secret_injector_webhook
所属分类:构建工具
开发工具:HTML
文件大小:0KB
下载次数:0
上传日期:2020-11-14 10:07:24
上 传 者:
sh-1993
说明: 分泌物喷射器网络挂钩,,
(secretinjectorwebhook,,)
文件列表:
95.jpeg (17313, 2020-11-14)
Dockerfile (105, 2020-11-14)
box.sh (64, 2020-11-14)
box.yaml (411, 2020-11-14)
cluster.yaml (99, 2020-11-14)
delete.sh (112, 2020-11-14)
mutate.py (3278, 2020-11-14)
mutate_admission.yaml (549, 2020-11-14)
mutate_admission_ca.yaml (1905, 2020-11-14)
run.sh (140, 2020-11-14)
slides.html (6885, 2020-11-14)
topo.png (92158, 2020-11-14)
webhook.yaml (766, 2020-11-14)
### Mutate webhook
Example Mutating Admission Controller Webhook
[Kind](https://kind.sigs.k8s.io/) used as Kubernetes cluster
1. Create cluster
```bash
kind create cluster --config cluster.yaml
```
1. Create signed cert/key pair (use script from https://github.com/morvencao/kube-mutating-webhook-tutorial)
```bash
git clone https://github.com/morvencao/kube-mutating-webhook-tutorial
./kube-mutating-webhook-tutorial/deployment/webhook-create-signed-cert.sh --service mutate-webhook-svc --namespace default --secret mutate-webhook-secret
export CA_BUNDLE=$(kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.ca\.crt}")
cat ./mutate_admission.yaml | ./kube-mutating-webhook-tutorial/deployment/webhook-patch-ca-bundle.sh > ./mutate_admission_ca.yaml
```
1. Create image
```bash
docker build . -t mutate
```
2. Push image
```bash
kind load docker-image mutate
```
3. Create mutating webhook
```bash
kubectl apply -f webhook.yaml
```
4. Create Mutating Webhook Configuration
```bash
kubectl apply -f mutate_admission_ca.yaml
```
5. Mutate busbox
```bash
kubectl apply -f box.yaml
```
### Install Vault
https://www.vaultproject.io/docs/platform/k8s/helm/run
Add repo to helm
```
helm repo add hashicorp https://helm.releases.hashicorp.com
```
Install vault with dev mode
```
helm install vault hashicorp/vault --set "server.dev.enabled=true"
```
Forward port
```
kubectl port-forward vault-0 8200:8200
```
近期下载者:
相关文件:
收藏者: