Kubernetes Admission Controller
Based on How to build a Kubernetes Webhook | Admission controllers
Local Kuberbetes cluster
# create kubernetes cluster in docker
kind create cluster --name admission-controller --image kindest/node:v1.20.2
kubectl cluster-info --context kind-admission-controller
# delete kubernetes cluster
kind delete cluster --name admission-controller
Build and run docker image locally
cd src
docker build . -t namespace-notifier
docker run -it -e USE_KUBECONFIG=true --rm --net host -v ${HOME}/.kube/:/root/.kube/ -v ${PWD}:/app namespace-notifier sh
Build and push docker image
cd src
docker build . -t m99coder/namespace-notifier-webhook:v1
docker push m99coder/namespace-notifier-webhook:v1
Deployment
# apply secret, rbac, service and deployment
kubectl -n default apply -f ./tls/namespace-notifier-webhook-tls.yaml
kubectl -n default apply -f rbac.yaml
kubectl -n default apply -f deployment.yaml
# check running pods and only then apply the webhook
kubectl -n default get pods
kubectl -n default apply -f namespace-notifier-webhook.yaml
Demo
# apply namespace
kubectl create -f demo-namespace.yaml
# check logs
WEBHOOK_POD_NAME=`kubectl -n default get pods -l app=namespace-notifier-webhook -o json | jq -r '.items[0].metadata.name'`
kubectl logs $WEBHOOK_POD_NAME
# modify namespace
kubectl label namespaces demo foo=bar
kubectl get namespaces --show-labels
# unapply namespace
kubectl delete -f demo-namespace.yaml
kubectl logs $WEBHOOK_POD_NAME