Kubernetes Admission Controller Demo: Validating Webhook for Namespace lifecycle events

Overview

Kubernetes Admission Controller

Based on How to build a Kubernetes Webhook | Admission controllers

Local Kuberbetes cluster

# create kubernetes cluster in docker
kind create cluster --name admission-controller --image kindest/node:v1.20.2
kubectl cluster-info --context kind-admission-controller

# delete kubernetes cluster
kind delete cluster --name admission-controller

Build and run docker image locally

cd src
docker build . -t namespace-notifier
docker run -it -e USE_KUBECONFIG=true --rm --net host -v ${HOME}/.kube/:/root/.kube/ -v ${PWD}:/app namespace-notifier sh

Build and push docker image

cd src
docker build . -t m99coder/namespace-notifier-webhook:v1
docker push m99coder/namespace-notifier-webhook:v1

Deployment

# apply secret, rbac, service and deployment
kubectl -n default apply -f ./tls/namespace-notifier-webhook-tls.yaml
kubectl -n default apply -f rbac.yaml
kubectl -n default apply -f deployment.yaml

# check running pods and only then apply the webhook
kubectl -n default get pods
kubectl -n default apply -f namespace-notifier-webhook.yaml

Demo

# apply namespace
kubectl create -f demo-namespace.yaml

# check logs
WEBHOOK_POD_NAME=`kubectl -n default get pods -l app=namespace-notifier-webhook -o json | jq -r '.items[0].metadata.name'`
kubectl logs $WEBHOOK_POD_NAME

# modify namespace
kubectl label namespaces demo foo=bar
kubectl get namespaces --show-labels

# unapply namespace
kubectl delete -f demo-namespace.yaml
kubectl logs $WEBHOOK_POD_NAME

Resources

You might also like...
HSDP Metrics alerts webhook broker and CF events forwarder for Microsoft Teams

hsdp-events Microservice helper to translate HSDP Metrics webhooks to Microsoft Teams webhooks Configuration Environment Description EVENTS_TOKEN Rand

High-performance GitHub webhook events toolset for Go :rocket:
High-performance GitHub webhook events toolset for Go :rocket:

githubevents GitHub webhook events toolset for Go githubevents is a webhook events toolset for the Go programming language inspired by octokit/webhook

The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the operator-sdk or controller-runtime.

k8s-generic-webhook The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the opera

A command line tool for validating Kubernetes configs with rego

ccheck ccheck is a command line application for writing tests against configuration files and data using the rego query language. It's intended purpos

Go framework to create Kubernetes mutating and validating webhooks
Go framework to create Kubernetes mutating and validating webhooks

kubewebhook Kubewebhook is a small Go framework to create external admission webhooks for Kubernetes. With Kubewebhook you can make validating and mut

Knative Controller which emits cloud events when Knative Resources change state

Knative Sample Controller Knative sample-controller defines a few simple resources that are validated by webhook and managed by a controller to demons

Modular Kubernetes operator to manage the lifecycle of databases

Ensemble Ensemble is a simple and modular Kubernetes Operator to manage the lifecycle of a wide range of databases. Infrastructure as code with Kubern

Command kube-tmux prints Kubernetes context and namespace to tmux status line.

kube-tmux Command kube-tmux prints Kubernetes context and namespace to tmux status line.

The cortex-operator is a project to manage the lifecycle of Cortex in Kubernetes.

cortex-operator The cortex-operator is a project to manage the lifecycle of Cortex in Kubernetes. Project status: alpha Not all planned features are c

Owner
Marco Lehmann
Infrastructure @contentful. Postgres HA, K8s + Operators. Politics, History, Design, Art + LPs for private.
Marco Lehmann
Kubernetes Admission controller for golang

KCAdm Kubernetes Admission controller Test locally First create the required cer

Christos Kotsis 0 Dec 23, 2021
K8s-delete-protection - Kubernetes admission controller to avoid deleteing master nodes

k8s-delete-protection Admission Controller If you want to make your Kubernetes c

null 0 Jan 17, 2022
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Opstree Container Kit 112 Aug 25, 2022
vcluster - Create fully functional virtual Kubernetes clusters - Each cluster runs inside a Kubernetes namespace and can be started within seconds

Website • Quickstart • Documentation • Blog • Twitter • Slack vcluster - Virtual Clusters For Kubernetes Lightweight & Low-Overhead - Based on k3s, bu

Loft Labs 2k Sep 20, 2022
Image clone controller is a kubernetes controller to safe guard against the risk of container images disappearing

Image clone controller image clone controller is a kubernetes controller to safe guard against the risk of container images disappearing from public r

Jayadeep KM 0 Oct 10, 2021
A Controller written in kubernetes sample-controller style which watches a custom resource named Bookstore

bookstore-sample-controller A Controller written in kubernetes sample-controller style which watches a custom resource named Bookstore. A resource cre

Abdullah Al Shaad 0 Jan 20, 2022
webhook is a lightweight incoming webhook server to run shell commands

What is webhook? webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, whi

Adnan Hajdarević 8.2k Oct 2, 2022
Tcpdump-webhook - Toy Sidecar Injection with Mutating Webhook

tcpdump-webhook A simple demonstration of Kubernetes Mutating Webhooks. Injects

Alp Kahvecioglu 2 Feb 8, 2022
Webhook-server - Webhook Server for KubeDB resources

webhook-server Webhook Server for KubeDB resources Installation To install KubeD

Kubernetes Database 1 Feb 22, 2022
A kubernetes operator demo generated by code-generator, it only watches cr's events

intro a small operator demo which only watches car cr's events. environment: ubuntu-20.04-amd64 k3s-1.21 docker-20.10.7 go-1.17 tools code-generator d

shank 0 Dec 13, 2021