douglasmakey / admissioncontroller Goto Github PK
View Code? Open in Web Editor NEWA simple boilerplate for an admission controller in Go.
License: Apache License 2.0
A simple boilerplate for an admission controller in Go.
License: Apache License 2.0
TLS certificate, key generated from scrript fail for TLS handshake.
First of all thank you for writing this example, it has been very useful for writing my own admission controller.
I noticed that there is no license specified for this repo. Do you think it would be possible to provide one?
Thank you!
Kubernetes 1.24
I am trying to use your example. I keep getting this kubectl response when I try to create a pod:
Error from server (InternalError): error when creating "k8s/2-test-pod.yaml": Internal error occurred: failed calling webhook "pods.notary-admission.aws.com": received invalid webhook response: expected webhook response of admission.k8s.io/v1, Kind=AdmissionReview, got /, Kind=
The logs show that this is the JSON being sent back, via w.Write(res)
.
{
"response": {
"uid": "b49776cd-5398-4082-974d-9f4943875914",
"allowed": false,
"status": {
"metadata": {},
"message": "Your pod has the wrong name"
}
}
}
{
"response": {
"uid": "a6761f60-3c79-4943-9a03-732e274baddc",
"allowed": true,
"status": {
"metadata": {}
}
}
}
The webhook config is:
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: notary-admission
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
caBundle: LS0t...==
service:
name: notary-admission
namespace: notary-admission
path: /validate/pods
port: 443
failurePolicy: Fail
matchPolicy: Equivalent
name: pods.notary-admission.aws.com
namespaceSelector:
matchExpressions:
- key: notary-admission-ignore
operator: NotIn
values:
- ignore
objectSelector: {}
rules:
- apiGroups:
- '*'
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- pods
scope: '*'
sideEffects: None
timeoutSeconds: 10
Both allowed=true
and allowed=false
conditions elicit the same response from the webhook. Any chance you have seen this error before? I changed to "k8s.io/api/admission/v1"
from "k8s.io/api/admission/v1beta1"
in hopes that it would fix the issue, but it didn't.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.