倒排索引/搜索引擎>> k8s-ingress-admission-controller>> 返回
项目作者: sara4dev

项目描述 :
高级语言: Go
项目地址: git://github.com/sara4dev/k8s-ingress-admission-controller.git


k8s-ingress-admission-controller

Build Status

This ValidatingAdmissionWebhook admission controller helps to stop creating bad ingress objects in the multi-tenant clusters.

In particular it denies ingress with

  • Empty Host
  • Wilcard Host (*)
  • Local Host (localhost)
  • Duplicate Host/Path

This code is inspired from the example-webhook-admission-controller, but made it to work with Kubernetes 1.9

Prerequisite

Minikube

  • Start minkube with dynamic admission controllers
  1. minikube start \
  2. --extra-config=apiserver.Admission.PluginNames=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota \
  3. --kubernetes-version=v1.9.0
  • install helm
  1. helm init

Wait until the tiller pod is running

  • install the helm chart
  1. helm install k8s-ingress-admission-controller-helm/ --debug  --namespace=kube-system
  • apply ingress with no host
  1. kubectl apply -f test/empty-host.yaml

and the admission controller should deny the ingress with 

  1. Error from server (Forbidden): error when creating "test/empty-host.yaml": 
  2. admission webhook "k8s-ingress-admission-controller.target.k8s.io" denied the request: 
  3. Empty hostname is not allowed in this cluster