Skip to content

Kubernetes Custom Admission Controller to check Pod presence of Pod Labels

License

Notifications You must be signed in to change notification settings

k-e-r-n-e-l-p-a-n-i-c/validator

Repository files navigation

Validator

A custom Admission Controller written in Golang and Revel WebFramework to understand concepts of Kubernetes Admission Controllers

Certificate Generation

Communication between Kubernetes API server and custom admission controler webhook is secured by ssl certificates. Follow below steps to generate a self signed ssl certificate:

  1. Install cfssl utility on a linux OS.

    curl -s -L -o /usr/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
    curl -s -L -o /usr/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
    chmod +x /usr/bin/{cfssl,cfssljson}

  2. Initialize and generate necessary config files
    cfssl gencert -initca ca-csr.json | cfssljson -bare ca
    cfssl print-defaults csr > validator.json

  3. Generate certificates
    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=validator validator.json | cfssljson -bare validator

Build Docker Image

Build a Docker image using the Dockerfile available under the root directory of this folder. Tag and push the image to a registry.

Modification ( optional )

  1. If you have generated the certificates with a different name, update the below lines in the file 'app/conf/app.conf' to match the certificate names:
    http.sslcert = /go/src/label/{newname}.pem
    http.sslkey = /go/src/label/{newname}.pem
  2. Update the docker repository name in file app/k8/deployment.yaml under 'spec.containers.image' to match the image name generated by you.

About

Kubernetes Custom Admission Controller to check Pod presence of Pod Labels

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published