Kareem Khaled mohllal

## MarroMailerSMTPTransport.py
import sys

# Fix to marrow/mailer issue: https://github.com/marrow/mailer/issues/87#issuecomment-689586587
sys.modules["cgi.parse_qsl"] = None

from smtplib import SMTP, SMTP_SSL

from marrow.mailer import Mailer
from marrow.mailer.exc import TransportException
from marrow.mailer.transport.smtp import SMTPTransport

## AdmissionSecret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: kubernetes-sidecar-injector
type: Opaque
data:
  tls-cert-file: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JS...
  tls-private-key-file: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0t...

## AdmissionMutatingWebhookConfiguration.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
  name: kubernetes-sidecar-injector
webhooks:
- name: kubernetes-sidecar-injector.default.svc
  admissionReviewVersions:
    - v1
  sideEffects: "NoneOnDryRun"
  reinvocationPolicy: "Never"

## AdmissionService.yaml
apiVersion: v1
kind: Service
metadata:
  name: kubernetes-sidecar-injector
  labels:
    app.kubernetes.io/instance: kubernetes-sidecar-injector
spec:
  type: ClusterIP
  ports:
    - port: 443

## AdmissionDeployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-sidecar-injector
  labels:
    app.kubernetes.io/instance: kubernetes-sidecar-injector
spec:
  selector:
    matchLabels:
      app.kubernetes.io/instance: kubernetes-sidecar-injector

## _helpers.tpl
{{- define "kubernetes-sidecar-injector.service.fullname" -}}
{{- default ( printf "%s.%s.svc" (include "kubernetes-sidecar-injector.serviceName" .) .Release.Namespace ) }}
{{- end }}

{{- define "kubernetes-sidecar-injector.gen-certs" -}}
{{- $expiration := (.Values.admission.ca.expiration | int) -}}
{{- if (or (empty .Values.admission.ca.cert) (empty .Values.admission.ca.key)) -}}
{{- $ca :=  genCA "kubernetes-sidecar-injector-ca" $expiration -}}
{{- template "kubernetes-sidecar-injector.gen-client-tls" (dict "RootScope" . "CA" $ca) -}}
{{- end -}}

## Mutate.ts
import * as jsonpatch from 'fast-json-patch';

const mutate = (admissionReviewRequest: V1AdmissionRequest<V1Pod>): V1AdmissionResponse => {
  const admissionReviewResponse: V1AdmissionResponse = {
    allowed: true,
    uid: admissionReviewRequest.uid,
  };

  // get the pod object and clone it
  const originalPod = admissionReviewRequest.object as V1Pod;

## AdmissionResponse.json
{
  "apiVersion": "admission.k8s.io/v1",
  "kind": "AdmissionReview",
  "response": {
    "uid": "075a1336-0165-41e0-b0ac-8705883f1c41",
    "allowed": true,
    "patch": "W3sib3AiOiJhZGQiLCJwYXRoIjoiL3NwZWMvY29udG...",
    "patchType": "JSONPatch"
  }
}

## AdmissionRequest.json
{
  "apiVersion": "admission.k8s.io/v1",
  "kind": "AdmissionReview",
  "request": {
    "uid": "075a1336-0165-41e0-b0ac-8705883f1c41",
    "dryRun": false,
    "namespace": "default",
    "...": "..."
    "object": {
      "apiVersion": "v1",
	import sys

	# Fix to marrow/mailer issue: https://github.com/marrow/mailer/issues/87#issuecomment-689586587
	sys.modules["cgi.parse_qsl"] = None

	from smtplib import SMTP, SMTP_SSL

	from marrow.mailer import Mailer
	from marrow.mailer.exc import TransportException
	from marrow.mailer.transport.smtp import SMTPTransport
	apiVersion: v1
	kind: Secret
	metadata:
	name: kubernetes-sidecar-injector
	type: Opaque
	data:
	tls-cert-file: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JS...
	tls-private-key-file: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0t...
	apiVersion: admissionregistration.k8s.io/v1
	kind: MutatingWebhookConfiguration
	metadata:
	name: kubernetes-sidecar-injector
	webhooks:
	- name: kubernetes-sidecar-injector.default.svc
	admissionReviewVersions:
	- v1
	sideEffects: "NoneOnDryRun"
	reinvocationPolicy: "Never"
	apiVersion: v1
	kind: Service
	metadata:
	name: kubernetes-sidecar-injector
	labels:
	app.kubernetes.io/instance: kubernetes-sidecar-injector
	spec:
	type: ClusterIP
	ports:
	- port: 443
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: kubernetes-sidecar-injector
	labels:
	app.kubernetes.io/instance: kubernetes-sidecar-injector
	spec:
	selector:
	matchLabels:
	app.kubernetes.io/instance: kubernetes-sidecar-injector
	{{- define "kubernetes-sidecar-injector.service.fullname" -}}
	{{- default ( printf "%s.%s.svc" (include "kubernetes-sidecar-injector.serviceName" .) .Release.Namespace ) }}
	{{- end }}

	{{- define "kubernetes-sidecar-injector.gen-certs" -}}
	{{- $expiration := (.Values.admission.ca.expiration \| int) -}}
	{{- if (or (empty .Values.admission.ca.cert) (empty .Values.admission.ca.key)) -}}
	{{- $ca := genCA "kubernetes-sidecar-injector-ca" $expiration -}}
	{{- template "kubernetes-sidecar-injector.gen-client-tls" (dict "RootScope" . "CA" $ca) -}}
	{{- end -}}
	import * as jsonpatch from 'fast-json-patch';

	const mutate = (admissionReviewRequest: V1AdmissionRequest<V1Pod>): V1AdmissionResponse => {
	const admissionReviewResponse: V1AdmissionResponse = {
	allowed: true,
	uid: admissionReviewRequest.uid,
	};

	// get the pod object and clone it
	const originalPod = admissionReviewRequest.object as V1Pod;
	{
	"apiVersion": "admission.k8s.io/v1",
	"kind": "AdmissionReview",
	"response": {
	"uid": "075a1336-0165-41e0-b0ac-8705883f1c41",
	"allowed": true,
	"patch": "W3sib3AiOiJhZGQiLCJwYXRoIjoiL3NwZWMvY29udG...",
	"patchType": "JSONPatch"
	}
	}
	{
	"apiVersion": "admission.k8s.io/v1",
	"kind": "AdmissionReview",
	"request": {
	"uid": "075a1336-0165-41e0-b0ac-8705883f1c41",
	"dryRun": false,
	"namespace": "default",
	"...": "..."
	"object": {
	"apiVersion": "v1",