haozi4263 / admission-resource Goto Github PK
View Code? Open in Web Editor NEWadmission根据cpu/memory资源准入控制和增加labels/annotations/initContainers校验控制器
admission根据cpu/memory资源准入控制和增加labels/annotations/initContainers校验控制器
## 1. 创建ca证书 cfssl gencert -initca ca-csr.json | cfssljson -bare ca ## 2. 创建服务端证书,hostname要指定admission-webhook的svc名称 cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json \ -hostname=admission-resource.default.svc -profile=server server-csr.json | cfssljson -bare server ## 3. 创建tls的secret kubectl create secret tls admission-resource-tls \ --key=server-key.pem \ --cert=server.pem ## 4. 将ca.pem放入admission-webhook的caBundle中 cat ca.pem|base64 ## 5.编译镜像 docker build -t haozi4263/admission-resource:v1.1 . && docker push haozi4263/admission-resource:v1.1 ## 6. 运行admission-webhook kubectl apply -f deploy/admission-webhook-controller.yaml ## 7. 注册admission-webhook kubectl apply -f deploy/registry-webhook.yaml ## 8. 对namespace打标签用于允许admission webhook kubectl label namespace default admission-resource=enabled deployment需要打上标签admission-resource: enabled ## 9. 运行deployment测试,观察日志 kubectl apply -f deploy/admission-resource-test.yaml a. 观察cpu/memory资源创建是否符合资源规定 b. 观察是否增加labels/annotations/initContainers # 项目说明: validate admission webook: 对deployment/statfulset资源检测limit_cpu/request_cpu和limit_memory/limit_memory 占比是否大于4倍数,大于4倍以上说明资源分配不合理,拒绝创建deployment/statfulset 小于4倍则认为合理允许创建deployment/statfulset mutate admission webhook: 对deployment/statfulset资源通过给定对configmap增加labels和annotations注解。 对deployment/statfulset资源通过给定对configmap增加initContainers。 ## 参考文档: https://kubernetes.io/zh/docs/reference/access-authn-authz/extensible-admission-controllers/ https://jsonpatch.com/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.