Skip to content

openshift/multus-admission-controller

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
19 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/workflows
 
 
build
 
 
cmd/webhook
 
 
deployments
 
 
docs
 
 
hack
 
 
pkg
 
 
scripts
 
 
vendor
 
 
.ci-operator.yaml
 
 
.dockerignore
 
 
.gitignore
 
 
Dockerfile.openshift
 
 
LICENSE
 
 
Makefile
 
 
OWNERS
 
 
README.md
 
 
go.mod
 
 
go.sum
 
 
Network attachment definition admission controller Getting started Example of the admission controller in action Collecting metrics with Prometheus Building the admission controller

README.md

Network attachment definition admission controller

An admission controller to check resources as defined by the Network Plumbing Working Group de-facto CRD specification upon their creation.

This admission controller is aware of some of the aspects of what's required when you create NetworkAttachmentDefinition custom resources, and can report back to the user that those resources are well formatted, to improve their experience.

Getting started

Clone this repository and execute ./hack/webhook-deployment.sh to deploy:

$ ./hack/webhook-deployment.sh

Example of the admission controller in action

If you're to create a NetworkAttachmentDefinition which has something that's out of whack -- in this example malformatted JSON -- you'll get some feedback that something is wrong.

$ cat <<EOF | kubectl create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: bad-conf
spec:
  config: '{
      "cniVersion": "0.3.0"malFormattedJSON
      }
    }'
EOF
Error from server: error when creating "STDIN": admission webhook "net-attach-def-admission-controller-validating-config.k8s.cni.cncf.io" denied the request: invalid config: error parsing configuration: invalid character 'm' after object key:value pair

If you create a valid NetworkAttachmentDefinition, you'll find that the custom resource is created successfully.

$ cat <<EOF | kubectl create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-conf
spec:
  config: '{
      "cniVersion": "0.3.0",
      "type": "macvlan",
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "host-local",
        "subnet": "192.168.1.0/24",
        "rangeStart": "192.168.1.200",
        "rangeEnd": "192.168.1.216",
        "routes": [
          { "dst": "0.0.0.0/0" }
        ],
        "gateway": "192.168.1.1"
      }
    }'
EOF
networkattachmentdefinition.k8s.cni.cncf.io/macvlan-conf created

Collecting metrics with Prometheus

Network attachment definition admission controller comes with following metrics.

  1. No. of instances with k8s.v1.cni.cncf.io/networks annotations
  2. Is cluster enabled with instances annotated with k8s.v1.cni.cncf.io/networks.

To install Prometheus and enable scraping the endpoints , execute ./hack/prometheus-deployment.sh

Metrics details

Building the admission controller

To build the admission controller, ensure it exists in your go path (we recommend you clone it to $GOPATH/src/github.com/k8snetworkplumbingwg/net-attach-def-admission-controller).

While in that directory, simple run:

make

For full installation and troubleshooting steps please see Installation guide.

For developer information, refer to the developer guide.

About

An admission controller for Multus CNI custom resources

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

7 stars

Watchers

14 watching

Forks

19 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 17

+ 6 contributors

Languages