MutatingWebhook
Definition
A MutatingWebhook in Kubernetes is a type of admission controller that intercepts requests to the Kubernetes API server before they are persisted to the etcd database. It allows for modifications to the incoming objects, such as adding or altering fields, labels, or annotations. This is useful for enforcing policies or injecting sidecars into pods automatically.
Secure Settings Example
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: example-mutating-webhook
webhooks:
- name: example.webhook.com
clientConfig:
service:
name: example-webhook-service
namespace: default
path: "/mutate"
caBundle: <base64-encoded-ca-cert>
rules:
- operations: ["CREATE"]
apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
admissionReviewVersions: ["v1"]
sideEffects: None
timeoutSeconds: 10
failurePolicy: Fail
Insecure Settings Example
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: insecure-mutating-webhook
webhooks:
- name: insecure.webhook.com
clientConfig:
service:
name: insecure-webhook-service
namespace: default
path: "/mutate"
caBundle: <base64-encoded-ca-cert>
rules:
- operations: ["*"]
apiGroups: ["*"]
apiVersions: ["*"]
resources: ["*"]
admissionReviewVersions: ["v1"]
sideEffects: None
timeoutSeconds: 30
failurePolicy: Ignore