All Products
Search
Document Center

Container Service for Kubernetes:ack-kubernetes-webhook-injector

Last Updated:Aug 18, 2023

In scenarios where fine-grained permission control is required, you may need to dynamically add pod IP addresses to specific whitelists of Alibaba Cloud services. You may also need to remove the pod IP addresses from specific whitelists of Alibaba Cloud services. You can use ack-kubernetes-webhook-injector to perform these operations. This requires you to add annotations to pod configurations. This topic describes the usage notes and release notes for ack-kubernetes-webhook-injector.

Introduction

ack-kubernetes-webhook-injector is a Kubernetes component that can be used to add pod IP addresses to or remove pod IP addresses from the whitelists of a variety of Alibaba Cloud services. This frees you from manual operations to do this. The following figure shows the architecture of ack-kubernetes-webhook-injector.webhook

Usage notes

For more information about how to use ack-kubernetes-webhook-injector, see Dynamically add the IP addresses of pods to the whitelists of Alibaba Cloud services.

Release notes

August 2023

Version

Image address

Release date

Description

Impact

v0.0.10-1aee579

registry-vpc.cn-hangzhou.aliyuncs.com/acs/k8s-webhook-injector:v0.0.10-1aee579

2023-08-03

  • The component configuration can be modified to specify the public endpoint or internal endpoint of an Alibaba Cloud service.

  • The ack.aliyun.com/redis_white_list_name annotation is used to specify ApsaraDB for Redis instance whitelists.

  • Multiple replicated pods are supported by the Deployment that is created for the component.

No impact on workloads

April 2021

Version

Image address

Release date

Description

Impact

v0.0.3-d63ac7e

registry-vpc.cn-hangzhou.aliyuncs.com/acs/k8s-webhook-injector:v0.0.3-d63ac7e

2021-04-12

Access control of Server Load Balancer (SLB) instances is supported.

No impact on workloads