{"id":26115616,"url":"https://github.com/andreistefanciprian/pod-labeler-k8s-webhook","last_synced_at":"2026-04-17T20:31:45.573Z","repository":{"id":184081667,"uuid":"671253031","full_name":"andreistefanciprian/pod-labeler-k8s-webhook","owner":"andreistefanciprian","description":"Build a simple yet powerful Kubernetes MutatingAdmissionWebhook that seamlessly intercepts and mutates Pod/Deployment creation requests before they are persisted to etcd.","archived":false,"fork":false,"pushed_at":"2023-08-25T07:09:17.000Z","size":152,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-10T07:56:00.377Z","etag":null,"topics":["kubernetes","mutatingadmissionwebhook"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andreistefanciprian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-07-26T22:44:08.000Z","updated_at":"2023-07-31T09:20:23.000Z","dependencies_parsed_at":"2023-07-27T02:25:29.913Z","dependency_job_id":"ee198a6a-272d-4775-88db-3d5f3baf8d60","html_url":"https://github.com/andreistefanciprian/pod-labeler-k8s-webhook","commit_stats":null,"previous_names":["andreistefanciprian/pod-labeler-k8s-webhook"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/andreistefanciprian/pod-labeler-k8s-webhook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fpod-labeler-k8s-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fpod-labeler-k8s-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fpod-labeler-k8s-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fpod-labeler-k8s-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andreistefanciprian","download_url":"https://codeload.github.com/andreistefanciprian/pod-labeler-k8s-webhook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andreistefanciprian%2Fpod-labeler-k8s-webhook/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31944966,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-17T17:29:20.459Z","status":"ssl_error","status_checked_at":"2026-04-17T17:28:47.801Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","mutatingadmissionwebhook"],"created_at":"2025-03-10T07:56:12.547Z","updated_at":"2026-04-17T20:31:45.556Z","avatar_url":"https://github.com/andreistefanciprian.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Pod Labeler Mutating Webhook\n\n## Overview\n\nThis project implements a Kubernetes MutatingAdmissionWebhook, serving as an [admission controller](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) in the Kubernetes cluster. \nThe webhook intercepts Pod creation requests and automatically adds an extra label to Pods (eg: ```webhook=auto-labeled```) if their target namespace has the label ```pod-labeler=enabled```.\n\nAdditionally, the webhook code can be easily modified to perform various other changes to Pod objects, such as altering their names, adding security parameters or injecting a sidecar.\n\n## Admission Controllers and webhooks in the K8s Architecture\n\n![Admission Controllers and webhooks in K8s Architecture](./admission_controller.jpeg \"Admission Controllers and webhooks in K8s Architecture\")\n\n## Prerequisites\n\nBefore getting started with the webhook, ensure that the following tools and resources are available:\n\n- **Docker**: The webhook runs as a container, so Docker is necessary.\n- **Kubernetes Cluster**: You'll need a running Kubernetes cluster where the webhook will be deployed.\n   - Use my [terraform code](https://github.com/andreistefanciprian/terraform-kubernetes-gke-cluster) to build a Private GKE Cluster for this purpose. Or use Kind or Docker-Desktop to build a local cluster\n- **cert-manager**: Required for generating TLS certificates for the webhook and injecting caBundle in webhook configuration.\n   - You can install cert-manager with [helm](https://artifacthub.io/packages/helm/cert-manager/cert-manager) or use my [flux config](https://github.com/andreistefanciprian/flux-demo/tree/main/infra/cert-manager).\n- **Go**: The webhook is written in Go.\n- **jq**: Used for parsing and manipulating JSON data in the Makefile.\n- **Makefile**: The project uses a Makefile for automation and building. Understanding Makefile syntax will help you work with the provided build and deployment scripts.\n\n## Build and Run the Webhook\n\nBuild, Register, Deploy and Test the webhook using the provided tasks:\n\n1. Build and push the Docker image to the container registry:\n   ```\n   make build\n   ```\n\n2. Deploy and Register webhook:\n   ```\n   make install\n   ```\n\n3. Test webhook:\n   ```\n   # check logs while creating test Pods and Deployments\n   kubectl logs -l app.kubernetes.io/name=pod-labeler -f\n\n   # create Pods and Deployments\n   make test\n\n   # cleanup test pods\n   make test-clean\n   ```\n\n5. Unregister and Remove the webhook:\n   ```\n   make uninstall\n   ```\n\nFeel free to adjust the tasks and configurations as needed to fit your specific environment.\n\n## License\n\nThis project is licensed under the [MIT License](LICENSE). Feel free to use and modify it according to your requirements.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreistefanciprian%2Fpod-labeler-k8s-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandreistefanciprian%2Fpod-labeler-k8s-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandreistefanciprian%2Fpod-labeler-k8s-webhook/lists"}