Kubernetes Admission Controller Demo: Validating Webhook for Namespace lifecycle events

Kubernetes Admission Controller

Based on How to build a Kubernetes Webhook | Admission controllers

Local Kuberbetes cluster

# create kubernetes cluster in docker
kind create cluster --name admission-controller --image kindest/node:v1.20.2
kubectl cluster-info --context kind-admission-controller

# delete kubernetes cluster
kind delete cluster --name admission-controller

Build and run docker image locally

cd src
docker build . -t namespace-notifier
docker run -it -e USE_KUBECONFIG=true --rm --net host -v ${HOME}/.kube/:/root/.kube/ -v ${PWD}:/app namespace-notifier sh

Build and push docker image

cd src
docker build . -t m99coder/namespace-notifier-webhook:v1
docker push m99coder/namespace-notifier-webhook:v1

Deployment

# apply secret, rbac, service and deployment
kubectl -n default apply -f ./tls/namespace-notifier-webhook-tls.yaml
kubectl -n default apply -f rbac.yaml
kubectl -n default apply -f deployment.yaml

# check running pods and only then apply the webhook
kubectl -n default get pods
kubectl -n default apply -f namespace-notifier-webhook.yaml

Demo

# apply namespace
kubectl create -f demo-namespace.yaml

# check logs
WEBHOOK_POD_NAME=`kubectl -n default get pods -l app=namespace-notifier-webhook -o json | jq -r '.items[0].metadata.name'`
kubectl logs $WEBHOOK_POD_NAME

# modify namespace
kubectl label namespaces demo foo=bar
kubectl get namespaces --show-labels

# unapply namespace
kubectl delete -f demo-namespace.yaml
kubectl logs $WEBHOOK_POD_NAME

Resources

Owner
Marco Lehmann
Infrastructure @contentful. Postgres HA, K8s + Operators. Politics, History, Design, Art + LPs for private.
Marco Lehmann
https://github.com/m99coder/k8s-admission-controller-demo
Similar Resources

HSDP Metrics alerts webhook broker and CF events forwarder for Microsoft Teams

hsdp-events Microservice helper to translate HSDP Metrics webhooks to Microsoft Teams webhooks Configuration Environment Description EVENTS_TOKEN Rand

Mar 18, 2022

High-performance GitHub webhook events toolset for Go :rocket:

High-performance GitHub webhook events toolset for Go :rocket:

githubevents GitHub webhook events toolset for Go githubevents is a webhook events toolset for the Go programming language inspired by octokit/webhook

Dec 24, 2022

The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the operator-sdk or controller-runtime.

k8s-generic-webhook The k8s-generic-webhook is a library to simplify the implementation of webhooks for arbitrary customer resources (CR) in the opera

Nov 24, 2022

A command line tool for validating Kubernetes configs with rego

ccheck ccheck is a command line application for writing tests against configuration files and data using the rego query language. It's intended purpos

Nov 16, 2022

Go framework to create Kubernetes mutating and validating webhooks

Go framework to create Kubernetes mutating and validating webhooks

kubewebhook Kubewebhook is a small Go framework to create external admission webhooks for Kubernetes. With Kubewebhook you can make validating and mut

Jan 4, 2023

Knative Controller which emits cloud events when Knative Resources change state

Knative Sample Controller Knative sample-controller defines a few simple resources that are validated by webhook and managed by a controller to demons

Oct 2, 2021

Command kube-tmux prints Kubernetes context and namespace to tmux status line.

kube-tmux Command kube-tmux prints Kubernetes context and namespace to tmux status line.

Sep 10, 2021

Good enough Kubernetes namespace visualization tool

Good enough Kubernetes namespace visualization tool

Kubesurveyor Good enough Kubernetes namespace visualization tool. No provisioning to a cluster required, only Kubernetes API is scrapped. Installation

Dec 7, 2022

K8s-ingress-health-bot - A K8s Ingress Health Bot is a lightweight application to check the health of the ingress endpoints for a given kubernetes namespace.

k8s-ingress-health-bot A K8s Ingress Health Bot is a lightweight application to check the health of qualified ingress endpoints for a given kubernetes

Jan 2, 2022
Related tags
DevOps Tools k8s namespaces admission-controller validating-admission-webhook
Kubernetes Admission controller for golang

KCAdm Kubernetes Admission controller Test locally First create the required cer

Dec 23, 2021
K8s-delete-protection - Kubernetes admission controller to avoid deleteing master nodes

k8s-delete-protection Admission Controller If you want to make your Kubernetes c

Nov 2, 2022
A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers
 A k8s vault webhook is a Kubernetes webhook that can inject secrets into Kubernetes resources by connecting to multiple secret managers

k8s-vault-webhook is a Kubernetes admission webhook which listen for the events related to Kubernetes resources for injecting secret directly from sec

Oct 15, 2022
vcluster - Create fully functional virtual Kubernetes clusters - Each cluster runs inside a Kubernetes namespace and can be started within seconds
 vcluster - Create fully functional virtual Kubernetes clusters - Each cluster runs inside a Kubernetes namespace and can be started within seconds

Website • Quickstart • Documentation • Blog • Twitter • Slack vcluster - Virtual Clusters For Kubernetes Lightweight & Low-Overhead - Based on k3s, bu

Jan 4, 2023
Image clone controller is a kubernetes controller to safe guard against the risk of container images disappearing

Image clone controller image clone controller is a kubernetes controller to safe guard against the risk of container images disappearing from public r

Oct 10, 2021
A Controller written in kubernetes sample-controller style which watches a custom resource named Bookstore

bookstore-sample-controller A Controller written in kubernetes sample-controller style which watches a custom resource named Bookstore. A resource cre

Jan 20, 2022
A kubernetes operator demo generated by code-generator, it only watches cr's events

intro a small operator demo which only watches car cr's events. environment: ubuntu-20.04-amd64 k3s-1.21 docker-20.10.7 go-1.17 tools code-generator d

Dec 13, 2021
webhook is a lightweight incoming webhook server to run shell commands
 webhook is a lightweight incoming webhook server to run shell commands

What is webhook? webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, whi

Jan 5, 2023
Tcpdump-webhook - Toy Sidecar Injection with Mutating Webhook

tcpdump-webhook A simple demonstration of Kubernetes Mutating Webhooks. Injects

Feb 8, 2022
Webhook-server - Webhook Server for KubeDB resources

webhook-server Webhook Server for KubeDB resources Installation To install KubeD

Feb 22, 2022