0.0.37 released

Author: ugur99

README.md

@@ -1,2 +1,26 @@
 # kubernetes-dnsConfig-mutating-webhook
-This is a Kubernetes mutating webhook to manipulate dnsConfig and dnsPolicy fields dynamically.
+This is a Kubernetes mutating webhook to manipulate `dnsConfig` and `dnsPolicy` dynamically.
+
+If dnsPolicy is not specified or is set as ClusterFirst, the pod creation request is intercepted and mutated as the following:
+
+```
+  dnsConfig:
+    nameservers:
+    - 169.254.25.10
+    options:
+    - name: timeout
+      value: "1"
+    - name: ndots
+      value: "2"
+    - name: attempts
+      value: "1"
+    searches:
+    - svc.dev-team
+  dnsPolicy: None
+```
+
+`Ndots`, `attempts` and `timeout` values can be given as environment variables of the [backend container](kubernetes-manifests/webhook-mutation-deployment.yml). Since this architecture is designed for a cluster that uses `nodelocalDNS`, nodelocalDNS_IP should be set as an environment variable too. Backend reads clusterDomain which is assumed to be same as the cluster name from the [cluster-info configmap](kubernetes-manifests/cluster-info.yml). 
+
+Namespaces which is wanted to be excluded can be given in the [configmap](kubernetes-manifests/mutating-webhook-cm.yml)
+
+![logs](resources/image01.png)

kubernetes-manifests/cluster-metadata.yml renamed to kubernetes-manifests/cluster-info.yml

@@ -4,3 +4,4 @@ data:
 kind: ConfigMap
 metadata:
   name: cluster-info
+  namespace: kube-system

kubernetes-manifests/webhook-mutation-deployment.yml

@@ -20,9 +20,6 @@ spec:
         image: ugurozturk99/dnsmutationwebhook:${CI_PIPELINE_ID}
         ports:
         - containerPort: 443
-        resources:
-          requests:
-            cpu: "1m"
         env:
         - name: LOG_LEVEL
           value: "info"

mutate.py

@@ -15,11 +15,7 @@
 list = data.split("\n")
 properties.close()
 
-#config.load_kube_config()
-#api_instance = client.CoreV1Api()
 api_instance = client.CoreV1Api(client.ApiClient(incluster_config.load_incluster_config()))
-#pretty="true"
-#namespace="kube-system"
 
 try: 
     api_response = api_instance.list_namespaced_config_map(namespace="kube-system",pretty="true")
@@ -74,7 +70,7 @@
   exit(1)
 
 
-patch = "[{\"op\": \"add\", \"path\": \"/spec/dnsConfig\", \"value\": {\"nameservers\": [\"NODELOCALDNS_IP_VALUE\"], \"options\": [{\"name\": \"timeout\", \"value\":  \"TIMEOUT_VALUE\"}, {\"name\": \"ndots\", \"value\": \"NDOTS_VALUE\"}, {\"name\": \"attempts\", \"value\": \"ATTEMPTS_VALUE\"}], \"searches\": [\"svc.CLUSTERDOMAIN_VALUE\",\"ns.svc.CLUSTERDOMAIN_VALUE\"]}}, {\"op\": \"replace\", \"path\": \"/spec/dnsPolicy\", \"value\": \"None\"}]"
+patch = "[{\"op\": \"add\", \"path\": \"/spec/dnsConfig\", \"value\": {\"nameservers\": [\"NODELOCALDNS_IP_VALUE\"], \"options\": [{\"name\": \"timeout\", \"value\":  \"TIMEOUT_VALUE\"}, {\"name\": \"ndots\", \"value\": \"NDOTS_VALUE\"}, {\"name\": \"attempts\", \"value\": \"ATTEMPTS_VALUE\"}], \"searches\": [\"svc.CLUSTERDOMAIN_VALUE\"]}}, {\"op\": \"replace\", \"path\": \"/spec/dnsPolicy\", \"value\": \"None\"}]"
 
 char_to_replace = {'TIMEOUT_VALUE': timeout, 'NDOTS_VALUE': ndots, 'ATTEMPTS_VALUE': attempts, 'NODELOCALDNS_IP_VALUE': nodelocaldns_ip, 'CLUSTERDOMAIN_VALUE': cluster_name}
 for key, value in char_to_replace.items():

resources/env

@@ -1 +1 @@
-VERSION 0.0.37-SNAPSHOT
+VERSION 0.0.37