APACHE-2.0 License
This template provides a kick start to making a kubernetes admission controller using TypeScript and Node.JS, uses a Mutating Webhook.
The following scripts are included in the NPM project configuration
lint
lints the source code using eslintlint:fix
automatically fixes any lint errors that can be fixed automaticallytest
uses jest to run test suitestest:e2e
runs e2e test suite, this requires an active helm:deploybuild
compiles the typescript into js and places it in the dist
folderbuild:image
builds the container imageminikube:start
create a minikube k8s clusterminikube:stop
stop minikube but do not deleteminikube:delete
delete the minikube clusterhelm:addRepos
adds helm reposhelm:deployCertManager
deploy cert-manager for TLShelm:deploy
deploy the app to k8s using helmhelm:template
print the k8s yaml that would be applied to k8s when using helm:deploy
helm:uninstall
remove the app from k8shelm:uninstallCertManager
remove cert-manager from the k8s clusterIf you don't already have cert manager installed you will need to run:
helm repo add jetstack https://charts.jetstack.io && helm repo update && \
helm upgrade --install --namespace cert-manager --create-namespace \
cert-manager jetstack/cert-manager --set installCRDs=true --debug --wait
Add the helm repos helm repo add k8s https://curium-rocks.github.io/k8s-mutating-webhook
fetch updates helm repo update
.
Verify it worked helm search repo k8s
and you should see something like.
NAME CHART VERSION APP VERSION DESCRIPTION
k8s/k8s-mutating-webhook... 0.1.0 0.1.0 A starter template for a dynamic admission mut...
Deploy the app helm upgrade --install starter k8s/k8s-mutating-webhook
Verify it worked kubectl run testpod --image=busybox
, this will be changed, fetch it's yaml kubectl get testpod -o yaml
you will see its securityContext
's have been enhanced.
This is meant to include service abstractions, ideally each service should provide an interface/contract exposing the functionality that other things in the application need.
Currently this is setup to house factories or other items to provide instances of third party things/modules that will be bound by the InversifyJS IoC container so they can be injected into other things with @inject()
This houses interfaces/models with little to no logic, the intent is these items can be passed/returned from the abstractions in services and avoid tight coupling to third party types.
This defines symbols for each type that will be configured in the IoC container, these are used to identify the type when using @inject(TYPES.Services.Kubernetes)
for example. For more information refer to inversify.
This file maps the types defined in ./src/types.ts
to interface types. For more information refer to inversify.
k8s-mutating-webhook
references to match your project name