Implementing a Mutating Admission Webhook
Learn how to implement a mutating admission webhook service.
We'll cover the following...
Implement a mutating admission webhook service
A mutating admission webhook service is a web server, because the kube-apiserver invokes it through HTTPS POST requests. Now, let’s implement such a service step by step.
Step 1: Write a simple HTTP server
Let’s write a simple HTTP server at the path /mutate over port 443. It adds labels for Pods. Below is the development environment in which we can add and modify our programs. We can click the “Run” button to initialize it.
-----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIUSImy/BhX3ZyUZ27Kb2fg/3ID54UwDQYJKoZIhvcNAQEL BQAwDTELMAkGA1UEAxMCQ0EwHhcNMjMwMTAzMDgwMDAwWhcNMzIxMjMxMDgwMDAw WjANMQswCQYDVQQDEwJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AK2/cEW8ryJG8NoP5qOPNsXX3+xoDooYikvYwRFNOJ/bN2FUdjEC8FSoug2lNMVm bBSL49SOOnXxr+A+Azg6koAzbk6wCrtWr/tXdAbHGhl/LClYoEvuGtnLVAc5fFdN FIXrhcoAMgdeSZ78MQvgrQIbYmA5tcsCiBqS14qPpo0glVMDgLINWYcFD4XJ0o2S 53JRPRyprVz/o+O8FQYqeFNAFhiDldbkY6x2Ry0V0QAUNXx+M9iA7Wet0OzUWcWp Bnlm2X5DHgSCJwS+5q+XN/OQEymsRGSk5v8iSbNamMjDMqbJw+fYGeI4uniwIpI7 lISqJ1ktx/Vw302tzokgjusCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFMyU4uDgZy4mqhVZWRIqp4dsoUTBMB8G A1UdIwQYMBaAFMyU4uDgZy4mqhVZWRIqp4dsoUTBMA0GCSqGSIb3DQEBCwUAA4IB AQA7FtpFPI6GqzHzCk2CGY7DAFbaXljLKJ6vIPbUlINW0QNjjIgwUqzdlCmsXSSt Gvn1xrtpBCChXu2PWF30r8WY9897By203YEProoAcGiAsonr/G7hHryOGUfb7DBA 9AqWNVC+8tZvaBS05Ht5CEY/XsIcRUZ4miw/9wTBnm5Fy7tAYgfZbCKTL7zAwbOH thzRNlrcJT/iFCI6aQlNidnoW0v3zH/fGVxfMg70AfSK6QpOQbFu2KR+LOfy4cWO dEiQLPeuMYUdxlR6ycBmRxdVo5oUU5YqvnC0gmIIaozDtbpfyVl/cpqBUp/NHGY1 Hzd4fULZD5VJs0skE1a1C5ud -----END CERTIFICATE-----
In a real-world scenario, we only need to replace the mock code in the function admit() (line 21 in main.go) with our actual business logic. In the demo above, we’re handling pods, and other resources can be handled as well if we’ve set matching rules in MutatingAdmissionConfiguration.
One of the notable qualities of good admission controllers is their ...