IBM Cloud Pak foundational services webhook

The ibm-common-service-webhook operator is used to inject certain runtime requirements into a pod when the pod is created.

Overview

The ibm-common-service-webhook operator inserts the single-request-reopen requirement into the dnsConfig specification of the pods for solving a known DNS issue in OpenShift. For more information about the DNS issue, see DNS intermittent delays of 5s .

template:
  spec:
    dnsConfig:
      options:
        - name: single-request-reopen

Installation

The IBM Cloud Pak foundational services operator installs the ibm-common-service-webhook operator.

By default, the following PodPreset is deployed:

apiVersion: operator.ibm.com/v1alpha1
kind: PodPreset
metadata:
  name: ibm-common-service-webhook
  namespace: ibm-common-services
spec: {}

The webhook inserts all the pods in the ibm-common-service namespace.

Configuration (Optional)

If you want to set a label selector to the webhook or add other functions to the default PodPreset, you can complete these steps to configure the ibm-common-service-webhook operator.

1. Set a label selector in the PodPreset.
   Following is an example of a PodPreset that injects to pods with the label app: nginx in the nginx-namespace.

   apiVersion: operator.ibm.com/v1alpha1
   kind: PodPreset
   metadata:
     name: nginx-patch
     namespce: nginx-namespace
   spec:
     selector:
       matchLabels:
         app: nginx
   

2. Complete Kubernetes PodPreset configurations.
   In the following manifest, the PodPreset has a DB_PORT environment variable and a cache-volume volume mount, which is mounted under /cache. The selector specifies that the PodPreset must apply to any pod that has the label role: frontend.

Then, pods that are in the database namespace and have a label role: frontend apply the env, volumeMounts, and volumes fields to their containers.

apiVersion: operator.ibm.com/v1alpha1
kind: PodPreset
metadata:
  name: allow-database
  namespace: database
spec:
  selector:
    matchLabels:
      role: frontend
  env:
    - name: DB_PORT
      value: "6379"
  volumeMounts:
    - mountPath: /cache
      name: cache-volume
  volumes:
    - name: cache-volume
      emptyDir: {}