secrets-webhook

Secrets Webhook

A Kubernetes mutating webhook that makes direct secret injection into Pods possible.

Documentation

The official documentation for the webhook is available at https://bank-vaults.dev.

Development

Install Go on your computer then run make deps to install the rest of the dependencies.

Make sure Docker is installed with Compose and Buildx.

Fetch required tools:

make deps

Run project dependencies:

make up

Run the webhook:

make -j run forward

Run the test suite:

make test
make test-e2e-local

Run linters:

make lint # pass -j option to run them in parallel

Some linter violations can automatically be fixed:

make fmt

Build artifacts locally:

make artifacts

Once you are done, you can tear down project dependencies:

make down

Running e2e tests

The project comes with an e2e test suite that is mostly self-contained, but at the very least, you need Docker installed.

By default, the suite launches a KinD cluster, deploys all necessary components and runs the test suite. This is a good option if you want to run the test suite to make sure everything works. This is also how the CI runs the test suite (with a few minor differences).

You can run the test suite by running the following commands:

make test-e2e-local

Another way to run the test suite is using an existing cluster. This may be a better option if you want to debug tests or figure out why something isn't working.

Set up a Kubernetes cluster of your liking. For example, launch a KinD cluster:

kind create cluster

Deploy the necessary components (including the webhook itself):

garden deploy

Run the test suite:

make BOOTSTRAP=false test-e2e

License

The project is licensed under the Apache 2.0 License.