A Go framework designed to simplify the creation of Kubernetes mutating and validating admission webhooks for enhanced cluster security.
Go framework to create Kubernetes mutating and validating webhooks
kubewebhook is used by Kubernetes operators and developers to build custom admission webhooks that enforce policies and validate resources during creation or update, ensuring compliance and security within Kubernetes clusters. It streamlines the development of mutating and validating webhooks, enabling automation of security checks and infrastructure governance in DevSecOps workflows.
Users should have familiarity with Kubernetes admission webhooks and Go programming. Proper TLS configuration and Kubernetes API server webhook registration are required for secure and effective deployment. This framework does not provide CLI tools but serves as a library to build custom webhook servers.
Ensure Go is installed (version compatible with the project)
Run `go get github.com/slok/kubewebhook/v2` to install the library
Import kubewebhook in your Go project to start building webhooks
Build your webhook server using the framework's APIs
Deploy the webhook server in your Kubernetes cluster
Configure Kubernetes AdmissionWebhook configurations to point to your webhook servergo get github.com/slok/kubewebhook/v2
Installs the kubewebhook Go library for use in your projects.
import "github.com/slok/kubewebhook/v2/pkg/webhook/mutating"
Imports the mutating webhook package to create mutating admission controllers.
import "github.com/slok/kubewebhook/v2/pkg/webhook/validating"
Imports the validating webhook package to create validating admission controllers.
Create a webhook handler implementing the Mutator or Validator interface
Defines the logic for mutation or validation of Kubernetes resources.
Start the webhook server with `webhook.Run()`
Launches the webhook HTTP server to listen for admission requests.