Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cmwylie19/admission-controller

Kubernetes Admission controller to mimic OpenShift admission controllers
https://github.com/cmwylie19/admission-controller

admission-controller admission-webhook kubernetes

Last synced: about 1 month ago
JSON representation

Kubernetes Admission controller to mimic OpenShift admission controllers

Awesome Lists containing this project

README 

        
# drawing Admission Controller 



The controller applies sensible defaults for pod's securityContext `runAsUser` value. It validates that security context `runAsNonRoot` is not defined when `runAsUser` is set to 0, as you cannot run as nonRoot and run as user 0. If no `runAsUser` value is defined, it will assign a default value of 2000.



- [Prepare Images](#prepare-images)

- [Deploy Admission Controller](#deploy-admission-controller)

- [Verify Admission Controller](#verify-admission-controller)



## Prepare Images



The project can be built by running `make`. The images are pushed by running `make push-image`.  



## Deploy Admission Controller



To deploy, run the `prepare.sh` in your terminal to create a CA, certificate, and private key for the controller and generate the secret, and the deployment manifests.



```bash

kubectl apply -f k8s/ns.yaml



kubectl apply -f k8s/secret-webhook-server-tls.yaml



kubectl apply -f k8s/admission-controller.yaml

```



## Verify Admission Controller



First, apply a pod with a conflicting securityContext. We will define `runAsUser` equal to 0, and `runAsNonRoot`.



```yaml

kubectl apply -f -<