Implementation of Kubernetes PodPreset as an Admission Webhook.
Kubernetes features the ability to inject certain information into pods at creation time including secrets, volumes, volume mounts, and environment variables. Admission Webhooks are implemented as a webserver which receive requests from the Kubernetes API. A CustomResourceDefinition (CRD) called PodPreset in the redhatcop.redhat.io API group has an identical specification to the upstream API resource.
The following is an example of a PodPreset that injects an environment variable called FOO to pods with the label role: frontend
apiVersion: redhatcop.redhat.io/v1alpha1
kind: PodPreset
metadata:
name: frontend
spec:
env:
- name: FOO
value: bar
selector:
matchLabels:
role: frontend
The goal is to be fully compatible with the existing Kubernetes resource.
The webserver supporting the webhook needs to be deployed to a namespace. By default, the example manifests expect this namespace to be called podpreset-webhook. Create a new namesapce called podpreset-webhook. You can choose to deploy the webserver in another namespace but you must be sure to update references in the manifests within the deploy folder.
Install the manifests to deploy the webhook webserver by executing the following commands:
$ kubectl apply -f deploy/crds/redhatcop_v1alpha1_podpreset_crd.yaml
$ kubectl apply -f deploy/service_account.yaml
$ kubectl apply -f deploy/clusterrole.yaml
$ kubectl apply -f deploy/cluster_role_binding.yaml
$ kubectl apply -f deploy/role.yaml
$ kubectl apply -f deploy/role_binding.yaml
$ kubectl apply -f deploy/secret.yaml
$ kubectl apply -f deploy/webhook.yaml
Utilize the following steps to demonstrate the functionality of the PodPreset's in a cluster.
- Deploy any applications (as a DeploymentConfig or Deployment)
- Label the resource
kubectl patch dc/<name> -p '{"spec":{"template":{"metadata":{"labels":{"role":"frontend"}}}}}'
- Create the PodPreset
kubectl apply -f deploy/crds/redhatcop_v1alpha1_podpreset_cr.yaml
Verify the new pods have the environment variable FOO=bar