This is a tutorial that shows how to develop a Kubernetes admission webhook.
To explain this, the tutorial is split in 5 videos.
We will create a webhook from scratch that will try to recreate the webhook that this post describes.
The problem to solve
When a user makes an
exec operation on a pod, we mark that pod and set a TTL, when that TTL expires, the pod will be deleted.
- The webhook it is not production ready.
- Its just made as a tutorial step by step.
- It would need more structure, tests, docs, metrics…
- Watch video 1 (Download)
- Introduction and context.
- Watch video 2 (Download)
- Create app structure
- Create webhook without domain logic using kubewebhook.
- Running application.
- Watch video 3 (Download)
- Watch video 4 (Download)
- Implement domain logic of webhook (Marking pod as drifted)
- End-2-end manual testing to check webhook is marking pods.
- Watch video 5 (Download)
- Deploy Kube-janitor.
- Implement domain logic of webhook (Marking pod with expiration time).
- End-2-end manual testing to check webhook sets expiration and kube-janitor deletes.