1.GitHub - caesarxuchao/example-webhook-admission-controller: An example of Kubernetes wehbook admission extensionAn example of Kubernetes wehbook admission extension - GitHub - caesarxuchao/example-webhook-admission-controller: An example of Kubernetes wehbook admission extensionhttps://github.com/caesarxuchao/example-webhook-admission-controller 动态准入控制 | Kubernetes
1.产线使用注入agent, 随着集群升级、v1beta1版本升级到v1
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: inject-webhook
webhooks:
- name: inject-server.sky-system.svc
clientConfig:
service:
name: inject-server
namespace: sky-system
path: "/api/append"
caBundle: ${CA_PEM_B64}
rules:
- operations: [ "CREATE" ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: inject-webhook
webhooks:
- name: inject-server.sky-system.svc
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
timeoutSeconds: 15
clientConfig:
service:
name: inject-server
namespace: sky-system
path: "/api/append"
caBundle: ${CA_PEM_B64}
rules:
- operations: [ "CREATE" ]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
"k8s.io/api/admission/v1"
p:=v1.PatchTypeJSonPatch
admissionReviewResponse.Response.PatchType = &p
admissionReviewResponse := v1.AdmissionReview{
Typemeta: metav1.Typemeta{
Kind: "AdmissionReview",
APIVersion: "admission.k8s.io/v1",
},
Response: &v1.AdmissionResponse{
UID: admissionReviewReq.Request.UID,
},
}
