kubemutator

command module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 3, 2022 License: MIT Imports: 12 Imported by: 0

README

kubemutator

A Kubernetes resource mutator

GoDoc Go Report Card

Get start

Set up a Kubernetes cluster

You should set up your self

Generate a certification pair

Modify examples/tls/ca.conf, examples/tls/csr-prod.conf.

Generate certifate,

cd examples/tls
DEPLOYMENT=us-east-1 CLUSTER=PRODUCTION ./new-kubemutator-cert.rb
Apply MutatingWebhookConfiguration
  1. Encode ca.crt with base64
cat examples/tls/us-east-1/PRODUCTION/ca.crt | base64

  1. First replace examples/kubernetes/mutating-webhook-configuration.yaml webhooks[0].clientConfig.caBundle with your ca.crt base64 generated before

  2. Apply the mutating webhook configuration

kubectl -n kube-system apply -f examples/kubernetes/mutating-webhook-configuration.yaml
Apply other kubernetes configurations
kubectl -n kube-system apply -f serviceaccount.yaml
kubectl -n kube-system apply -f clusterrole.yaml
kubectl -n kube-system apply -f clusterrolebinding.yaml
kubectl -n kube-system apply -f configmap.yaml  # !! rewrite configmap with your config file and mutator cert and key
kubectl -n kube-system apply -f deployment.yaml
kubectl -n kube-system apply -f service.yaml

# if you have prometheus operator deployed, you can add service monitor below
kubectl -n kube-system apply -f service-monitor.yaml
Or you can deploy kubemutator with helm
cd examples/chart

# generate you custom values
helm inspect values kubemutator > custom.yaml

# make some changes to custom.yaml

# show what would happen next
helm template --name kubemutator --namespace kube-system -f custom.yaml kubemutator

# install to your Kubernetes cluster
helm install --name kubemutator --namespace kube-system -f custom.yaml kubemutator

Configuration

An example configuration is in examples/conf/config.yml

annotationKey: kubemutator.example.com/requests

strategies:
  - name: filebeat
    patches:
      # add filebeat sidecar
      - isTemplate: true
        data: |
          op: add
          path: /spec/containers/-
          value:
            name: filebeat
            image: myrepo/filebeat
            resources:
              requests:
                cpu: 100m
                memory: 128Mi
              limits:
                cpu: 100m
                memory: 128Mi
            volumeMounts:
              - name: logs
                mountPath: /var/log/{{ .Labels.k8s-app }}

rules:
  - namespace:
      - default
    selector:
      matchLabels:
        k8s-app: myapp
    strategies:
      - filebeat

patch data see: https://tools.ietf.org/html/rfc6902

  1. For each rule in rules, match namespace and selector.
  2. If match failed, match next.
  3. If match succeeded, append the strategies to the strategy list.
  4. Read the pod annotation prefixed by annotationKey, append the strategies joined by comma to the strategy list.
  5. Merge all the strategy patches and response the JSONPatch object to the Kubernetes server.

License

MIT

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
internal
config
view
view/cronjobs
view/mutate
pkg
cronjob
httputils
log
session
signal
tmpl

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.