Initial release

.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,11 @@
+# Code of Conduct
+
+## Introduction
+
+Diversity and inclusion make our community strong. We encourage participation from the most varied and diverse backgrounds possible and want to be very clear about where we stand.
+
+Our goal is to maintain a safe, helpful and friendly community for everyone, regardless of experience, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, nationality, or other defining characteristic.
+
+This code and related procedures also apply to unacceptable behavior occurring outside the scope of community activities, in all community venues (online and in-person) as well as in all one-on-one communications, and anywhere such behavior has the potential to adversely affect the safety and well-being of community members.
+
+For more information on our code of conduct, please visit [https://slackhq.github.io/code-of-conduct](https://slackhq.github.io/code-of-conduct)

.github/CONTRIBUTING.md

@@ -0,0 +1,60 @@
+# Contributors Guide
+
+Interested in contributing? Awesome! Before you do though, please read our
+[Code of Conduct](https://slackhq.github.io/code-of-conduct). We take it very seriously, and expect that you will as
+well.
+
+There are many ways you can contribute! :heart:
+
+### Bug Reports and Fixes :bug:
+-  If you find a bug, please search for it in the [Issues](https://github.com/slackhq/simple-kubernetes-webhook/issues), and if it isn't already tracked,
+   [create a new issue](https://github.com/slackhq/simple-kubernetes-webhook/issues/new). Fill out the "Bug Report" section of the issue template. Even if an Issue is closed, feel free to comment and add details, it will still
+   be reviewed.
+-  Issues that have already been identified as a bug (note: able to reproduce) will be labelled `bug`.
+-  If you'd like to submit a fix for a bug, [send a Pull Request](#creating_a_pull_request) and mention the Issue number.
+  -  Include tests that isolate the bug and verifies that it was fixed.
+
+### New Features :bulb:
+-  If you'd like to add new functionality to this project, describe the problem you want to solve in a [new Issue](https://github.com/slackhq/simple-kubernetes-webhook/issues/new).
+-  Issues that have been identified as a feature request will be labelled `enhancement`.
+-  If you'd like to implement the new feature, please wait for feedback from the project
+   maintainers before spending too much time writing the code. In some cases, `enhancement`s may
+   not align well with the project objectives at the time.
+
+### Tests :mag:, Documentation :books:, Miscellaneous :sparkles:
+-  If you'd like to improve the tests, you want to make the documentation clearer, you have an
+   alternative implementation of something that may have advantages over the way its currently
+   done, or you have any other change, we would be happy to hear about it!
+  -  If its a trivial change, go ahead and [send a Pull Request](#creating_a_pull_request) with the changes you have in mind.
+  -  If not, [open an Issue](https://github.com/slackhq/simple-kubernetes-webhook/issues/new) to discuss the idea first.
+
+If you're new to our project and looking for some way to make your first contribution, look for
+Issues labelled `good first contribution`.
+
+## Requirements
+
+For your contribution to be accepted:
+
+- [x] You must have signed the [Contributor License Agreement (CLA)](https://cla-assistant.io/slackhq/simple-kubernetes-webhook).
+- [x] The test suite must be complete and pass.
+- [x] The changes must be approved by code review.
+- [x] Commits should be atomic and messages must be descriptive. Related issues should be mentioned by Issue number.
+
+If the contribution doesn't meet the above criteria, you may fail our automated checks or a maintainer will discuss it with you. You can continue to improve a Pull Request by adding commits to the branch from which the PR was created.
+
+[Interested in knowing more about about pull requests at Slack?](https://slack.engineering/on-empathy-pull-requests-979e4257d158#.awxtvmb2z)
+
+## Creating a Pull Request
+
+1.  :fork_and_knife: Fork the repository on GitHub.
+2.  :runner: Clone/fetch your fork to your local development machine. It's a good idea to run the tests just
+    to make sure everything is in order.
+3.  :herb: Create a new branch and check it out.
+4.  :crystal_ball: Make your changes and commit them locally. Magic happens here!
+5.  :arrow_heading_up: Push your new branch to your fork. (e.g. `git push username fix-issue-16`).
+6.  :inbox_tray: Open a Pull Request on github.com from your new branch on your fork to `master` in this
+    repository.
+
+## Maintainers
+
+There are more details about processes and workflow in the [Maintainer's Guide](./maintainers_guide.md).

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,48 @@
+### Description
+
+Describe your issue here.
+
+### What type of issue is this? (place an `x` in one of the `[ ]`)
+- [ ] bug
+- [ ] enhancement (feature request)
+- [ ] question
+- [ ] documentation related
+- [ ] testing related
+- [ ] discussion
+
+### Requirements (place an `x` in each of the `[ ]`)
+* [ ] I've read and understood the [Contributing guidelines](https://github.com/slackhq/simple-kubernetes-webhook/blob/master/.github/contributing.md) and have done my best effort to follow them.
+* [ ] I've read and agree to the [Code of Conduct](https://slackhq.github.io/code-of-conduct).
+* [ ] I've searched for any related issues and avoided creating a duplicate issue.
+
+---
+
+### Bug Report
+
+Filling out the following details about bugs will help us solve your issue sooner.
+
+#### Reproducible in:
+
+simple-kubernetes-webhook version:
+
+Go version:
+
+OS version(s):
+
+#### Steps to reproduce:
+
+1.
+2.
+3.
+
+#### Expected result:
+
+What you expected to happen
+
+#### Actual result:
+
+What actually happened
+
+#### Attachments:
+
+Logs, screenshots, screencast, sample project, funny gif, etc.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,16 @@
+###  Summary
+
+Describe the goal of this PR. Mention any related Issue numbers.
+
+### Requirements (place an `x` in each `[ ]`)
+
+* [ ] I've read and understood the [Contributing Guidelines](https://github.com/slackhq/simple-kubernetes-webhook/blob/master/.github/contributing.md) and have done my best effort to follow them.
+* [ ] I've read and agree to the [Code of Conduct](https://slackhq.github.io/code-of-conduct).
+
+> The following point can be removed after setting up CI (such as Travis) with coverage reports (such as Codecov)
+
+* [ ] I've written tests to cover the new code and functionality included in this PR.
+
+> The following point can be removed after setting up a CLA reporting tool such as cla-assistant.io
+
+* [ ] I've read, agree to, and signed the [Contributor License Agreement (CLA)](https://cla-assistant.io/slackhq/simple-kubernetes-webhook).

.github/maintainers_guide.md

@@ -0,0 +1,83 @@
+# Maintainers Guide
+
+This document describes tools, tasks and workflow that one needs to be familiar with in order to effectively maintain
+this project. If you use this package within your own software as is but don't plan on modifying it, this guide is
+**not** for you.
+
+## Tools (optional)
+
+Tools, dependencies, or other programs someone maintaining this project needs to be familiar with:
+* Kubernetes
+* Go
+* Docker
+* Kind
+
+## Tasks
+
+### Testing
+
+Unit can be run like so:
+```
+❯ go test ./...
+?   	github.com/slackhq/simple-kubernetes-webhook	[no test files]
+ok  	github.com/slackhq/simple-kubernetes-webhook/pkg/admission	0.743s
+ok  	github.com/slackhq/simple-kubernetes-webhook/pkg/mutation	1.065s
+ok  	github.com/slackhq/simple-kubernetes-webhook/pkg/validation	0.413s
+```
+
+### TLS certificate
+Kubernetes only allows admission webhooks running with `https`. To generate a TLS secret, run [`./dev/gen-certs.sh`](/dev/gen-certs.sh). The base64 caBundle needs to be manually copied and pasted in the `MutatingWebhookConfiguration` and `ValidattingWebhookConfiguration` at [`./dev/manifests/cluster-config/`](./dev/manifests/cluster-config/)
+
+### Logs
+The logs level defaults to `debug` and can be set with the env var:
+```
+LOG_LEVEL=info
+```
+The logs format defaults to `text` and can be set to `json` with the env var:
+```
+LOG_JSON=true
+```
+
+### Releasing
+
+N/A: this demo project is not released
+
+## Workflow
+
+### Versioning and Tags
+
+N/A: this demo project is not released
+
+### Branches
+
+The `main` branch is where active development occurs, feel free to name your feature / bug fix branch what your heart desires.
+
+### Issue Management
+
+Labels are used to run issues through an organized workflow. Here are the basic definitions:
+
+*  `bug`: A confirmed bug report. A bug is considered confirmed when reproduction steps have been
+   documented and the issue has been reproduced.
+*  `enhancement`: A feature request for something this package might not already do.
+*  `docs`: An issue that is purely about documentation work.
+*  `tests`: An issue that is purely about testing work.
+*  `needs feedback`: An issue that may have claimed to be a bug but was not reproducible, or was otherwise missing some information.
+*  `discussion`: An issue that is purely meant to hold a discussion. Typically the maintainers are looking for feedback in this issues.
+*  `question`: An issue that is like a support request because the user's usage was not correct.
+*  `semver:major|minor|patch`: Metadata about how resolving this issue would affect the version number.
+*  `security`: An issue that has special consideration for security reasons.
+*  `good first contribution`: An issue that has a well-defined relatively-small scope, with clear expectations. It helps when the testing approach is also known.
+*  `duplicate`: An issue that is functionally the same as another issue. Apply this only if you've linked the other issue by number.
+
+> You may want to add more labels for subsystems of your project, depending on how complex it is.
+
+**Triage** is the process of taking new issues that aren't yet "seen" and marking them with a basic
+level of information with labels. An issue should have **one** of the following labels applied:
+`bug`, `enhancement`, `question`, `needs feedback`, `docs`, `tests`, or `discussion`.
+
+Issues are closed when a resolution has been reached. If for any reason a closed issue seems
+relevant once again, reopening is great and better than creating a duplicate issue.
+
+## Everything else
+
+When in doubt, find the other maintainers and ask.

Dockerfile

@@ -0,0 +1,21 @@
+# syntax=docker/dockerfile:experimental
+# ---
+FROM golang:1.16 AS build
+
+ENV GOOS=linux
+ENV GOARCH=amd64
+ENV CGO_ENABLED=0
+
+WORKDIR /work
+COPY . /work
+
+# Build admission-webhook
+RUN --mount=type=cache,target=/root/.cache/go-build,sharing=private \
+  go build -o bin/admission-webhook .
+
+# ---
+FROM scratch AS run
+
+COPY --from=build /work/bin/admission-webhook /usr/local/bin/
+
+CMD ["admission-webhook"]

LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) Slack Technologies, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Makefile

@@ -0,0 +1,84 @@
+.PHONY: test
+test:
+	@echo "\n🛠️  Running unit tests..."
+	go test ./...
+
+.PHONY: build
+build:
+	@echo "\n🔧  Building Go binaries..."
+	GOOS=darwin GOARCH=amd64 go build -o bin/admission-webhook-darwin-amd64 .
+	GOOS=linux GOARCH=amd64 go build -o bin/admission-webhook-linux-amd64 .
+
+.PHONY: docker-build
+docker-build:
+	@echo "\n📦 Building simple-kubernetes-webhook Docker image..."
+	docker build -t simple-kubernetes-webhook:latest .
+
+# From this point `kind` is required
+.PHONY: cluster
+cluster:
+	@echo "\n🔧 Creating Kubernetes cluster..."
+	kind create cluster --config dev/manifests/kind/kind.cluster.yaml
+
+.PHONY: delete-cluster
+delete-cluster:
+	@echo "\n♻️  Deleting Kubernetes cluster..."
+	kind delete cluster
+
+.PHONY: push
+push: docker-build
+	@echo "\n📦 Pushing admission-webhook image into Kind's Docker daemon..."
+	kind load docker-image simple-kubernetes-webhook:latest
+
+.PHONY: deploy-config
+deploy-config:
+	@echo "\n⚙️  Applying cluster config..."
+	kubectl apply -f dev/manifests/cluster-config/
+
+.PHONY: delete-config
+delete-config:
+	@echo "\n♻️  Deleting Kubernetes cluster config..."
+	kubectl delete -f dev/manifests/cluster-config/
+
+.PHONY: deploy
+deploy: push delete deploy-config
+	@echo "\n🚀 Deploying simple-kubernetes-webhook..."
+	kubectl apply -f dev/manifests/webhook/
+
+.PHONY: delete
+delete:
+	@echo "\n♻️  Deleting simple-kubernetes-webhook deployment if existing..."
+	kubectl delete -f dev/manifests/webhook/ || true
+
+.PHONY: pod
+pod:
+	@echo "\n🚀 Deploying test pod..."
+	kubectl apply -f dev/manifests/pods/lifespan-seven.pod.yaml
+
+.PHONY: delete-pod
+delete-pod:
+	@echo "\n♻️ Deleting test pod..."
+	kubectl delete -f dev/manifests/pods/lifespan-seven.pod.yaml
+
+.PHONY: bad-pod
+bad-pod:
+	@echo "\n🚀 Deploying \"bad\" pod..."
+	kubectl apply -f dev/manifests/pods/bad-name.pod.yaml
+
+.PHONY: delete-bad-pod
+delete-bad-pod:
+	@echo "\n🚀 Deleting \"bad\" pod..."
+	kubectl delete -f dev/manifests/pods/bad-name.pod.yaml
+
+.PHONY: taint
+taint:
+	@echo "\n🎨 Taining Kubernetes node.."
+	kubectl taint nodes kind-control-plane "acme.com/lifespan-remaining"=4:NoSchedule
+
+.PHONY: logs
+logs:
+	@echo "\n🔍 Streaming simple-kubernetes-webhook logs..."
+	kubectl logs -l app=simple-kubernetes-webhook -f
+
+.PHONY: delete-all
+delete-all: delete delete-config delete-pod delete-bad-pod