Kubernetes Mutating Webhook

The Kubernetes Mutating Webhook has two parts, the Injector and the Syncer.

The Injector uses a YAML definition that maps secrets in a DSV tenant to variables in the Kubernetes secrets area. It runs when the cluster starts, sets these variables, and populates them with the secrets data from DSV.

Then the Syncer runs as a cron task, generally every minute, that updates the Kubernetes environment with updates that happen in DSV.

Architecture

The illustration shows an example of a Kubernetes Mutating Webhook architecture implementation.

Kubernetes Mutating Webhook Architecture

Implementing the Kubernetes Mutating Webhook

Tools for implementing the Kubernetes Mutating Webhook are found on the GitHub page for the Kubernetes Secrets Injector and Syncer.