Home

Awesome

<p align="center"> <img src="logo/kubewebhook_logo@0,5x.png" width="30%" align="center" alt="kubewebhook"> </p>

kubewebhook

CI Go Report Card GoDoc Apache 2 licensed GitHub release (latest SemVer) Kubernetes release

Kubewebhook is a small Go framework to create external admission webhooks for Kubernetes.

With Kubewebhook you can make validating and mutating webhooks in any version, fast, easy, and focusing mainly on the domain logic of the webhook itself.

Features

Getting started

Use github.com/slok/kubewebhook/v2 to import Kubewebhook v2.

func run() error {
    logger := &kwhlog.Std{Debug: true}

    // Create our mutator
    mt := kwhmutating.MutatorFunc(func(_ context.Context, _ *kwhmodel.AdmissionReview, obj metav1.Object) (*kwhmutating.MutatorResult, error) {
        pod, ok := obj.(*corev1.Pod)
        if !ok {
            return &kwhmutating.MutatorResult{}, nil
        }

        // Mutate our object with the required annotations.
        if pod.Annotations == nil {
            pod.Annotations = make(map[string]string)
        }
        pod.Annotations["mutated"] = "true"
        pod.Annotations["mutator"] = "pod-annotate"

        return &kwhmutating.MutatorResult{MutatedObject: pod}, nil
    })

    // Create webhook.
    wh, err := kwhmutating.NewWebhook(kwhmutating.WebhookConfig{
        ID:      "pod-annotate",
        Mutator: mt,
        Logger:  logger,
    })
    if err != nil {
        return fmt.Errorf("error creating webhook: %w", err)
    }

    // Get HTTP handler from webhook.
    whHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: wh, Logger: logger})
    if err != nil {
        return fmt.Errorf("error creating webhook handler: %w", err)
    }

    // Serve.
    logger.Infof("Listening on :8080")
    err = http.ListenAndServeTLS(":8080", cfg.certFile, cfg.keyFile, whHandler)
    if err != nil {
        return fmt.Errorf("error serving webhook: %w", err)
    }

    return nil

You can get more examples in here

Production ready example

This repository is a production ready webhook app: https://github.com/slok/k8s-webhook-example

It shows, different webhook use cases, app structure, testing domain logic, kubewebhook use case, how to deploy...

Static and dynamic webhooks

We have 2 kinds of webhooks:

Compatibility matrix

To know the validated compatibility, check the integration tests on CI.

KubewebhookKubernetesAdmission reviewsDynamic webhooksOpenTelemetry tracing
v2.71.31, 1.30, 1.29, 1.28v1beta1, v1
v2.61.29, 1.28, 1.27, 1.26v1beta1, v1
v2.51.25v1beta1, v1
v2.41.24v1beta1, v1
v2.31.23v1beta1, v1
v2.21.22v1beta1, v1
v2.11.21v1beta1, v1
v2.01.20v1beta1, v1
v0.111.19v1beta1
v0.101.18v1beta1
v0.91.18v1beta1
v0.81.17v1beta1
v0.71.16v1beta1
v0.61.15v1beta1
v0.51.14v1beta1
v0.41.13v1beta1
v0.31.12v1beta1
v0.21.11v1beta1
v0.21.10v1beta1

Documentation

You can access here.