The Netpolmgr custom kubernetes Validation Webhook is written primarily in go lang. This Validation Webhook Validates in case a label of a pod is edited, and it exists in some network policy, it doesn't let user edit that label.
These instructions will get you the project up and running on your local machine for development and testing purposes. See Running the Code for notes on how to deploy the project on a Local System or on a Kubernetes Server.
To run/test the Netpolmgr Validation Webhook on Minikube, first we need to install following Software Dependencies.
Once above Dependencies are installed we can move with further steps
A step by step series of examples that tell you how to get a development env running.
go mod tidy
minikube start --nodes 2
kubectl create -f manifests/sa.yaml
kubectl create -f manifests/role.yaml
kubectl create -f manifests/rb.yaml
kubectl create -f manifests/certs/secret.yaml
kubectl create -f manifests/netpolmgr.yaml
kubectl create -f manifests/service.yaml
kubectl create -f manifests/validation-pod-label.yaml
kubectl create -f manifests/allow-network-policy.yaml
kubectl create -f manifests/nginx.yaml
kubectl edit pod/nginx
Try to edit label app: nginx
to app: nginx-test
Netpolmgr will restrict the changes as app:nginx is mentioned in network policy which we created.
Try to add some new labels in the nginx pod role: frontend
, it will allow to add this
- @r4rajat - Implementation