K8sMutate is a flexible Kubernetes Mutating Admission Webhook built with Java and Spring Boot. It allows users to define custom mutation rules for Kubernetes resources, such as Pods, by applying specific patches based on configurable rules.
- Customizable Mutations: Define your own mutation rules in a YAML configuration file.
- Multi-Container Support: Target specific containers within multi-container Pods.
- Easy Integration: Integrates seamlessly into your Kubernetes cluster with minimal setup.
- Logging and Error Handling: Provides detailed logging and error reporting to facilitate debugging.
- Java 21 or later
- Docker (for containerization)
- Kubernetes cluster
- Maven (for building the project)
git clone https://github.com/uptoamir/K8sMutate
cd k8smutatemvn clean packageYou can run the webhook locally for testing purposes:
java -jar target/k8smutate-1.0-SNAPSHOT.jardocker build -t khoshbinamirhosein/k8smutate:latest .docker run -d -p 8080:8080 \
-v /path/to/your/application.yml:/app/config/application.yml \
khoshbinamirhosein/k8smutate:latestEnsure that your webhook is accessible to your Kubernetes API server. You can deploy it as a service within your Kubernetes cluster.
Example deployment:
apiVersion: apps/v1
kind: Deployment
metadata:
name: k8smutate
spec:
replicas: 1
selector:
matchLabels:
app: k8smutate
template:
metadata:
labels:
app: k8smutate
spec:
containers:
- name: k8smutate
image: khoshbinamirhosein/k8smutate:latest
ports:
- containerPort: 8080
volumeMounts:
- name: config-volume
mountPath: /app/config/application.yml
subPath: application.yml
volumes:
- name: config-volume
configMap:
name: k8smutate-configCreate a MutatingWebhookConfiguration resource to tell Kubernetes to send Pod creation requests to your webhook for mutation.
Example configuration:
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: k8smutate-webhook
webhooks:
- name: mutate-pods.k8smutate.com
clientConfig:
service:
name: k8smutate
namespace: default
path: /mutate
caBundle: <Base64-encoded-CA-cert>
rules:
- operations: ["CREATE"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
admissionReviewVersions: ["v1"]
sideEffects: NoneThe K8sMutate webhook is configured using a YAML file (application.yml) that defines the mutation rules.
Example application.yml:
mutations:
- kind: Pod
path: "/spec/containers/0/resources/requests/cpu"
value: "500m"
- kind: Pod
path: "/spec/containers/1/resources/requests/memory"
value: "256Mi"In the configuration file (application.yml), the mutation paths like /spec/containers/0/resources/requests/cpu are used to specify which part of the Kubernetes resource you want to mutate. Here's a breakdown of what this path means:
/spec/containers: This refers to the array of containers defined in the Pod's specification./spec/containers/0: The0here is an index that refers to the first container in the list. In programming, arrays are typically zero-indexed, meaning the first element is at index 0, the second at 1, and so on./spec/containers/0/resources/requests/cpu: This specifically targets the CPU resource request of the first container in the Pod.
If your Pod has multiple containers and you want to target a different container, you would change the index from 0 to the appropriate number that corresponds to the desired container:
/spec/containers/1/resources/requests/cpu: This would refer to the CPU resource request of the second container.
Understanding this structure is key to effectively using K8sMutate to apply mutations to specific containers within a multi-container Pod.
An example is provided in the examples/multi-container-pod directory, demonstrating how to use the webhook to mutate a Pod with multiple containers.
- Apply the Pod Definition
kubectl apply -f examples/multi-container-pod/pod.yaml- Check the Mutated Pod
After the webhook applies the mutation, inspect the Pod to see the updated resource requests:
kubectl get pod multi-container-pod -o yaml