We are using the kubernetes mutating webhook to mutate a request on creation of a pod. From what I understand, the api server makes a callback to an endpoint of a mutating web hook that matches certain rules of a request. The webhook now mutates the request by adding patches to it and sending it back to the api server.
An example patch:
[
{
"op": "add",
"path": "/metadata/annotations",
"value": {
"injected": "true"
}
}
]
My question is this - Is there a reference or a doc that shows how the patch endpoints work. I am referring to metadata/annotations here.
I have questions like -
addThere are several more patch endpoints for different objects. I have been trying to find these docs for some time now and couldn't.
I am not sure if this is the right place to ask this. Sorry if it isn't. Kindly point me to the right forum if there is one.
I am asking for the doc on the various ways this mutation can happen.
I think this can be found in this design proposal.
Mutating webhook does not patch an object because the object is not yet persisted in ETCD. Mutating web hooks gets a request from API Server. This request has AdmissionReview object in it.Mutating Webhook unmarshalls the AdmissionReview object, mutates it and then send back a response to API Server.
You will start with a basic web server, that supports SSL/TLS, and can read and respond in JSON format.In practice, you can use whatever programming language you’d like for this.Ideally though, use a language that already has K8S libraries so you don’t have to create our own object types; Go (naturally) has these, but there are also at least Python libraries you could use.
Here is an example in go.