This is simple MutatingAdmissionWebhook example, auto injects to pod Env :
env:
name: TZ
value: Asia/Shanghaipush image
make build-image
make push-imageCreate namespace:
kubectl create ns sidecar-injectorCreate a signed cert/key pair and store it in a Kubernetes secret that will be consumed by sidecar injector deployment:
./deployment/webhook-create-signed-cert.sh \
--service sidecar-injector-webhook-svc \
--secret sidecar-injector-webhook-certs \
--namespace sidecar-injectorPatch the MutatingWebhookConfiguration by set caBundle with correct value from Kubernetes cluster:
cat deployment/mutatingwebhook.yaml | \
deployment/webhook-patch-ca-bundle.sh > \
deployment/mutatingwebhook-ca-bundle.yamldeploy:
kubectl create -f deployment/deployment.yaml
kubectl create -f deployment/service.yaml
kubectl create -f deployment/mutatingwebhook-ca-bundle.yamlGet sidecar inject webhook state:
# kubectl get po -n sidecar-injector
NAME READY STATUS RESTARTS AGE
sidecar-injector-webhook-deployment-847c47cbb-ktns5 1/1 Running 0 6sDeploy nginx test it :
kubectl label namespace default sidecar-injection=enabled
kubectl create deployment my-dep --image=nginx --replicas=1Get The Env field:
# kubectl get po -l app=my-dep -o=jsonpath='{.items[0].spec.containers[0].env}'
[{"name":"CLUSTER_NAME","value":"aks-test-01"},{"name":"TZ","value":"Asia/Shanghai"}]% morvencao/kube-mutating-webhook-tutorial: https://github.com/morvencao/kube-mutating-webhook-tutorial