Tcpdump-webhook - Toy Sidecar Injection with Mutating Webhook

tcpdump-webhook

A simple demonstration of Kubernetes Mutating Webhooks. Injects a tcpdump sidecar to your pods with the tcpdump-sidecar label.

Rewrite of https://github.com/bilalunalnet/k8s-tcpdump-webhook in Golang

DISCLAIMER: THIS IS NOT MEANT FOR PRODUCTION

Build and Deploy

In order to get your sidecar containers running you need to build the following image too: https://github.com/dyslexicat/tcpdump-alpine

Build docker image;

docker build -t dyslexicat/tcpdump-webhook .

Generate ca in /tmp cfssl gencert -initca ./tls/ca-csr.json | cfssljson -bare /tmp/ca

Generate private key and certificate for SSL connection.

cfssl gencert \
  -ca=/tmp/ca.pem \
  -ca-key=/tmp/ca-key.pem \
  -config=./tls/ca-config.json \
  -hostname="tcpdump-webhook,tcpdump-webhook.webhook-demo.svc.cluster.local,tcpdump-webhook.webhook-demo.svc,localhost,127.0.0.1" \
  -profile=default \
  ./tls/ca-csr.json | cfssljson -bare /tmp/tcpdump-webhook

Move your SSL key and certificate to the ssl directory: mv /tmp/tcpdump-webhook.pem ./ssl/tcpdump.pem mv /tmp/tcpdump-webhook-key.pem ./ssl/tcpdump.key

Update ConfigMap data in the manifest/webhook-deployment.yaml file with your key and certificate.

Update caBundle value in the manifest/webhook-configuration.yaml file with your base64 encoded CA certificate.

cat ca.pem | base64

kubectl create ns webhook-demo
kubectl apply -f manifest/webhook-deployment.yaml
kubectl apply -f manifest/webhook-configuration.yaml

Test

There is a Pod manifest file in the manifest directory to be used for testing purposes.

Owner
Alp Kahvecioglu
0xffff
Alp Kahvecioglu
https://github.com/dyslexicat/tcpdump-webhook
Similar Resources

Bitemporal - Toy Bitemporal Database. Learning by doing

bitemporal ⌛ Building intuition about bitemporal databases by building one for m

Dec 22, 2022

🔑 Kubernetes Authentication & Authorization WebHook Server

🔑 Kubernetes Authentication & Authorization WebHook Server

Guard Guard by AppsCode is a Kubernetes Webhook Authentication server. Using guard, you can log into your Kubernetes cluster using various auth provid

Dec 16, 2022

The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the operator-sdk or controller-runtime.

k8s-generic-webhook The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the opera

Nov 24, 2022

(WIP) Extremely simple unixway GitHub webhook listener for push event

(WIP) puffy Puffy is an extremely simple unixway GitHub webhook listener and handler for push events Todo Add payload signature validation (WIP) Depen

Oct 15, 2022

HSDP Metrics alerts webhook broker and CF events forwarder for Microsoft Teams

hsdp-events Microservice helper to translate HSDP Metrics webhooks to Microsoft Teams webhooks Configuration Environment Description EVENTS_TOKEN Rand

Mar 18, 2022

Slack Incoming Webhook for Go

Slack Incoming Webhook for Go Installation go get github.com/loyalid/slack-incoming-webhook-go Usage import "github.com/loyalid/slack-incoming-webhook

Oct 28, 2021

Example Pod webhook

Pod Webhook Example Local Development # Create a local cluster. kind create cluster # Setup cluster dependencies (cert-manager). ./hack/setup.sh # D

Nov 30, 2021

Kubernetes Webhook used for image mutations

Table of Contents About Imagswap Getting Started Prerequisites Installation Usage Roadmap Contributing License Contact Acknowledgments About The Proje

Mar 7, 2022

Microservice we use to post reddit posts to a webhook

TypicalBot Reddit Webhook Poster Microservice we use to post reddit posts to a webhook. How to run The SHARED_API environment variable is to hook into

Dec 5, 2021
Related tags
DevOps Tools tcpdump-webhook
Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark
 Kubectl plugin to ease sniffing on kubernetes pods using tcpdump and wireshark

ksniff A kubectl plugin that utilize tcpdump and Wireshark to start a remote capture on any pod in your Kubernetes cluster. You get the full power of

Jan 4, 2023
Go framework to create Kubernetes mutating and validating webhooks
 Go framework to create Kubernetes mutating and validating webhooks

kubewebhook Kubewebhook is a small Go framework to create external admission webhooks for Kubernetes. With Kubewebhook you can make validating and mut

Jan 4, 2023
webhook is a lightweight incoming webhook server to run shell commands
 webhook is a lightweight incoming webhook server to run shell commands

What is webhook? webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, whi

Jan 5, 2023
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
 A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Oct 15, 2022
Kubernetes webhook development (validating admission webhook) tutorial using kubewebhook

pod-exec-guard-kubewebhook-tutorial Introduction This is a tutorial that shows how to develop a Kubernetes admission webhook. To explain this, the tut

Aug 26, 2022
Webhook-server - Webhook Server for KubeDB resources

webhook-server Webhook Server for KubeDB resources Installation To install KubeD

Feb 22, 2022
A docker container that can be deployed as a sidecar on any kubernetes pod to monitor PSI metrics

CgroupV2 PSI Sidecar CgroupV2 PSI Sidecar can be deployed on any kubernetes pod with access to cgroupv2 PSI metrics. About This is a docker container

Nov 23, 2021
Helper sidecar for exposing Prometheus metrics as service

metrics-server-go Helper sidecar service for exposing prometheus metrics. Application expose endpoints to update defined metrics. Whats inside? The se

Feb 3, 2022
Cmsnr - cmsnr (pronounced "commissioner") is a lightweight framework for running OPA in a sidecar alongside your applications in Kubernetes.

cmsnr Description cmsnr (pronounced "commissioner") is a lightweight framework for running OPA in a sidecar alongside your applications in Kubernetes.

Jan 13, 2022
A toy project to play music (aha, Nose in fact) through Prometheus metrics

tiplay A toy project to play music (aha, mostly Noise in fact) through Prometheu

Jan 12, 2022