https://github.com/stuartleeks/validate-resource-limits
Sample Kubernetes validating admission controller to ensure Pods have resource limits (CPU and Memory)
https://github.com/stuartleeks/validate-resource-limits
Last synced: 10 months ago
JSON representation
Sample Kubernetes validating admission controller to ensure Pods have resource limits (CPU and Memory)
- Host: GitHub
- URL: https://github.com/stuartleeks/validate-resource-limits
- Owner: stuartleeks
- License: mit
- Created: 2019-03-14T10:08:10.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2019-03-14T10:08:33.000Z (about 7 years ago)
- Last Synced: 2025-05-15T11:13:43.495Z (about 1 year ago)
- Language: Go
- Size: 8.87 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# validate-resource-limits
This project is a sample Kubernetes [validating admission controller](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) that verifies that all pods being deployed have resources limits (for CPU and memory) specified.
## Steps to deploy
### Build the image
```bash
docker build -t stuartleeks/validate-resource-limits .
```
NOTE: The image needs to be pushed ;-)
### Generate certs
Run `./scripts/create-certs.sh` to generate the certs
### Create the secrets
```bash
kubectl create secret generic validateresourcelimits -n default \
--from-file=key.pem=generated/app.key \
--from-file=cert.pem=generated/app.crt
```
### Susbtitute the CA bundle in the deployment manifest
```bash
./scripts/update-manifest.sh
```
### Deploy the generated manifest
```bash
kubectl apply -f generated/webhook.yaml
```
## Misc notes
The service name `validateresourcelimits.default.svc` is specified in the `app.config` for cert generation