Skip to content
/ namespace-validating-admission-webhook Public

Kubernetes Validating Admission WebHook that checks if a namespace resource is allowed to create pods on nodes that have special roles

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

apsega/namespace-validating-admission-webhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
namespace-validator.yaml
namespace-validator.yaml
 
 
package.json
package.json
 
 

Repository files navigation

Namespace allowance Validating Admission WebHook

This is a Kubernetes Validating Admission WebHook that checks if a namespace resource is allowed to create pods on nodes that have special roles.

This is based on Kelsey Hightower's denyenv validating admission webhook

Getting started

In order to customize which namespaces are allowed to deploy on specifically labeled nodes change namespaces_allowed and restricted_node_roles in index.js file.

Build docker container:

docker build --rm -f "Dockerfile" -t namespace-allowance-admission-webhook:latest .

Change ${URL} and ${CA_BUNDLE_BASE64} in namespace-validator.yaml file:

  • ${URL} should point to newly build validating admission webhook. HTTPS protocol is mandatory.
  • ${CA_BUNDLE_BASE64} should be the CA of admission webhook's webserver encoded with base64

Apply namespace-validator.yaml manifest:

kubectl apply -f namespace-validator.yaml

TBD

How to test.

About

Kubernetes Validating Admission WebHook that checks if a namespace resource is allowed to create pods on nodes that have special roles

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages