https://github.com/jw-s/safeguard

Brings protected resources to kubernetes!
https://github.com/jw-s/safeguard

admission-controller kubernetes kubernetes-controller protected protected-resources

Last synced: 5 months ago
JSON representation

Brings protected resources to kubernetes!

• Host: GitHub
• URL: https://github.com/jw-s/safeguard
• Owner: jw-s
• License: mit
• Created: 2018-06-15T20:48:34.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2023-03-06T23:26:25.000Z (over 3 years ago)
• Last Synced: 2024-06-20T17:31:39.290Z (almost 2 years ago)
• Topics: admission-controller, kubernetes, kubernetes-controller, protected, protected-resources
• Language: Go
• Size: 12.9 MB
• Stars: 11
• Watchers: 3
• Forks: 0
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# safeguard

Safeguard is a custom admission controller for kubernetes used to enforce protection on kubernetes resources.

## Usage

1.  Configure [safeguard.yml](safeguard.yml) with your own ca bundle base64 encoded.

2.  Modify [secret.yml](contrib/secret.yml) with your own `tls.crt` and `tls.key`

    NOTE: the certificates have to be signed by the same CA as your api server!

3. Run the following;

```

kubectl create -f safeguard.yml -n NAMESPACE

kubectl create -f contrib/secret.yml -n NAMESPACE

kubectl create -f contrib/deployment.yml -n NAMESPACE # this should be in the same namespace as the secret

kubectl create -f contrib/service.yml -n NAMESPACE # this should be in the same namespace as the deployment

```

4. Decorate your resources with the following annotation to protect them.

```

---

apiVersion: v1

kind: Service

metadata:

  name: example

  annotations:

    safeguard.jw-s.com/protected: 'true'

...

```

5. Try to delete the protected resource!

## Development

### Prerequistities

* Go 1.12.x

* Make

```bash

go get -d github.com/jw-s/safeguard

cd $GOPATH/src/github.com/jw-s/safeguard

make build

```