kcadm

command module

v0.0.0-...-2da2e15 Latest Latest Go to latest Published: Dec 23, 2021 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ulfox/kcadm

Links

Open Source Insights

README ¶

KCAdm

Kubernetes Admission controller

Test locally

First create the required certificate files

Note-1: Please update the domains to a domain you prefer Note-2: If you want to use the code as is, then add 127.0.0.1 sysiops.com to your /etc/hosts

Create Selfsigned Certificates

Create certs directory

mkdir -vp certs

Create CA root key

openssl genrsa -out certs/ca.key 2048

Create CA certificate

openssl req -new -x509 \
    -key certs/ca.key \
    -days 365000 \
    -subj "/CN=sysiops.com/C=GR/ST=Attiki/L=Athens/O=sysiops/OU=sysiops" \
    -out certs/ca.crt

Create Server's (Admission controller server) private key

openssl genrsa -out certs/server-key.pem 2048

Create a server certificate signing request

openssl req -new \
    -key certs/server-key.pem \
    -subj "/CN=kcadm.sysiops.svc/C=GR/ST=Attiki/L=Athens/O=sysiops/OU=sysiops" \
    -addext "subjectAltName = DNS:kcadm.sysiops.com,DNS:sysiops.com,DNS:kcadm,DNS:kcadm.sysiops,DNS:kcadm.sysiops.svc,DNS:kcadm.sysiops.svc.cluster.local" \
    -out certs/server.csr

Create the Server's certificate and sign it with the CA we created

openssl x509 -req \
    -extfile <(printf "subjectAltName=DNS:kcadm.sysiops.com,DNS:sysiops.com,DNS:kcadm,DNS:kcadm.sysiops,DNS:kcadm.sysiops.svc,DNS:kcadm.sysiops.svc.cluster.local") \
    -in certs/server.csr \
    -days 365000 \
    -CA certs/ca.crt \
    -CAkey certs/ca.key \
    -CAcreateserial \
    -out certs/server-cert.pem

Run Server

go run main.go

Test namespace resource

Issue an invalid request

curl -s  https://sysiops.com:8080/namespace-admition -d @invalid-namespace-name.json --cacert certs/ca.crt | jq
{
  "kind": "Namespace",
  "apiVersion": "v1",
  "response": {
    "uid": "705ab4f5-6393-11e8-b7cc-42010a800002",
    "allowed": false,
    "status": {
      "metadata": {},
      "message": "Namespace Name must start with user-",
      "code": 403
    }
  }
}

Issue a valid request

curl -s  https://sysiops.com:8080/namespace-admition -d @valid-namespace-name.json --cacert certs/ca.crt | jq
{
  "kind": "Namespace",
  "apiVersion": "v1",
  "response": {
    "uid": "705ab4f5-6393-11e8-b7cc-42010a800002",
    "allowed": true,
    "status": {
      "metadata": {}
    }
  }
}

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
utils

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL