Giters

jw-s / safeguard

Brings protected resources to kubernetes!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

kubernetes-controlleradmission-controllerkubernetesprotected-resourcesprotected

safeguard

Safeguard is a custom admission controller for kubernetes used to enforce protection on kubernetes resources.

Usage

  1. Configure safeguard.yml with your own ca bundle base64 encoded.

  2. Modify secret.yml with your own tls.crt and tls.key

    NOTE: the certificates have to be signed by the same CA as your api server!

  3. Run the following;

kubectl create -f safeguard.yml -n NAMESPACE
kubectl create -f contrib/secret.yml -n NAMESPACE
kubectl create -f contrib/deployment.yml -n NAMESPACE # this should be in the same namespace as the secret
kubectl create -f contrib/service.yml -n NAMESPACE # this should be in the same namespace as the deployment
  1. Decorate your resources with the following annotation to protect them.
---
apiVersion: v1
kind: Service
metadata:
  name: example
  annotations:
    safeguard.jw-s.com/protected: 'true'
...
  1. Try to delete the protected resource!

Development

Prerequistities

  • Go 1.12.x
  • Make
go get -d github.com/jw-s/safeguard
cd $GOPATH/src/github.com/jw-s/safeguard
make build

About

Brings protected resources to kubernetes!

kubernetes-controlleradmission-controllerkubernetesprotected-resourcesprotected

License:MIT License

Languages

Language:Go 80.6%Language:Dockerfile 7.4%Language:Makefile 6.5%Language:Shell 5.6%