
k8s admission webhook demo

Primary LanguageGoMIT LicenseMIT


It is a k8s admission webhook controller demo.

this demo covers 'ValidatingWebhook' and 'MutatingWebhook' the creating 'pod' must have 'Time' env key for 'Validating'; when pod created, you will find 'mutate-timestamp' annotation key and 'mutated-app' label key inject.


  1. build image.(this demo's image is arm arch, so you'd better build image by yourself)
make build-image
  1. load image to kind cluster (you could skip this step if not use 'kind' k8s cluster)
 kind load docker-image xxx:xxx  --name clustername
  1. apply
make apply


  • without 'Time' env key
$ kubectl run nginx --image nginx --env='FOO=BAR' -n webhook
Error from server (container nginx validate failed.env vars doesn't have 'Time' key): admission webhook "admission-demo.xiaoxlm.dev" denied the request: pod validating invalid
  • with 'Time' env key
$ kubectl run nginx --image nginx --env='Time=BAR' -n webhook
pod/nginx created
  • get mutated info
$ kubectl get pods nginx -o jsonpath={..labels}

$ kubectl get pods nginx -o jsonpath={..annotations}