Understanding and Extending Admission Controllers
This repository is the proving ground for learning about and implementing admission controllers. The walk-through contains my thinking process.
- Create a kind cluster
make cluster-init
- Generate TLS keys and certificates to setup the Webhook Server
make gen-keys
- Add a Secret to hold the
tls.crt
andtls.key
and add it to the manifests directory
kubectl -n submariner create secret tls webhook-server-tls \
--cert "./keys/webhook-server-tls.crt" \
--key "./keys/webhook-server-tls.key" \
--dry-run=client -o yaml
- Base64 encode the
ca.crt
generated in Step 2 and add it to themutatingwebookconfig.yaml
as thecaBundle
dynamically using make (so we don't commit theca.crt
)
base64 ./keys/ca.crt
webooks:
- name: mutating-webhook-configuration
namespace: submariner
caBundle: "{{FILL HERE}}"
🥃 J.Stone 💎