bluepill

module
v0.0.0-...-450f3f5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2026 License: Apache-2.0

README

bluepill

Mutating admission controller for kubernetes that ensures restricted ingress.

alt text

Configuration

The hook services utilizes a mix of environment variables and files for configuration.

BLUEPILL_HTTP_PORT

Port that the webhook will listen on, defaults to 8443.

TLS

A mutating webhook can only be called on a TLS connection. Therefore a utility cli has been added to generate a self signed certificate for deploying bluepill.

Run go run cmd/certificate_generator/main.go bluepill default to get a secret containing certificate and private key.

BLUEPILL_HTTP_CERTIFICATE_FILE

Points to the mounted certificate file.

BLUEPILL_HTTP_KEY_FILE

Points to the mounted private key file.

BLUEPILL_ENFORCEMENT_WHITELIST_FILE

Points to the mounted whitelist file.

Whitelist format
name1=ip1
name2=ip2
...
nameN=ipN
BLUEPILL_ENFORCEMENT_ENFORCE

Indicates if the we should mutate or just log.

Deployment

The deploy/ folder contains all resources to get up and running except the secret containing the self signed certificate.

./setup-kind prepares a cluster where the functionality can be tested by running:

kubectl apply -f deploy/admission-webhook.yaml && kubectl apply -f deploy/test/ingress-blue.yaml

and then inspecting the ingress resource afterwards.

Directories

Path Synopsis
cmd
admission_controller command
certificate_generator command
internal
app
app/adaptors
generated
Package api provides primitives to interact with the openapi HTTP API.
 Package api provides primitives to interact with the openapi HTTP API.
morpheus
values

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.