Kubernetes 1.9.0 or above with the admissionregistration.k8s.io/v1beta1
API enabled. Verify that by the following command:
kubectl api-versions | grep admissionregistration.k8s.io/v1beta1
The result should be:
admissionregistration.k8s.io/v1beta1
In addition, the MutatingAdmissionWebhook
and ValidatingAdmissionWebhook
admission controllers should be added and listed in the correct order in the admission-control flag of kube-apiserver.
-
Setup dep
The repo uses dep as the dependency management tool for its Go codebase. Install
dep
by the following command:
go get -u github.com/golang/dep/cmd/dep
- Build and push docker image
./build
- Create a signed cert/key pair and store it in a Kubernetes
secret
that will be consumed lcow deployment
./deployment/webhook-create-signed-cert.sh \
--service lcow-injector-webhook-svc \
--secret lcow-injector-webhook-certs \
--namespace default
- Patch the
MutatingWebhookConfiguration
by setcaBundle
with correct value from Kubernetes cluster
cat deployment/mutatingwebhook.yaml | \
deployment/webhook-patch-ca-bundle.sh > \
deployment/mutatingwebhook-ca-bundle.yaml
- Patch the
ValidatingWebhookConfiguration
by setcaBundle
with correct value from Kubernetes cluster
cat deployment/validatingwebhook.yaml | \
deployment/webhook-patch-ca-bundle.sh > \
deployment/validatingwebhook-ca-bundle.yaml
- Deploy resources
kubectl create -f deployment/deployment.yaml
kubectl create -f deployment/service.yaml
kubectl create -f deployment/mutatingwebhook-ca-bundle.yaml
kubectl create -f deployment/validatingwebhook-ca-bundle.yaml
- The lcow inject webhook should be running
[root@mstnode ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
lcow-injector-webhook-deployment-bbb689d69-882dd 1/1 Running 0 5m
[root@mstnode ~]# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
lcow-injector-webhook-deployment 1 1 1 1 5m