Skip to content

feat: Add webhook integration guide (Phase 3)#381

Draft
Alan-Cha wants to merge 2 commits into
feat/vault-fetcher-clifrom
feat/vault-docs-polish
Draft

feat: Add webhook integration guide (Phase 3)#381
Alan-Cha wants to merge 2 commits into
feat/vault-fetcher-clifrom
feat/vault-docs-polish

Conversation

@Alan-Cha
Copy link
Copy Markdown
Contributor

@Alan-Cha Alan-Cha commented May 7, 2026

Summary

Phase 3 of the Vault pattern: Webhook integration documentation and Kubernetes manifests.

Stacked on: #380 (Phase 2 - vault-fetcher CLI)

This PR provides complete documentation for integrating vault-fetcher with the kagenti-operator webhook.

What This Adds

Documentation

  • WEBHOOK_INTEGRATION.md (450+ lines) — Complete integration guide
    • Webhook architecture and injection flow
    • Implementation guidance for kagenti-operator
    • Configuration examples
    • Testing and troubleshooting guides
    • Migration guide from manual to webhook injection

Kubernetes Manifests

  • configmap-vault-fetcher.yaml — Example ConfigMap for vault-fetcher configuration
  • example-deployment.yaml — Manual injection example (before webhook)

Key Content

Webhook Injection Logic

Shows how kagenti-operator should inject vault-fetcher:

  • Label-based injection (kagenti.io/vault-fetcher-inject: "true")
  • Init container specification
  • Volume mounts and ConfigMap mounting
  • Security context (non-root, read-only, seccomp)

Configuration Examples

  • Minimal (single secret)
  • Multiple secrets
  • With env file output
  • Kubernetes SA auth (without SPIFFE)

Vault Setup

Complete Vault JWT auth configuration:

  • Enable JWT auth method
  • Configure OIDC discovery (SPIRE)
  • Create roles with SPIFFE ID patterns
  • Create policies
  • Store secrets

Files Added

  • vault-fetcher/WEBHOOK_INTEGRATION.md (450+ lines)
  • vault-fetcher/k8s/configmap-vault-fetcher.yaml
  • vault-fetcher/k8s/example-deployment.yaml

Total: ~577 lines added

Stacked PR Structure

```
main
└─> #379 (Phase 1: authlib/vault)
└─> #380 (Phase 2: vault-fetcher CLI)
└─> THIS PR (Phase 3: Webhook integration)
```

Next Steps (Phase 4)

  • CI/CD pipeline for vault-fetcher image
  • Root-level documentation updates
  • Integration testing

Review Notes

This PR is documentation-only, no code changes. Focus review on:

  1. Completeness: Does the guide cover all integration scenarios?
  2. Clarity: Is the webhook implementation guidance clear?
  3. Examples: Are the Kubernetes manifests realistic and usable?
  4. Troubleshooting: Does it cover common issues?

Assisted-By: Claude (Anthropic AI) noreply@anthropic.com

Alan-Cha added 2 commits May 7, 2026 11:20
@Alan-Cha
feat: add webhook integration guide (Phase 3)
a95577d 
Add documentation and Kubernetes manifests for webhook integration.

This completes Phase 3 of the Vault pattern implementation. Provides:
- Webhook integration architecture and design
- Example Kubernetes manifests (ConfigMap, Deployment)
- Webhook implementation guidance for kagenti-operator
- Testing and troubleshooting guides
- Migration guide from manual to webhook injection

Files added:
- vault-fetcher/WEBHOOK_INTEGRATION.md (450+ lines) — Integration guide
- vault-fetcher/k8s/configmap-vault-fetcher.yaml — Example ConfigMap
- vault-fetcher/k8s/example-deployment.yaml — Manual injection example

Next steps (Phase 4):
- Add CI/CD pipeline for vault-fetcher image
- Create demo scenario
- Update root CLAUDE.md files
- Integration testing

Ref: #vault-pattern
Stacked on: #380

Signed-off-by: Alan Cha <Alan.cha1@ibm.com>
@Alan-Cha
feat: add CI/CD and documentation polish (Phase 4)
f39d58d 
Complete documentation and CI/CD integration for Vault pattern.

This completes Phase 4 (final phase) of the Vault pattern implementation:
- Add vault-fetcher to CI/CD build matrix
- Update root CLAUDE.md with vault-fetcher documentation
- Create comprehensive stacked PR workflow guide

Files modified:
- .github/workflows/build.yaml — Add vault-fetcher to build matrix
- CLAUDE.md — Document vault-fetcher in container images table

Files added:
- STACKED_PR_WORKFLOW.md (300+ lines) — Complete guide for stacked PR workflow and cascade rebase process

Documentation includes:
- Current stack structure
- Creating stacked PRs (manual and gh-stack)
- Critical rebase process when earlier branches change
- Handling conflicts
- Merging strategy
- Common scenarios and troubleshooting
- Best practices

This document is essential for maintaining the stacked PR workflow,
especially when review feedback requires changes to earlier branches.

Ref: #vault-pattern
Stacked on: PR #TBD (Phase 3)

Signed-off-by: Alan Cha <Alan.cha1@ibm.com>
@Alan-Cha Alan-Cha mentioned this pull request May 7, 2026
Draft
@Alan-Cha Alan-Cha mentioned this pull request May 13, 2026
Open
8 tasks
@clawgenti clawgenti mentioned this pull request May 25, 2026
Closed
@clawgenti clawgenti mentioned this pull request Jun 1, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

Kagenti Issue Prioritization
Status: New /:ToDo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Alan-Cha @rubambiza