Webhook-helper is a kubernetes operator to automate the process of deploying Admission Webhooks. Both mutating Webhook & validating webhooks are supported.
Webhook-helper
- creates the certificate signing request
- approves the certificate signing request
- stores the certificate as a secret
- creates the service
- creates a deployment or pod with the attached secret with the certificate at
/webhook-helper/tls.crt
and private key at/webhook-helper/tls.key
- creates the webhook
kubectl apply -f https://raw.githubusercontent.com/rc1405/webhook-helper/main/webhook-helper.yaml
kubectl get pods -n webhook-helper -w
- Wait for bootstrap to finish deployment
apiVersion: webhook-helper.io/v1
kind: WebhookHelper
metadata:
name: my-webhook
spec:
namespace: my-example-namespace
listening_port: 8080
webhook:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: ktlo
webhooks:
- name: ktlo.default.svc
rules:
- operations: ["CREATE", "UPDATE", "DELETE"]
apiGroups: ["kubeto.io"]
apiVersions: ["v1"]
resources: ["definitions", "tasks"]
failurePolicy: Fail
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
timeoutSeconds: 5
deployment:
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: my-example-namespace
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 8080
namespace
: Kubernetes namespace to deploy to (will overwrite anything in the deployment)listening_port
: Port for the service to listen and redirect traffic to the deployment/pod towebhook
:ValidatingWebhookConfiguration
orMutatingAdmissionWebhookConfiguration
configurationdeployment
:Pod
orDeployment
configuration
stateDiagram-v2
[*] --> GenerateCert
GenerateCert --> CreateCSR
CreateCSR --> ApproveCSR
ApproveCSR --> WaitForStatus
WaitForStatus --> CheckStatus
CheckStatus --> WaitForStatus
CheckStatus --> CreateSecret
CreateSecret --> CreateDeployment
CreateDeployment --> WaitForDeploymentStatus
WaitForDeploymentStatus --> CheckDeploymentStatus
CheckDeploymentStatus --> WaitForDeploymentStatus
CheckDeploymentStatus --> CreateService
CreateService --> CreateWebhook
CreateWebhook --> [*]
- Run
cargo build --release --features local
- Run
docker build -t rc1405/webhook-helper .
- Update deployment PodSpec and add
imagePullPolicy: Never
- Run
kubectl apply -f webhook-helper.yaml
kubectl delete -f https://raw.githubusercontent.com/rc1405/webhook-helper/main/webhook-helper.yaml
kubectl delete validatingwebhookconfigurations webhook-helper-admission