podpreset-webhook

Implementation of the now deprecated Kubernetes PodPreset feature as an Admission Webhook.

Overview

Kubernetes features the ability to inject certain information into pods at creation time including secrets, volumes, volume mounts, and environment variables. Admission Webhooks are implemented as a webserver which receive requests from the Kubernetes API. A CustomResourceDefinition (CRD) called PodPreset in the redhatcop.redhat.io API group has an identical specification to the upstream API resource.

The following is an example of a PodPreset that injects an environment variable called FOO to pods with the label role: frontend

apiVersion: redhatcop.redhat.io/v1alpha1
kind: PodPreset
metadata:
  name: frontend
spec:
  env:
  - name: FOO
    value: bar
  selector:
    matchLabels:
      role: frontend

The goal is to be fully compatible with the existing Kubernetes resource.

Installation

The following steps describe the various methods for which the solution can be deployed:

Basic Deployment

Prerequisites

cert-manager is required to be deployed and available to generate and manage certificates needed by the webhook. Use any of the supported installation methods available.

Deployment

Execute the following command which will facilitate a deployment to a namespace called podpreset-webhook

make deploy IMG=quay.io/redhat-cop/podpreset-webhook:latest

Example Implementation

Utilize the following steps to demonstrate the functionality of the PodPreset's in a cluster.

1. Deploy any applications (as a DeploymentConfig or Deployment)

2. Create the PodPreset

kubectl apply -f config/samples/redhatcop_v1alpha1_podpreset.yaml

3. Label the resource

kubectl patch deployment/<name> -p '{"spec":{"template":{"metadata":{"labels":{"role":"frontend"}}}}}'

Verify any new pods have the environment variable FOO=bar

Development

Building/Pushing the operator image

export repo=redhatcopuser #replace with yours
docker login quay.io/$repo/podpreset-webhook
make docker-build IMG=quay.io/$repo/podpreset-webhook:latest
make docker-push IMG=quay.io/$repo/podpreset-webhook:latest

Deploy to OLM via bundle

make manifests
make bundle IMG=quay.io/$repo/podpreset-webhook:latest
operator-sdk bundle validate ./bundle --select-optional name=operatorhub
make bundle-build BUNDLE_IMG=quay.io/$repo/podpreset-webhook-bundle:latest
docker login quay.io/$repo/podpreset-webhook-bundle
docker push quay.io/$repo/podpreset-webhook-bundle:latest
operator-sdk bundle validate quay.io/$repo/podpreset-webhook-bundle:latest --select-optional name=operatorhub
oc new-project podpreset-webhook
operator-sdk cleanup podpreset-webhook -n podpreset-webhook
operator-sdk run bundle -n podpreset-webhook quay.io/$repo/podpreset-webhook-bundle:latest

Cleaning up

operator-sdk cleanup podpreset-webhook -n podpreset-webhook
oc delete operatorgroup operator-sdk-og
oc delete catalogsource podpreset-webhook-catalog