kubevirt-template-validator

module
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 20, 2019 License: Apache-2.0

README

kubevirt-template-validator

kubevirt-template-validator is a kubevirt addon to check the annotations on templates and reject them if unvalid. It is implemented using a validating webhook.

Go Report Card

License

Apache v2

Dependencies

Installation

You need to pick the platform on which you want to install. For kubernetes:

export PLATFORM=k8s

for OKD/OCP:

export PLATFORM=okd

now you can set which tool you need to use to interact with the cluster. Usually: for kubernetes:

export KUBECTL=kubectl

for OKD/OCP:

export KUBECTL=oc
installation on OKD/OCP

Make sure the validating webhooks are enabled. You either need to configure the platform when you install it or to use OKD/OCP >= 4.0. See:

Then, make sure you have the template:view cluster role binding in your cluster. If not, add it:

$KUBECTL create -f ./cluster/okd/manifests/template-view-role.yaml
common installation instructions
  1. first, create and deploy the certificates in a Kubernetes Secret, to be used in the following steps:
./cluster/$PLATFORM/webhook-create-signed-cert.sh

2.a. check that the secret exists:

$KUBECTL get secret -n kubevirt virtualmachine-template-validator-certs
NAME                                      TYPE      DATA      AGE
virtualmachine-template-validator-certs   Opaque    2         1h
  1. deploy the service:
$KUBECTL create -f ./cluster/$PLATFORM/manifests/service.yaml
  1. In order to set up the webhook, we need a CA bundle. We can reuse the one from the certs we create from the step #1.
cat ./cluster/$PLATFORM/manifests/validating-webhook.yaml | ./cluster/$PLATFORM/extract-ca.sh | $KUBECTL apply -f -

Done!

Disable the webhook

To disable the webhook, just de-register it from the apiserver:

$KUBECTL delete -f ./cluster/$PLATFORM/manifests/validating-webhook.yaml

Caveats & Gotchas

content pending

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL