Skip to content

fidencio/kata-webhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
deploy
deploy
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
create-certs.sh
create-certs.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Kata Admission controller webhook

Implement a simple admission controller webhook to annotate pods with the Kata runtime class.

How to build the admission controller

First build the admission controller image and the associated Kubernetes YAML files required to instantiate the admission controller.

$ podman build -t katadocker/kata-webhook-example:latest -f Dockerfile
$ ./create_certs.sh

Note: Image needs to be published for the webhook needs to work. Alternately on a single machine cluster change the imagePullPolicy to use the locally built image.

Making Kata the default runtime using an admission controller

Today in crio.conf runc is the default runtime when a user does not specify runtimeClass in the pod spec. If you want to run a cluster where Kata is used by default, except for workloads we know for sure will not work with Kata, use the admission webhook and sample admission controller we created by running

$ kubectl apply -f deploy/

The webhook mutates pods to use the Kata runtime class for all pods except those with

  • hostNetwork: true
  • namespace: rook-ceph and rook-ceph-system

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages