This was a quick exploration of the base primitives that make mutating webhooks in kubernetes function. Assumes a linux host but probably works in other environments with some coaxing.
- Run
./start-cluster.shto create a cluster and tls material for control-plane <-> webhook communication. - Install the mutating webhook configuration, deployment and service.
export CA_BUNDLE=$(cat webhook/pki/ca.crt | base64 | tr -d '\n') kubectl kustomize . | envsubst | k apply -f - - Apply a manifest that satisfies the mutating webhook configuration:
kubectl apply -f pod.yml - View that the manifest was modified:
kubectl get pods -n test --show-labels - View the request the control plane sends to the webhook:
kubectl logs deployment/labelmutation - You can modify the webhook behavior by editing
webhook/main.goand re-running step #2.