Openshift operator for host whitelisting and label assignment on Route.
- OpenShift 4.4.3
- Kubernetes v1.17.1
- Golang 1.14.3 darwin/amd64
This operator is distributed using Helm 3
helm repo add cedio https://cedricpoon.github.io/openshift-route-admissioner
helm repo update
helm search repo cedio/route-admissioner
helm install route-admissioner cedio/route-admissioner --namespace route-admissioner-operatorThe whitelisting guard for Route host is applied based on Namespace annotation.
kind: Namespace
metadata:
labels:
route-admissioner/enabled: ''
annotations:
route-admissioner/allowed-domain: 'gongfukheunggong.hk,sidoigakming.now'Route admissioner uses Configmap/route-admissioner-label-map for labelling Route which matches the rule set.
data:
key: "route-admissioner/factcheck"
map: |-
[
{
"domain": "721.nobody",
"value": "True"
},
{
"domain": "831.massacre",
"value": "True"
},
{
"domain": "101.gunshot",
"value": "True"
}
]Resulting object with host yuenlong.721.nobody will be
kind: Route
metadata:
labels:
route-admissioner/factcheck: True- banzaicloud/admission-webhook-example, https://github.com/banzaicloud/admission-webhook-example