Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wuhan005/k8s-image-replacer

🪤 Replace image when creating pod, aims to speed up image pulling.
https://github.com/wuhan005/k8s-image-replacer

flamego go kubernetes kubernetes-webhook mutating-webhook

Last synced: about 10 hours ago
JSON representation

🪤 Replace image when creating pod, aims to speed up image pulling.

Host: GitHub
URL: https://github.com/wuhan005/k8s-image-replacer
Owner: wuhan005
License: mit
Created: 2022-11-20T09:20:30.000Z (almost 2 years ago)
Default Branch: master
Last Pushed: 2023-07-25T06:01:33.000Z (over 1 year ago)
Last Synced: 2024-06-20T03:51:59.209Z (5 months ago)
Topics: flamego, go, kubernetes, kubernetes-webhook, mutating-webhook
Language: Go
Homepage:
Size: 40 KB
Stars: 5
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

# 🪤 k8s-image-replacer ![Go](https://github.com/wuhan005/k8s-image-replacer/workflows/Go/badge.svg) [![Go Report Card](https://goreportcard.com/badge/github.com/wuhan005/k8s-image-replacer)](https://goreportcard.com/report/github.com/wuhan005/k8s-image-replacer) [![Sourcegraph](https://img.shields.io/badge/view%20on-Sourcegraph-brightgreen.svg?logo=sourcegraph)](https://sourcegraph.com/github.com/wuhan005/k8s-image-replacer)

Replace image when creating pod, aims to speed up image pulling.

## Getting started

### 1. Generate certificate and key

Clone this project. Run `dev/webhook-create-signed-cert.sh` to generate a server certificate/key pair.

```bash
./dev/webhook-create-signed-cert.sh --service k8s-image-replacer --namespace default --secret k8s-image-replacer-tls
```

### 2. Deploy `k8s-image-replacer` into your cluster

```bash
kubectl apply -f dev/k8s-image-replacer.yaml
```

### 3. Create the mutating webhook configuration for `k8s-image-replacer`

Create a mutating webhook with the cluster CA bundle.

```bash
# Replace the ${CA_BUNDLE} placeholder with the actual value.
cat dev/mutating-webhook-template.yaml | ./dev/webhook-patch-ca-bundle.sh > mutating-webhook.yaml

# Create the mutating webhook.
kubectl apply -f mutating-webhook.yaml
```

**The pod with `k8s-image-replacer: enabled` label will be replaced image by default.** If you want to set which pod's
image to be replaced, update the `dev/mutating-webhook-template.yaml` and check the Kubernetes
document [here](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector)
.

### (Optional) 4. Build your own image registry proxy.

Follow the [README here](https://github.com/ciiiii/cloudflare-docker-proxy) to build your own image registry proxy with
Cloudflare Workers.

## How it works

1. When a pod is created, the Kubernetes API server will send a request to the
`k8s-image-replacer` webhook. For more information, check
the [Kubernetes document](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/).
2. The webhook service will check if the pod's image is in the replacement map in the
configuration file.
3. If the image is in the replacement map, the webhook will replace the image with the
replacement image.
4. The pod will be created with the replacement image.
5. The image will be pulled from the image registry proxy.

## Acknowledgements

* [estahn/k8s-image-swapper](https://github.com/estahn/k8s-image-swapper)
* [ciiiii/cloudflare-docker-proxy](https://github.com/ciiiii/cloudflare-docker-proxy)

## License

MIT License