k8s-validating-webhook

This template provides a kick start to making a kubernetes admission controller using TypeScript and Node.JS, uses a Validating Webhook.

• Kubernetes-client/client-node
• Jest
• Github Action CI
• Renovate
• Eslint (with standard config)
• Typescript
• Config
• Pino
• Fastify
• InversifyJS
• Sonar Project File
• Dockerfile

NPM Scripts

The following scripts are included in the NPM project configuration

• lint lints the source code using eslint
• lint:fix automatically fixes any lint errors that can be fixed automatically
• test uses jest to run test suites
• test:e2e runs e2e test suite, this requires an active helm:deploy
• build compiles the typescript into js and places it in the dist folder
• build:image builds the container image
• minikube:start create a minikube k8s cluster
• minikube:stop stop minikube but do not delete
• minikube:delete delete the minikube cluster
• helm:addRepos adds helm repos
• helm:deployCertManager deploy cert-manager for TLS
• helm:deploy deploy the app to k8s using helm
• helm:template print the k8s yaml that would be applied to k8s when using helm:deploy
• helm:uninstall remove the app from k8s
• helm:uninstallCertManager remove cert-manager from the k8s cluster

Deploy it

If you don't already have cert manager installed you will need to run:

helm repo add jetstack https://charts.jetstack.io && helm repo update && \
  helm upgrade --install --namespace cert-manager --create-namespace \
  cert-manager jetstack/cert-manager --set installCRDs=true --debug --wait

First add the helm repos helm repo add k8s https://curium-rocks.github.io/k8s-validating-webhook fetch updates helm repo update.

Verify it worked helm search repo k8s and you should see something like.

NAME                                                    CHART VERSION   APP VERSION     DESCRIPTION                                       
k8s/k8s-validating-we...      0.1.0           0.1.0           A starter template for a dynamic admission vali...

Deploy the app helm upgrade --install starter k8s/k8s-validating-webhook

Verify it worked kubectl run testpod --image=badbox you should see an error message like this:

Error from server: admission webhook "starter-k8s-validating-webhook.default.svc" denied the request: One of the images in [badbox] is not allowed, denied

Structure

Services

This is meant to include service abstractions, ideally each service should provide an interface/contract exposing the functionality that other things in the application need.

Entities

Currently this is setup to house factories or other items to provide instances of third party things/modules that will be bound by the InversifyJS IoC container so they can be injected into other things with @inject()

Models

This houses interfaces/models with little to no logic, the intent is these items can be passed/returned from the abstractions in services and avoid tight coupling to third party types.

types.ts

This defines symbols for each type that will be configured in the IoC container, these are used to identify the type when using @inject(TYPES.Services.Kubernetes) for example. For more information refer to inversify.

inversify.config.ts

This file maps the types defined in ./src/types.ts to interface types. For more information refer to inversify.

After Using as Template Todo List

1. Update Sonar Project Properties For Sonar Cloud
2. Add SONARQUBE_KEY secret to your repo or org if not already present
3. Point badges in README.md to correct location for you repo
4. Update renovate.json to meet desired behavior for your needs, docs can be found here.
5. Update this readme to reflect your project name and info
6. Rename all k8s-validating-webhook references to match your project name