{"id":21126438,"url":"https://github.com/lreimer/k8s-experts-day","last_synced_at":"2025-07-13T08:42:22.244Z","repository":{"id":71906667,"uuid":"330900314","full_name":"lreimer/k8s-experts-day","owner":"lreimer","description":"Demo repository for with advanced Kubernetes showcases: K8s as Cloud-native software delivery platform, GitOps, admission controller, CRDs, operators.","archived":false,"fork":false,"pushed_at":"2021-11-19T16:21:23.000Z","size":367,"stargazers_count":6,"open_issues_count":1,"forks_count":6,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-28T05:34:38.119Z","etag":null,"topics":["admission-controller","fluxcd","gitops","k8s","kubernetes","kubernetes-operator","operator"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lreimer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-19T07:38:07.000Z","updated_at":"2021-11-29T16:52:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"830cdfe9-f085-40bd-947c-db469c91c63d","html_url":"https://github.com/lreimer/k8s-experts-day","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lreimer/k8s-experts-day","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Fk8s-experts-day","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Fk8s-experts-day/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Fk8s-experts-day/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Fk8s-experts-day/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lreimer","download_url":"https://codeload.github.com/lreimer/k8s-experts-day/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lreimer%2Fk8s-experts-day/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265112238,"owners_count":23713206,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["admission-controller","fluxcd","gitops","k8s","kubernetes","kubernetes-operator","operator"],"created_at":"2024-11-20T04:41:50.946Z","updated_at":"2025-07-13T08:42:22.198Z","avatar_url":"https://github.com/lreimer.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kubernetes Experts Day\n\nDemo repository for with advanced Kubernetes showcases: K8s as Cloud-native software delivery platform, GitOps, admission controllers, CRDs, operators.\n\n## Declarative Management of K8s Objects Using Kustomize\n\n```bash\n# see https://kustomize.io\n# see https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/\n\n# preview of the Kustomize output\n$ kubectl kustomize kustomized/base/\n$ kubectl kustomize kustomized/overlays/int/\n\n# apply the Kustomized output\n$ kubectl apply -k kustomized/overlays/int/\n$ kubectl delete -k kustomized/overlays/int/\n```\n\n## Imperative Management of K8s Objects Using Pulumi\n\n```bash\n# see https://www.pulumi.com/docs/get-started/kubernetes/\n$ brew install pulumi\n$ pulumi plugin install resource kubernetes v2.5.1\n\n# using TypeScript as language\n$ mkdir -p pulumi-demo-ts \u0026\u0026 cd pulumi-demo-ts\n$ pulumi new kubernetes-typescript\n\n$ pulumi up\n$ pulumi destroy\n\n$ cp ../nginx-deployment.yaml .\n$ kube2pulumi typescript -f nginx-deployment.yaml\n\n# using Go as language\n$ mkdir -p pulumi-demo-go \u0026\u0026 cd pulumi-demo-go\n$ pulumi new kubernetes-go\n\n$ pulumi up\n$ pulumi destroy\n\n$ cp ../nginx-deployment.yaml .\n$ kube2pulumi go -f nginx-deployment.yaml\n```\n\n## Using Kubernetes for GitOps with Flux2\n\n```bash\n# define required ENV variables for the next steps to work\n$ export GITHUB_TOKEN=\u003cyour-token\u003e\n$ make flux-bootstrap\n\n# now active the additional addons in ./flux2-demo/cluster/flux-system\n# - cluster-sync.yaml\n# - notification-receiver.yaml\n# - receiver-service.yaml\n# - webhook-token.yaml\n# - image-update-automation.yaml\n\n# you also need to create the webhook for the Git Repository\n# Payload URL: http://\u003cLoadBalancerAddress\u003e/\u003cReceiverURL\u003e\n# Secret: the webhook-token value\n$ kubectl -n flux-system get svc/receiver\n$ kubectl -n flux-system get receiver/webapp\n\n# enter the K8s dashboard\nkubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath=\"{.secrets[0].name}\") -o go-template=\"{{.data.token | base64decode}}\"\n```\n\n## Using Kubernetes for Local Development and CI/CD\n\n```bash\n# cloud native development environment with GitPod\n# see https://www.gitpod.io\n\n# easy Cloud Native CI/CD with Tekton\n# see https://tekton.dev\n$ kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml\n$ kubectl apply -f https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml\n$ kubectl get pods -n tekton-pipelines\n\n$ kubectl -n tekton-pipelines port-forward svc/tekton-dashboard 9097:9097\n$ open http://localhost:9097\n\n$ kubectl apply -f tekton-demos/task-hello.yaml\n$ kubectl tkn task start hello\n$ kubectl tkn taskrun logs --last -f \n\n$ kubectl apply -f task-goodbye.yaml\n$ kubectl tkn task start goodbye \n$ kubectl tkn taskrun logs --last -f \n\n$ kubectl apply -f tekton-demos/pipeline-hello-goodbye.yaml\n$ kubectl tkn pipeline start hello-goodbye\n$ kubectl tkn pipelinerun logs --last -f \n\n# use Tekton triggers to run pipelines\n# see https://tekton.dev/docs/triggers/install/\n# see https://github.com/tektoncd/triggers/tree/v0.9.1/docs/getting-started\n\n# Continuous Load Testing with K6 on Kubernetes\n# see https://github.com/lreimer/continuous-k6k8s\n\n# Continuous Security Tests with ZAP on Kubernetes\n# https://github.com/lreimer/continuous-zapk8s\n\n# Continuous Browser Automation with Geb on Kubernetes\n# https://github.com/lreimer/continuous-atdd\n```\n\n## Using the Kubernetes API on the CLI\n\n```bash\n# see https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/\n\n$ kubectl get events\n$ kubectl get events -o json\n\n$ kubectl get events --field-selector type!=Normal\n$ kubectl get events --field-selector type=Normal,involvedObject.kind=Pod\n\n$ kubectl proxy\n$ APISERVER=http://127.0.0.1:8001\n\n$ curl -X GET $APISERVER/api\n$ curl -X GET $APISERVER/apis\n\n# global watches\n$ curl -X GET $APISERVER/api/v1/watch/events\n$ curl -X GET $APISERVER/api/v1/watch/services\n$ curl -X GET $APISERVER/api/v1/watch/pods\n\n# namespace specific watches\n$ curl -X GET $APISERVER/api/v1/watch/namespaces/default/events\n$ curl -X GET $APISERVER/api/v1/watch/namespaces/default/pods\n\n# deployment specific watches\n$ curl -X GET $APISERVER/apis/apps/v1/\n$ curl -X GET $APISERVER/apis/apps/v1/watch/deployments\n$ curl -X GET $APISERVER/apis/apps/v1/namespaces/default/deployments\\?watch\\=true\n\n$ curl -X GET $APISERVER/apis/batch/v1beta1/namespaces/{namespace}/cronjobs\n\n# alternatively, directly against the API server\n$ TOKEN=$(kubectl get secrets -o jsonpath=\"{.items[?(@.metadata.annotations['kubernetes\\.io/service-account\\.name']=='default')].data.token}\"|base64 --decode)\n$ APISERVER=$(kubectl config view -o jsonpath=\"{.clusters[?(@.name==\\\"$CLUSTER_NAME\\\")].cluster.server}\")\n$ curl -X GET $APISERVER/api --header \"Authorization: Bearer $TOKEN\" --insecure\n```\n\n## Using the Kubernetes API programmatically\n\n```bash\n# see https://kubernetes.io/docs/reference/using-api/client-libraries/\n# see https://github.com/kubernetes/client-go\n# see https://github.com/kubernetes-client/java\n\n$ cd event-watcher-java/\n$ ./gradlew clean ass\n$ ./gradlew run\n```\n\n## Developing Admission Controllers\n\n![](https://d33wubrfki0l68.cloudfront.net/af21ecd38ec67b3d81c1b762221b4ac777fcf02d/7c60e/images/blog/2019-03-21-a-guide-to-kubernetes-admission-controllers/admission-controller-phases.png)\n\n```bash\n# see https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/\n# see https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/\n# see https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/\n\n# validating admission controller\n$ cd validating-admission\n\n$ make docker-build docker-push\n$ make deploy-all\n$ kubectl get all\n\n$ kubectl apply -f k8s/examples/nginx-ok.yaml\n$ kubectl apply -f k8s/examples/nginx-nok.yaml\n$ kubectl apply -f k8s/examples/\n$ make undeploy-all\n\n# mutating admission controller\n$ cd mutating-admission\n\n$ make docker-build docker-push\n$ make deploy-all\n$ kubectl get all\n\n$ kubectl apply -f k8s/examples/nginx-pod.yaml\n$ kubectl apply -f k8s/examples/\n$ make undeploy-all\n```\n\n## Defining and Using Custom Resources in Kubernetes\n\n```bash\n# see https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/\n# see https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/\n\n$ kubectl apply -f custom-resources/microservice-crd.yaml\n$ kubectl get crds\n$ kubectl apply -f custom-resources/microservice-example.yaml\n$ kubectl get yservice\n\n$ kubectl describe yservice microservice-example\n$ curl -X GET $APISERVER/apis/k8s.qaware.de/v1alpha1/watch/microservices\n\n$ kubectl apply -f custom-resources/supersecret-crd.yaml\n$ kubectl get crds\n$ kubectl apply -f custom-resources/supersecret-example.yaml\n$ kubectl get supersecrets\n\n$ kubectl describe supersecret supersecret-example\n$ curl -X GET $APISERVER/apis/k8s.qaware.de/v1alpha1/watch/supersecrets\n```\n\n## Developing Custom Controllers with the Operator SDK\n\n```bash\n# see https://github.com/lreimer/graal-operators\n# see https://github.com/lreimer/go-for-operations\n\n# create operator project using SDK\n$ mkdir -p operator-demo \u0026\u0026 cd operator-demo\n$ operator-sdk init --project-version=\"3-alpha\" --domain qaware.de --license none --owner \"Mario-Leander Reimer\" --plugins go.kubebuilder.io/v3 --repo github.com/lreimer/k8s-experts-day/operator-demo\n$ operator-sdk create api --group k8s --version v1 --kind Demo --resource=true --controller=true\n\n# build and install CRD\n$ make install\n$ kubectl get crds\n$ kubectl describe crd demoes.k8s.qaware.de  \n\n# first run\n$ make run ENABLE_WEBHOOKS=false\n$ kubectl apply -f config/samples/k8s_v1_demo.yaml\n$ kubectl delete -f config/samples/k8s_v1_demo.yaml\n\n# edit api/v1/demo_types.go to modify CRD\n$ make generate manifests\n$ make install\n$ kubectl describe crd demoes.k8s.qaware.de  \n\n# download test harness and perform release\n# see https://sdk.operatorframework.io/docs/building-operators/golang/references/envtest-setup/\n$ curl https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/master/hack/setup-envtest.sh -o setup-envtest.sh\n$ chmod +x setup-envtest.sh\n\n$ make docker-build docker-push\n$ make deploy \n$ kubectl get all -n operator-demo-system\n$ make undeploy\n```\n\n## Developing Operators with Kudo\n\n```bash\n$ kubectl krew install kudo\n$ kubectl kudo init --unsafe-self-signed-webhook-ca\n\n$ kubectl kudo install ./nginx-kudoperator\n$ kubectl kudo get instances\n```\n\n## Maintainer\n\nM.-Leander Reimer (@lreimer), \u003cmario-leander.reimer@qaware.de\u003e\n\n## License\n\nThis software is provided under the MIT open source license, read the `LICENSE` file for details.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flreimer%2Fk8s-experts-day","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flreimer%2Fk8s-experts-day","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flreimer%2Fk8s-experts-day/lists"}