command
module
Version:
v0.0.0-...-a7857d6
Opens a new window with list of versions in this module.
Published: Jun 13, 2023
License: MPL-2.0
Opens a new window with license information.
Imports: 1
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
README
¶
Admission Controller Base
A project to learn some Go by migrating our Python mutating admission controller to Go.
Functionality to Replicate
Tracking each feature we have implemented in Python that we need to implement in the new controller:
Webhooks
- Tolerate Azure spot instances
- Add the internal-only annotation for the cloud provider we're running in
- Reject objects in the default namespace
- Prevent volumes that use
EmptyDir
storage
- Reject Service objects that violate CVE-2020-8554 until the core Kubernetes offering does
- Add DNS operator custom resources for appropriately-annotated services
Other Features
- Add new webhooks via code generation and a plugin architecture
- Add endpoints to enable and disable all webhooks handled by the server
- Alerting to external communications channels in addition to the response to
kubectl
- Slack (implemented in our admission controller in Python)
Net-new Improvements
- A Helm chart for deployment
- Deploy with Kustomize instead of in-house templating logic
- BATS tests baked into the deployment via a CronJob and a BATS test script
Documentation
¶
There is no documentation for this package.
Source Files
¶
Directories
¶
internal
|
|
|
|
server
Copied from https://github.com/kubernetes/kubernetes/blob/release-1.26/test/images/agnhost/webhook/scheme.go
|
Copied from https://github.com/kubernetes/kubernetes/blob/release-1.26/test/images/agnhost/webhook/scheme.go |
|
|
Click to show internal directories.
Click to hide internal directories.