A Docker image containing webhook, kubectl, and additional other useful tools.
Great for automating Kubernetes maintenance operations! ☸️
The Docker image is based on Alpine.
Besides webhook and kubectl, the latest version of this image includes the following tools:
Note: the image also includes the
gcompatcompatibility layer for GNU libc on top of musl libc. This allows binaries that are dynamically linked against GNU libc to run in this container. This is necessary because Alpine uses musl libc rather than GNU libc.
The image does not define a default command or entrypoint, so if you want to run the webhook command, you have to specify it explicitly when running the image (see Usage below).
The versions of webhook and kubectl included in the image are defined in the versions file.
For the latest version of the image, these are:
- webhook: 2.8.0
- kubectl: v1.23.0
Assuming you have a webhook config file named hooks.yaml in your current working directory, you can run the Docker image as follows:
docker run \
-p 9000:9000 \
-v "$PWD"/hooks.yaml:/home/hooks.yaml \
weibeld/webhook-kubectl:0.0.2 \
webhook --hooks /home/hooks.yamlNote: you have to explicitly specify the
webhookcommand since the image does not define an entrypoint command.
If you deploy the image to a Kubernetes cluster, then kubectl configures itself to acess this cluster by using the information injected into each container by Kubernetes. This includes the Pod's ServiceAccount token (/var/run/secrets/kubernetes.io/serviceaccount/token) for authentication.
So, if you want to access the cluster that kubectl is running, in you don't need a kubeconfig file or any other configuration.
If you want to access a different cluster, or deploy the image outside of Kubernetes, you need to provide an appropriate kubeconfig file to kubectl in the container.
In any case, for granting permissions to kubectl, you need to create appropriate Roles or ClusterRoles in the target cluster and bind them to the ServiceAccount or user used by kubectl with corresponding RoleBindings or ClusterRoleBindings.