{"id":34210065,"url":"https://github.com/kenmoini/ocp-mutating-webhook-pod-mounter","last_synced_at":"2026-03-13T13:33:15.958Z","repository":{"id":37100258,"uuid":"460260379","full_name":"kenmoini/ocp-mutating-webhook-pod-mounter","owner":"kenmoini","description":"A MutatingWebHook Server for OpenShift that will mount ConfigMaps to admitted Pods","archived":false,"fork":false,"pushed_at":"2023-03-01T08:05:35.000Z","size":98,"stargazers_count":1,"open_issues_count":10,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-12-19T01:27:51.519Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kenmoini.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-17T02:58:20.000Z","updated_at":"2023-03-05T07:22:46.000Z","dependencies_parsed_at":"2024-06-21T17:48:18.577Z","dependency_job_id":"47401973-3f80-4fa2-9a25-925abe4b1580","html_url":"https://github.com/kenmoini/ocp-mutating-webhook-pod-mounter","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kenmoini/ocp-mutating-webhook-pod-mounter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Focp-mutating-webhook-pod-mounter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Focp-mutating-webhook-pod-mounter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Focp-mutating-webhook-pod-mounter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Focp-mutating-webhook-pod-mounter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kenmoini","download_url":"https://codeload.github.com/kenmoini/ocp-mutating-webhook-pod-mounter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kenmoini%2Focp-mutating-webhook-pod-mounter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30467802,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-13T11:00:43.441Z","status":"ssl_error","status_checked_at":"2026-03-13T11:00:23.173Z","response_time":60,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-12-15T20:58:45.768Z","updated_at":"2026-03-13T13:33:15.942Z","avatar_url":"https://github.com/kenmoini.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DEPRECIATED - Use the [PodPreset Operator](https://github.com/redhat-cop/podpreset-webhook)\n\nThis project was intended to be just a MutatingWebhook that would auto-mount a ConfigMap to Pods that contained a Root CA Bundle PEM and would then also bake a Java Keystore ConfigMap and attach it as well.\n\nInstead, you can simply create/sync the ConfigMaps then use the PodPreset Operator to auto-attach the Volumes and VolumeMounts pointing to the ConfigMaps.\n\nYou can create a ConfigMap file with the Java Keystore as binary data with the following:\n\n```bash\noc create configmap root-jks --from-file=/etc/pki/ca-trust/extracted/java/cacerts -o yaml --dry-run=client \u003e root-jks.yaml\n```\n\nAnd maybe a PodPreset like this:\n\n```yaml\napiVersion: redhatcop.redhat.io/v1alpha1\nkind: PodPreset\nmetadata:\n name: pki-volumes\nspec:\n selector:\n matchLabels:\n inject-pki: \"yes\"\n volumeMounts:\n - mountPath: /etc/pki/ca-trust/extracted/pem\n name: root-ca-bundle-pems\n readOnly: true\n - mountPath: /etc/pki/ca-trust/extracted/java\n name: root-jks\n readOnly: true\n volumes:\n - configMap:\n items:\n - key: ca-bundle.crt\n path: tls-ca-bundle.pem\n name: root-ca-bundle-pems\n name: root-ca-bundle-pems\n - configMap:\n items:\n - key: cacerts\n path: cacerts\n name: root-jks\n name: root-jks\n```\n\nAnd a test Deployment would be something like:\n\n```yaml\nkind: Deployment\napiVersion: apps/v1\nmetadata:\n name: pki-toolbox\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: pki\n template:\n metadata:\n creationTimestamp: null\n labels:\n app: pki\n inject-pki: \"yes\"\n spec:\n containers:\n - name: pki\n image: 'quay.io/kenmoini/pki-toolbox:latest'\n command:\n - /bin/bash\n - '-c'\n - '--'\n args:\n - while true; do sleep 30; done;\n```\n\n\u003e Extra information around additional options for PKI in OpenShift here: https://kenmoini.com/post/2022/02/custom-root-ca-in-openshift/\n\n---\n\n# OpenShift MutatingWebHook, PKI Mounter\n\nThis repository provides the needed constructs for a MutatingWebHook that will automatically attach ConfigMaps to Pods. It can be used to automatically inject Root CA Bundle Certificate ConfigMaps into Pods.\n\n## Deploy\n\n1. Create a namespace `pki-injector` in which the PKI injector webhook is deployed:\n\n```bash\noc new-project pki-injector\n```\n\n2. Deploy resources:\n\n```bash\noc apply -n pki-injector -f openshift/\n```\n\n## Test \u0026 Verify\n\n1. The sidecar inject webhook should be in running state:\n\n```\noc -n pki-injector get pod\nNAME READY STATUS RESTARTS AGE\npki-injector-webhook-deployment-7c8bc5f4c9-28c84 1/1 Running 0 30s\n\noc -n pki-injector get deploy\nNAME READY UP-TO-DATE AVAILABLE AGE\npki-injector-webhook-deployment 1/1 1 1 67s\n```\n\n2. Create new namespace `injection` and label it with `pki-injector=enabled`:\n\n```\noc new-project injection\n\noc label namespace injection sidecar-injection=enabled\n\noc get namespace -L sidecar-injection\nNAME STATUS AGE SIDECAR-INJECTION\ndefault Active 26m\ninjection Active 13s enabled\nkube-node-lease Active 26m\nkube-public Active 26m\nkube-system Active 26m\n...\npki-injector Active 17m\n```\n\n3. Deploy an app in the OpenShift cluster, take `busybox` app as an example\n\n```\noc run busybox --image=busybox --restart=Never -n injection --overrides='{\"apiVersion\":\"v1\",\"metadata\":{\"annotations\":{\"pki-injector-webhook.polyglot.systems/inject\":\"yes\"}}}' --command -- sleep infinity\n```\n\n4. Verify sidecar container is injected:\n\n```\noc get pod\nNAME READY STATUS RESTARTS AGE\nbusybox 2/2 Running 0 1m\n\noc -n injection get pod busybox -o jsonpath=\"{.spec.containers[*].name}\"\nbusybox sidecar-nginx\n```\n\n## Cleanup/Uninstallation\n\n```bash\noc delete namespace pki-injector\noc delete namespace injection\n\noc delete MutatingWebhookConfiguration/pki-injector.polyglot.systems\noc delete ValidatingWebhookConfiguration/pki-injector.polyglot.systems\n```\n\n## Local Development\n\n```bash\n## Log into the Container Registry\nsudo podman login -u=admin -p=adminPass quay.io\n\n## Build\nsudo podman build -t quay.io/kenmoini/ocp-mutating-webhook-pod-mounter:latest .\n\n## Push\nsudo podman push quay.io/kenmoini/ocp-mutating-webhook-pod-mounter:latest\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenmoini%2Focp-mutating-webhook-pod-mounter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkenmoini%2Focp-mutating-webhook-pod-mounter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkenmoini%2Focp-mutating-webhook-pod-mounter/lists"}