pod-exec-guard-kubewebhook-tutorial

Introduction

This is a tutorial that shows how to develop a Kubernetes admission webhook.

To explain this, the tutorial is split in 5 videos.

We will create a webhook from scratch that will try to recreate the webhook that this post describes.

When a user makes an exec operation on a pod, we mark that pod and set a TTL, when that TTL expires, the pod will be deleted.

The tutorial is based on kubewebhook to develop the webhook, and uses kube-janitor to delete the pods after a specific TTL expires.

Watch video 1 (Download)
- Introduction and context.
Watch video 2 (Download)
- Create app structure
- Create webhook without domain logic using kubewebhook.
- Running application.
Watch video 3 (Download)
- Set up dev environment (dev cluster with kind, certs with mkcert, tunnels with ngrok, webhook registration).
- End-2-end manual testing to check webhook is being called.
Watch video 4 (Download)
- Implement domain logic of webhook (Marking pod as drifted)
- End-2-end manual testing to check webhook is marking pods.
Watch video 5 (Download)
- Deploy Kube-janitor.
- Implement domain logic of webhook (Marking pod with expiration time).
- End-2-end manual testing to check webhook sets expiration and kube-janitor deletes.

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
certs		certs
manifests		manifests
scripts		scripts
Makefile		Makefile
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go