Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/redhat-cop/podpreset-webhook

Implementation of Kubernetes PodPreset as an Admission Webhook.
https://github.com/redhat-cop/podpreset-webhook

container-cop

Last synced: 3 months ago
JSON representation

Implementation of Kubernetes PodPreset as an Admission Webhook.

Lists

README 

        
# podpreset-webhook



[![Build Status](https://github.com/redhat-cop/podpreset-webhook/workflows/push/badge.svg?branch=master)](https://github.com/redhat-cop/podpreset-webhook/actions?workflow=push) [![Docker Repository on Quay](https://quay.io/repository/redhat-cop/podpreset-webhook/status "Docker Repository on Quay")](https://quay.io/repository/redhat-cop/podpreset-webhook)



Implementation of the now deprecated Kubernetes _PodPreset_ feature as an [Admission Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).



## Overview



Kubernetes features the ability to inject certain information into pods at creation time including secrets, volumes, volume mounts, and environment variables. Admission Webhooks are implemented as a webserver which receive requests from the Kubernetes API. A CustomResourceDefinition (CRD) called _PodPreset_ in the _redhatcop.redhat.io_ API group has an identical specification to the upstream API resource.



The following is an example of a _PodPreset_ that injects an environment variable called _FOO_ to pods with the label `role: frontend`



```

apiVersion: redhatcop.redhat.io/v1alpha1

kind: PodPreset

metadata:

  name: frontend

spec:

  env:

  - name: FOO

    value: bar

  selector:

    matchLabels:

      role: frontend

```



The goal is to be fully compatible with the existing Kubernetes resource.



## Installation



The following steps describe the various methods for which the solution can be deployed:



### Basic Deployment



#### Prerequisites



[cert-manager](https://cert-manager.io/docs) is required to be deployed and available to generate and manage certificates needed by the webhook. Use any of the supported installation methods available.



#### Deployment



Execute the following command which will facilitate a deployment to a namespace called `podpreset-webhook`



```shell

make deploy IMG=quay.io/redhat-cop/podpreset-webhook:latest

```

## Example Implementation



Utilize the following steps to demonstrate the functionality of the _PodPreset's_ in a cluster.



1. Deploy any applications (as a _DeploymentConfig_ or _Deployment_)



2. Create the _PodPreset_



```

kubectl apply -f config/samples/redhatcop_v1alpha1_podpreset.yaml

```



3. Label the resource



```

kubectl patch deployment/ -p '{"spec":{"template":{"metadata":{"labels":{"role":"frontend"}}}}}'

```



Verify any new pods have the environment variable `FOO=bar`



## Development



### Building/Pushing the operator image



```shell

export repo=redhatcopuser #replace with yours

docker login quay.io/$repo/podpreset-webhook

make docker-build IMG=quay.io/$repo/podpreset-webhook:latest

make docker-push IMG=quay.io/$repo/podpreset-webhook:latest

```



### Deploy to OLM via bundle



```shell

make manifests

make bundle IMG=quay.io/$repo/podpreset-webhook:latest

operator-sdk bundle validate ./bundle --select-optional name=operatorhub

make bundle-build BUNDLE_IMG=quay.io/$repo/podpreset-webhook-bundle:latest

docker login quay.io/$repo/podpreset-webhook-bundle

docker push quay.io/$repo/podpreset-webhook-bundle:latest

operator-sdk bundle validate quay.io/$repo/podpreset-webhook-bundle:latest --select-optional name=operatorhub

oc new-project podpreset-webhook

operator-sdk cleanup podpreset-webhook -n podpreset-webhook

operator-sdk run bundle -n podpreset-webhook quay.io/$repo/podpreset-webhook-bundle:latest

```

### Cleaning up



```shell

operator-sdk cleanup podpreset-webhook -n podpreset-webhook

oc delete operatorgroup operator-sdk-og

oc delete catalogsource podpreset-webhook-catalog

```