{"id":13818008,"url":"https://github.com/redhat-cop/podpreset-webhook","last_synced_at":"2025-07-08T04:09:22.431Z","repository":{"id":45259265,"uuid":"209231609","full_name":"redhat-cop/podpreset-webhook","owner":"redhat-cop","description":"Implementation of Kubernetes PodPreset as an Admission Webhook.","archived":false,"fork":false,"pushed_at":"2023-03-13T11:23:14.000Z","size":160,"stargazers_count":63,"open_issues_count":11,"forks_count":30,"subscribers_count":12,"default_branch":"master","last_synced_at":"2025-04-09T22:01:48.440Z","etag":null,"topics":["container-cop"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/redhat-cop.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-09-18T06:12:36.000Z","updated_at":"2024-08-20T01:48:22.000Z","dependencies_parsed_at":"2024-01-20T21:47:15.856Z","dependency_job_id":"b1636d68-024c-4289-9ade-d77eb77319c1","html_url":"https://github.com/redhat-cop/podpreset-webhook","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/redhat-cop/podpreset-webhook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fpodpreset-webhook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fpodpreset-webhook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fpodpreset-webhook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fpodpreset-webhook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/redhat-cop","download_url":"https://codeload.github.com/redhat-cop/podpreset-webhook/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/redhat-cop%2Fpodpreset-webhook/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264192361,"owners_count":23570766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["container-cop"],"created_at":"2024-08-04T07:00:26.852Z","updated_at":"2025-07-08T04:09:22.414Z","avatar_url":"https://github.com/redhat-cop.png","language":"Go","funding_links":[],"categories":["Extras","OPS"],"sub_categories":[],"readme":"# podpreset-webhook\n\n[![Build Status](https://github.com/redhat-cop/podpreset-webhook/workflows/push/badge.svg?branch=master)](https://github.com/redhat-cop/podpreset-webhook/actions?workflow=push) [![Docker Repository on Quay](https://quay.io/repository/redhat-cop/podpreset-webhook/status \"Docker Repository on Quay\")](https://quay.io/repository/redhat-cop/podpreset-webhook)\n\nImplementation of the now deprecated Kubernetes _PodPreset_ feature as an [Admission Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).\n\n## Overview\n\nKubernetes features the ability to inject certain information into pods at creation time including secrets, volumes, volume mounts, and environment variables. Admission Webhooks are implemented as a webserver which receive requests from the Kubernetes API. A CustomResourceDefinition (CRD) called _PodPreset_ in the _redhatcop.redhat.io_ API group has an identical specification to the upstream API resource.\n\nThe following is an example of a _PodPreset_ that injects an environment variable called _FOO_ to pods with the label `role: frontend`\n\n```\napiVersion: redhatcop.redhat.io/v1alpha1\nkind: PodPreset\nmetadata:\n  name: frontend\nspec:\n  env:\n  - name: FOO\n    value: bar\n  selector:\n    matchLabels:\n      role: frontend\n```\n\nThe goal is to be fully compatible with the existing Kubernetes resource.\n\n## Installation\n\nThe following steps describe the various methods for which the solution can be deployed:\n\n### Basic Deployment\n\n#### Prerequisites\n\n[cert-manager](https://cert-manager.io/docs) is required to be deployed and available to generate and manage certificates needed by the webhook. Use any of the supported installation methods available.\n\n#### Deployment\n\nExecute the following command which will facilitate a deployment to a namespace called `podpreset-webhook`\n\n```shell\nmake deploy IMG=quay.io/redhat-cop/podpreset-webhook:latest\n```\n## Example Implementation\n\nUtilize the following steps to demonstrate the functionality of the _PodPreset's_ in a cluster.\n\n1. Deploy any applications (as a _DeploymentConfig_ or _Deployment_)\n\n2. Create the _PodPreset_\n\n```\nkubectl apply -f config/samples/redhatcop_v1alpha1_podpreset.yaml\n```\n\n3. Label the resource\n\n```\nkubectl patch deployment/\u003cname\u003e -p '{\"spec\":{\"template\":{\"metadata\":{\"labels\":{\"role\":\"frontend\"}}}}}'\n```\n\nVerify any new pods have the environment variable `FOO=bar`\n\n## Development\n\n### Building/Pushing the operator image\n\n```shell\nexport repo=redhatcopuser #replace with yours\ndocker login quay.io/$repo/podpreset-webhook\nmake docker-build IMG=quay.io/$repo/podpreset-webhook:latest\nmake docker-push IMG=quay.io/$repo/podpreset-webhook:latest\n```\n\n### Deploy to OLM via bundle\n\n```shell\nmake manifests\nmake bundle IMG=quay.io/$repo/podpreset-webhook:latest\noperator-sdk bundle validate ./bundle --select-optional name=operatorhub\nmake bundle-build BUNDLE_IMG=quay.io/$repo/podpreset-webhook-bundle:latest\ndocker login quay.io/$repo/podpreset-webhook-bundle\ndocker push quay.io/$repo/podpreset-webhook-bundle:latest\noperator-sdk bundle validate quay.io/$repo/podpreset-webhook-bundle:latest --select-optional name=operatorhub\noc new-project podpreset-webhook\noperator-sdk cleanup podpreset-webhook -n podpreset-webhook\noperator-sdk run bundle -n podpreset-webhook quay.io/$repo/podpreset-webhook-bundle:latest\n```\n### Cleaning up\n\n```shell\noperator-sdk cleanup podpreset-webhook -n podpreset-webhook\noc delete operatorgroup operator-sdk-og\noc delete catalogsource podpreset-webhook-catalog\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-cop%2Fpodpreset-webhook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredhat-cop%2Fpodpreset-webhook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredhat-cop%2Fpodpreset-webhook/lists"}