개요
kubernetes adminssion controller 연습
준비
# 생성
make up
# 삭제
make down
실행 방법
self signed 인증서 생성
mkdir certs
openssl req -x509 -newkey rsa:4096 -nodes -out certs/ca.crt -keyout certs/ca.key -days 365 -config ./cert.cnf -extensions req_ext
kubectl create secret tls webhook-certs --cert=certs/ca.crt --key=certs/ca.key --namespace=default
admission controller를 실행할 golang pod 생성
kubectl apply -f ./manifests/golang-deployment.yaml
kubectl apply -f ./manifests/service.yaml
kubectl get pod -n default
kubectl exec -it {pod 이름} -- /bin/bash
go mod init github.com/opsarena/admission-controller
go get k8s.io/api/admission/v1
go get k8s.io/apimachinery/pkg/apis/meta/v1
go get k8s.io/api/core/v1
go run main.go
webhook 생성
CA_BUNDLE=$(cat ./certs/ca.crt | base64 | tr -d '\n')
sed -e 's@${CA_BUNDLE}@'"$CA_BUNDLE"'@g' < ./manifests/validation-webhook.yaml | kubectl apply -f -
CA_BUNDLE=$(cat ./certs/ca.crt | base64 | tr -d '\n')
sed -e 's@${CA_BUNDLE}@'"$CA_BUNDLE"'@g' < ./manifests/mutate-webhook.yaml | kubectl apply -f -
admission controller 테스트
- buysbox 생성 후 admission controller pod로그 확인
kubectl apply -f ./manifests/busybox-pod.yaml
참고자료