This repository was archived by the owner on Jan 8, 2026. It is now read-only.
This repository was archived by the owner on Jan 8, 2026. It is now read-only.
Add PrePatch capabilities #7
Description
The idea is to be able to patch resources before they enter the cluster. This is useful in situations where mutations are involved and other tools (like Kyverno) are not powerful enough, for example:
Imagine the user wants to patch pods from a namespace to implement a custom pod affinity/anti-affinity not already covered by Kubernetes. Patching resources can solve this with ease. An examples:
apiVersion: reforma.prosimcorp.com/v1beta1
kind: PrePatch
metadata:
name: patch-gateway-pods
spec:
# Sources to look for the data to make wonderful patches
sources:
- apiVersion: v1
kind: Pod
# (optional)
#name: cluster-info
namespace: istio-gateways
# Target to apply patches to
target:
apiVersion: v1
kind: Pod
# (Optional) Should return a list with just one item if defined
# name: ^(istio-gateway-stable-)(.*)
namespace: istio-gateways
# (required) when to act. Admited operations are those admited by MutatingWebhookConfiguration
# Ref: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
operation: create
# The patch type. Currently, the only supported patch by MutatinWebhookConfiguration is JsonPatch
patchType: application/json-patch+json
# Templating section is where you can be creative to craft a patch
# Basically, if you know Helm templating and Kustomize patches, do what you want
template: |
{{- $targetList := (index . 0) -}}
{{- $sourceList := (index . 1) -}}
{{- $anotherSourceList := (index . 2) -}}
{{/* The rest of the patch here to spread the pods on your own */}}This will discussed internally, but if someone want to contribute or discuss about this topic, the discussion is open too