This project is for setting up a basic Kubernetes validating Admission Controller using python.
Steps to build your own admission controller.
-
Create your custom logic. There is an example admission controller shown in the /app directory that looks for a "billing" label to be applied to pods and deployments.
-
Update certgen.sh to match your admission controller. You may need to update the service and namespace where the controller lives.
-
Run the certgen.sh script to create the self-signed certificates for the admission controller.
-
Get the base64 value of the ca.crt file created by the certgen.sh script.
cat certs/ca.crt | base64 -
Paste the base64 value into the caBundle location in the webhook.yaml file.
-
Build the container using the Dockerfile within the directory. Push the image to your image repository
-
Update the warden-k8s.yaml file to point to your new image.
-
apply the warden-k8s.yaml file to deploy your admission controller within the cluster.
-
Apply the webhook.yaml file to deploy the validation configuration to the Kubernetes API server.
-
Test your app. If using the default warden.py included with this repository, there are three test manifests in the test-pods folder.