A custom Admission Controller written in Golang and Revel WebFramework to understand concepts of Kubernetes Admission Controllers
Communication between Kubernetes API server and custom admission controler webhook is secured by ssl certificates. Follow below steps to generate a self signed ssl certificate:
-
Install cfssl utility on a linux OS.
curl -s -L -o /usr/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
curl -s -L -o /usr/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x /usr/bin/{cfssl,cfssljson} -
Initialize and generate necessary config files
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cfssl print-defaults csr > validator.json -
Generate certificates
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=validator validator.json | cfssljson -bare validator
Build a Docker image using the Dockerfile available under the root directory of this folder. Tag and push the image to a registry.
- If you have generated the certificates with a different name, update the below lines in the file 'app/conf/app.conf' to match the certificate names:
http.sslcert = /go/src/label/{newname}.pem
http.sslkey = /go/src/label/{newname}.pem - Update the docker repository name in file app/k8/deployment.yaml under 'spec.containers.image' to match the image name generated by you.