates the pritorityClassName","archived":false,"fork":false,"pushed_at":"2025-02-16T02:20:20.000Z","size":144,"stargazers_count":0,"open_issues_count":2,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-16T03:19:47.335Z","etag":null,"topics":["admission-webhook","kubernets"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreistefanciprian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-08-26T01:48:35.000Z","updated_at":"2025-02-16T02:20:19.000Z","dependencies_parsed_at":"2023-08-28T03:16:39.962Z","dependency_job_id":"f668501c-738d-4774-9650-10f20dadd6a4","html_url":"https://github.com/andreistefanciprian/k8s-priorityclass-webhook","commit_stats":null,"previous_names":["andreistefanciprian/k8s-priorityclass-webhook"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fk8s-priorityclass-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fk8s-priorityclass-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fk8s-priorityclass-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fk8s-priorityclass-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreistefanciprian","download_url":"https://codeload.github.com/andreistefanciprian/k8s-priorityclass-webhook/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":242813468,"owners_count":20189280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["admission-webhook","kubernets"],"created_at":"2025-03-10T07:55:58.298Z","updated_at":"2026-04-24T07:33:37.846Z","avatar_url":"https://github.com/andreistefanciprian.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# K8s Mutating Webhook that adds priorityClassName to Deployments\n\n## Overview\n\nThis project implements a Kubernetes Admission Control Webhook that leverages the [MutatingAdmissionWebhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) Controller.\nThe webhook intercepts Deployment CREATE and UPDATE K8s API requests and adds a priorityClassName (eg: ```priorityClassName=high-priority-nonpreempting```) and annotation (eg: ```priorityClassWebhook/updated_at: Tue Aug 29 23:55:09 AEST 2023```).\n\n## Admission Controllers and webhooks in the K8s Architecture\n\n![Admission Controllers and webhooks in K8s Architecture](./admission_controller.jpeg \"Admission Controllers and webhooks in K8s Architecture\")\n\n## Prerequisites\n\nBefore getting started with the webhook, ensure that the following tools and resources are available:\n\n- **Docker**: The webhook runs as a container, so Docker is necessary.\n- **Kubernetes Cluster**: You'll need a running Kubernetes cluster where the webhook will be deployed.\n   - Use my [terraform code](https://github.com/andreistefanciprian/terraform-kubernetes-gke-cluster) to build a Private GKE Cluster for this purpose. Or use Kind or Docker-Desktop to build a local cluster\n- **cert-manager**: Required for generating TLS certificates for the webhook and injecting caBundle in webhook configuration.\n   - You can install cert-manager with [helm](https://artifacthub.io/packages/helm/cert-manager/cert-manager) or use my [flux config](https://github.com/andreistefanciprian/flux-demo/tree/main/infra/cert-manager).\n- **Go**: The webhook is written in Go.\n- **jq**: Used for parsing and manipulating JSON data in the Makefile.\n- **Makefile**: The project uses a Makefile for automation and building. Understanding Makefile syntax will help you work with the provided build and deployment scripts.\n- **Kustomize**: Used for bulding the test scenario manifests.\n\n**Note**: In case you are using your own credentials for the container registry, make sure you set up these credentials as Github Secrets for your repo.\nThese credentials are used by Github Actions to push the image to dockerhub.\n\n   ```\n   # Set Github Actions secrets\n   TOKEN=\u003cdockerhub_auth_token\u003e\n   gh secret set DOCKERHUB_USERNAME -b\"your_username\"\n   gh secret set DOCKERHUB_TOKEN -b\"${TOKEN}\"\n   ```\n\n**Note**: Make sure the priorityclass you want to configure for deployments exists in the cluster.\n\n   ```\n   kubectl apply -f https://raw.githubusercontent.com/andreistefanciprian/flux-demo/main/infra/priorityclasses/high-priority.yaml\n   ```\n## Build and Run the Webhook\n\nBuild, Register, Deploy and Test the webhook using the provided tasks:\n\n1. Build and push the Docker image to the container registry:\n   ```\n   make unit-tests\n   make build\n   ```\n\n2. Check webhook manifests that will be installed:\n   ```\n   make template\n   ```\n\n3. Deploy and Register webhook:\n   **Note**: Also build a deployment before registering the webhook so we can test the Deployment UPDATE operation later.\n   ```\n   make install\n   ```\n\n4. Create test Deployments:\n   ```\n   # create Pods and Deployments\n   make test\n   ```\n\n5. Verify Deployments were updated by webhook:\n   ```\n   # check webhook logs\n   make logs\n\n   # Test 1 - Checking that preexisting Deployment gets mutated by webhook\n   kubectl patch deployment test-1 -n boo --type='json' -p='[{\"op\": \"add\", \"path\": \"/metadata/annotations/patch\", \"value\": \"test\"}]'\n   kubectl patch deployment test-1 -n boo --type='json' -p='[{\"op\": \"remove\", \"path\": \"/spec/template/spec/priorityClassName\"}]'\n   kubectl get deployment test-1 -n boo -o yaml --ignore-not-found | grep priority -A2 -B3\n\n   # Test 2 - Checking that a Deployment without a priorityClassName gets mutated by webhook\n   kubectl get deployment/test-2 -n boo -o yaml | grep priority -A2 -B3\n\n   # Test 3 - Checking that a Deployment that has priorityClassName set gets mutated by webhook\n   kubectl get deployment/test-3 -n boo -o yaml | grep priority -A2 -B3\n\n   # Test 4 - Checking that a Deployment that has priorityClassName already set to high-priority-nonpreempting doesn't get mutated by webhook\n   kubectl get deployment/test-4 -n boo -o yaml | grep priority -A2 -B3\n\n   # Test 5 - Checking that a Pod without deployment doesn't get mutated by webhook\n   kubectl get pod/pod -n boo -o yaml | grep priority -A2 -B3\n   ```\n   \n6. Remove test resources and uninstall the webhook:\n   ```\n   make clean\n   ```\n\nFeel free to adjust the tasks and configurations as needed to fit your specific environment.\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE). Feel free to use and modify it according to your requirements.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreistefanciprian%2Fk8s-priorityclass-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreistefanciprian%2Fk8s-priorityclass-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreistefanciprian%2Fk8s-priorityclass-webhook/lists"}