-
Notifications
You must be signed in to change notification settings - Fork 1
/
mutate-example.py
54 lines (40 loc) · 1.71 KB
/
mutate-example.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
from flask import Flask, request, jsonify
from pprint import pprint
import jsonpatch
import copy
import base64
app = Flask(__name__)
@app.route('/mutate', methods=['POST'])
def webhook():
request_info = request.json
request_info_object = request_info["request"]["object"]
modified_info = copy.deepcopy(request_info)
pprint(modified_info)
modified_info_object = modified_info["request"]["object"]
for container_spec in modified_info_object["spec"]["containers"]:
print("Let's check port of {}/{}... \n".format(modified_info_object["metadata"]["name"], container_spec['name']))
check_nginx_port(container_spec)
patch = jsonpatch.JsonPatch.from_diff(request_info_object, modified_info_object)
print("############## JSON Patch ############## ")
pprint(str(patch))
print('\n')
admissionReview = {
"response": {
"allowed": True,
"uid": request_info["request"]["uid"],
"patch": base64.b64encode(str(patch).encode()).decode(),
"patchtype": "JSONPatch"
}
}
print("############## This data will be sent to k8s (admissionReview) ##############")
pprint(admissionReview)
print('\n')
return jsonify(admissionReview)
def check_nginx_port(container_spec):
image = container_spec["image"]
port = container_spec['ports'][0]['containerPort']
if 'nginx' in image and port != 80:
print('Oh, alice specified nginx Docker image, but using port {}!'.format(port))
container_spec['ports'][0]['containerPort'] = 80
print('OK, alice\'s port is successfully changed to 80!\n\n')
app.run(host='0.0.0.0', debug=True, ssl_context=('/run/secrets/tls/tls.crt', '/run/secrets/tls/tls.key'))