English | 简体中文
This is a dynamic admission control webhook for kubernetes, it can be used to mutate kubernetes resources.
This program monitors the CREATE, UPDATE, DELETE events for deployments and the CREATE events for pods and adds the initContainer for Pod , adds the environment variable JAVA_TOOL_OPTIONS by default, mounts the configmap, modifies the volume load for the main container, and so on.
- Install CFSSL (HTTP API tool for signing, verifying, and bundling TLS certificates) in the environment to be deployed
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo mv cfssl_linux-amd64 /usr/local/bin/cfssl mv cfssljson_linux-amd64 /usr/local/bin/cfssljson chmod +x /usr/local/bin/cfssl-certinfo /usr/local/bin/cfssl /usr/local/bin/cfssljson
- Copy
cfsslandjoylive webhookfrom the deploy directory to the environment to be deployed - The namespace in
cfssl/dac-csr.jsonis currently filled in asjoyliveand needs to be modified according to the actual situation - Execute the
create-secret.shscript in thejoylive-injector/deploy/cfssldirectory to generate a secret. If thejoylive-webhookpackage is in the same directory ascfssl, it can automatically replace the value of thecaBundle,caKeyBundleandcaPubBundlefield - If the value of
caBundle,caKeyBundleandcaPubBundleare not replaced, it is necessary to manually replace the value of thecaBundle,caKeyBundleandcaPubBundlefield in thevalue.yamlin the chart package. Use the content generated bycat dac-ca.pem | base64 | tr -d '\n'ascaBundle,cat dac-key.pem | base64 | tr -d '\n'ascaKeyBundle,cat dac.pem | base64 | tr -d '\n'ascaPubBundleto replace them - Execute
helm install joylive-webhook ./joylive-webhook -n joyliveInstall webhook - Modify the configuration in the
value.yamlsection of the chart package as needed
Execute command:
helm install joylive-webhook ./packages/joylive-webhook-1.0.0.tgz