More detail on this can be found in my blog post [here](https://talkcloudlytome.com/implementing-an-audit-webhook-for-kubernetes/) ***Build the docker image from the source repo ***Publish the docker image to a registry where you can access it ***Deploy the following service to your kubernetes system: apiVersion: v1 kind: Service metadata: name: audit-webhook-service spec: selector: app: audit-webhook ports: - protocol: TCP port: 80 ***Deploy the following deployment to your kubernetes system (note - you need your own "regcred" secret deployed and need to set your image appropriately): ***(NOTE: The "command" shouldn't really be necessary, as it should be set via Dockerfile, but I couldn't get it to work...it works this way) apiVersion: apps/v1beta1 kind: Deployment metadata: name: audit-webhook-deployment labels: app: audit-webhook spec: replicas: 1 selector: matchLabels: app: audit-webhook template: metadata: labels: app: audit-webhook spec: containers: - name: audit-webhook-application image: wfmjdcimagecr.azurecr.io/k8s-audit-webhook:build-1803-v1 command: ["dotnet.exe", "kubernetes-audit-webhook.dll"] ports: - containerPort: 80 imagePullSecrets: - name: regcred ***Determine the IP address of the service you just deployed ***Create a file on your master node called "audit-webhook-kubeconfig" in the /etc/kubernetes directory, with the following text (update the IP with the IP of your service you created): apiVersion: v1 clusters: - cluster: server: http://10.0.245.224/api/audits name: audit-webhook-service contexts: - context: cluster: audit-webhook-service user: "" name: default-context current-context: default-context kind: Config preferences: {} users: [] ***Modify the /etc/kubernetes/manifests/kube-apiserver.yaml file to add the following parameter: "--audit-webhook-config-file=/etc/kubernetes/audit-webhook-kubeconfig", ***Delete the kube-apiserver pod so it's forced to restart with the new configuration (or just do sudo systemctl restart kubelet.service) ***View the logs for your pod to see the output!!! ***OTHER STUFF TO EVENTUALLY CONSIDER: - Get it working with TLS/SSL - Use the kubernetes service host name instead of hard-coding the IP address in the kubeconfig - Push to OMS instead of STDOUT on the pod - Figure out how to use certificate/credentials to call the webhook service - What else?
carlsoncoder/kubernetes-audit-webhook
An example of a ASP.NET Core WebAPI application that can be used as a webhook for Kubernetes auditing
C#