Kubernetes Mutating Webhook
The Kubernetes Mutating Webhook has two parts, the Injector and the Syncer.
The Injector uses a YAML definition that maps secrets in a DSV tenant to variables in the Kubernetes secrets area. It runs when the cluster starts, sets these variables, and populates them with the secrets data from DSV.
Then the Syncer runs as a cron
task, generally every minute, that updates the Kubernetes environment with updates that happen in DSV.
Architecture
The illustration shows an example of a Kubernetes Mutating Webhook architecture implementation.
Implementing the Kubernetes Mutating Webhook
Tools for implementing the Kubernetes Mutating Webhook are found on the GitHub page for the Kubernetes Secrets Injector and Syncer.