A MutatingWebhook for Kubernetes based on Kustomize.
The kustomize-webhook is a MutatingWebhook which applies kustomize patches to Pods. The MutatingWebhook receives the Pod resource which is then patches via a kustomize patch. The patch itself is generated via go template with the Pod as data.
An example deployment can be found in the deploy folder. Generate certs, e.g. via:
openssl req -x509 -newkey rsa:2048 -keyout tls.key -out tls.crt -days 365 -nodes -subj "/CN=kustomize-webhook.default.svc"
Replace the following vars in deploy/webhook.yaml:
TLS_CRT_BASE64=$(cat tls.crt | base64)
TLS_CRT=$(cat tls.crt)
TLS_KEY=$(cat tls.key)
adjust the kustomize patch in the kustomize-webhook-patches
ConfigMap and deploy the YAML file:
kubectl apply -f deploy/webhook.yaml