kubernetes adminssion controller 연습
- kind 쿠버네티스 클러스터 생성
# 생성
make up
# 삭제
make down
mkdir certs
openssl req -x509 -newkey rsa:4096 -nodes -out certs/ca.crt -keyout certs/ca.key -days 365 -config ./cert.cnf -extensions req_ext
kubectl create secret tls webhook-certs --cert=certs/ca.crt --key=certs/ca.key --namespace=default
- golang 컨테이너가 있는 pod생성
kubectl apply -f ./manifests/golang-deployment.yaml
kubectl apply -f ./manifests/service.yaml
- golang pod 쉘 접속
kubectl get pod -n default
kubectl exec -it {pod 이름} -- /bin/bash
- go 모듈 초기화와 외부모듈 다운로드
go mod init github.com/opsarena/admission-controller
go get k8s.io/api/admission/v1
go get k8s.io/apimachinery/pkg/apis/meta/v1
go get k8s.io/api/core/v1
-
main.go 파일 생성: main.go파일을 pod안에 복사
-
main.go 실행
go run main.go
- validate webhook
CA_BUNDLE=$(cat ./certs/ca.crt | base64 | tr -d '\n')
sed -e 's@${CA_BUNDLE}@'"$CA_BUNDLE"'@g' < ./manifests/validation-webhook.yaml | kubectl apply -f -
- mutate webhook
CA_BUNDLE=$(cat ./certs/ca.crt | base64 | tr -d '\n')
sed -e 's@${CA_BUNDLE}@'"$CA_BUNDLE"'@g' < ./manifests/mutate-webhook.yaml | kubectl apply -f -
- buysbox 생성 후 admission controller pod로그 확인
kubectl apply -f ./manifests/busybox-pod.yaml