Skip to content
/ bluepill Public

Mutating admission controller for kubernetes that ensures restricted ingress

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hoeg/bluepill

BranchesTags

Repository files navigation

bluepill

Mutating admission controller for kubernetes that ensures restricted ingress.

alt text

Configuration

The hook services utilizes a mix of environment variables and files for configuration.

BLUEPILL_HTTP_PORT

Port that the webhook will listen on, defaults to 8443.

TLS

A mutating webhook can only be called on a TLS connection. Therefore a utility cli has been added to generate a self signed certificate for deploying bluepill.

Run go run cmd/certificate_generator/main.go bluepill default to get a secret containing certificate and private key.

BLUEPILL_HTTP_CERTIFICATE_FILE

Points to the mounted certificate file.

BLUEPILL_HTTP_KEY_FILE

Points to the mounted private key file.

BLUEPILL_ENFORCEMENT_WHITELIST_FILE

Points to the mounted whitelist file.

Whitelist format

name1=ip1
name2=ip2
...
nameN=ipN

BLUEPILL_ENFORCEMENT_ENFORCE

Indicates if the we should mutate or just log.

Deployment

The deploy/ folder contains all resources to get up and running except the secret containing the self signed certificate.

./setup-kind prepares a cluster where the functionality can be tested by running:

kubectl apply -f deploy/admission-webhook.yaml && kubectl apply -f deploy/test/ingress-blue.yaml

and then inspecting the ingress resource afterwards.

About

Mutating admission controller for kubernetes that ensures restricted ingress

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

1.0.0 Latest
Apr 29, 2024

Packages

 
 
 

Contributors 2

  •  
  •  

Languages