add readme

Signed-off-by: stoneshi-yunify <[email protected]>

README.md

@@ -0,0 +1,34 @@
+# Volume Initializer
+
+# Introduction
+This project delivers a [mutating admission webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#mutatingadmissionwebhook) that can be used to initialize the pvc volumes of pod by injecting init containers into the pod.
+
+The pvc volumes will be mounted to the injected init containers, you can do anything you want to the volumes, such as changing the ownership/permissions/contents of the volumes, just before your original container starts.
+
+One typical usecase is using it to change the ownership/permissions of the volumes because your original containers are not running as root and unable to write data into the volumes.
+
+# Installation 
+
+## Deploy CRD
+```
+make install
+```
+
+## Deploy CR
+Create a volume initializer yaml and apply it.
+
+Take [this](config/samples/storage.kubesphere.io_v1alpha1_initializer.yaml) for example.
+
+## Deploy webhook
+```
+kubectl apply -f deploy/webhook-deployment.yaml
+```
+
+## Test 
+Create pod with pvc volumes to test.
+
+Take [this](config/samples/mongo-test.yaml) for example.
+
+# Limitations
+- If the pvc matches multiple pvcMatchers and init containers, only the first init container will be injected.
+

config/samples/mongo-test.yaml

@@ -0,0 +1,80 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: mongodb-test
+  labels:
+    app: mongodb-test
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongodb-test
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: mongodb-test
+    spec:
+      containers:
+        - name: container-tle280
+          image: 'registry.cn-hangzhou.aliyuncs.com/stoneshiyunify/mongodb:4.2.4-debian-10-r0'
+          ports:
+            - name: http-27017
+              containerPort: 27017
+              protocol: TCP
+          resources:
+            limits:
+              cpu: '1'
+              memory: 1Gi
+            requests:
+              cpu: '1'
+              memory: 1Gi
+          volumeMounts:
+            - name: ttt
+              mountPath: /bitnami/ttt
+            - name: mongodb
+              mountPath: /bitnami/mongodb
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      serviceAccountName: default
+      serviceAccount: default
+      securityContext: {}
+      schedulerName: default-scheduler
+  volumeClaimTemplates:
+    - kind: PersistentVolumeClaim
+      apiVersion: v1
+      metadata:
+        name: ttt
+        creationTimestamp: null
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi
+        storageClassName: local-path2
+        volumeMode: Filesystem
+    - kind: PersistentVolumeClaim
+      apiVersion: v1
+      metadata:
+        name: mongodb
+        creationTimestamp: null
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+            storage: 10Gi
+        storageClassName: local-path
+        volumeMode: Filesystem
+  serviceName: mongodb-u8yi
+  podManagementPolicy: OrderedReady
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      partition: 0
+  revisionHistoryLimit: 10

pkg/webhook/pod.go

@@ -143,7 +143,7 @@ func (a *Admitter) Decide(ctx context.Context, reqInfo *ReqInfo) *admissionv1.Ad
 				return toV1AdmissionResponse(err)
 			}
 			if pvcInitContainer == nil {
-				klog.Infof("no initContainer found for pvc %s", pvc.Name)
+				klog.Infof("no initContainer matches pvc %s", pvc.Name)
 				continue
 			}
 			if pvcInitContainer.MountPathRoot == "" {