Kubernetes admission webhooks are a powerful mechanism for customizing and controlling the behavior of your Kubernetes cluster at runtime. By intercepting requests to the Kubernetes API server, admission webhooks allow you to validate, mutate, or even reject operations like pod creation, service modifications, and more. Whether you're enforcing security policies, applying default configurations, or ensuring compliance with custom standards, admission webhooks give you the flexibility to tailor your Kubernetes environment to your organization’s needs. In this article, we’ll explore how to set up and leverage Kubernetes admission webhooks to enhance your cluster management.
Generating certificates is the most important step in creating your own custom admission controller. This allows the Kubernetes control plane to trust your web server. If the certificate is not trusted by Kubernetes the webhook calls will fail. I like to use Cloudflare's cfssl tool to gener[...]
NOTE: The below blog are notes from a while ago on when I started working with MicroVM's. When you are reading this the steps may work or not. I wanted to get these on internet to hopefully help someone else. While I am still learning about MicroVM's, my method has changed slightly and I do not use Firecracker now.
They are good for situations where you need to run untrusted code and you want and need kernel isolation. MicroVM's are ideal for running multiple secure workloads concurrently on a single machine. There are multiple solutions but this document will focus on Firecracker. Built by AWS for their serverless services.
You can either compile from source, or download the latest release from the link below. https://github.com/firecracker-microvm/firecracker/releases/
curl -LOJ https://github.com/firecracker-microvm/firecracker/releases/download/v1.14.0/firecracker-v1.14.0
mv firecrack[...]
There are several ways that you can practice kubernetes. Spin up cloud resources, K3S, or my favorite K3d.
K3d is a wrapper around K3s, which run in docker container(s). This allows you to quickly deploy and destory clusters. It also allows you to have multi-node clusters, within a single host, to allow you to see how failover and other high availability services work.
First you will need Docker installed. I will not be going over that in this document. Please refer to my other container documents. [links coming soon].
Next will be to install the k3d toolset. This can be accomlplished by the following command.
curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash
Important: As always, please review the script before piping to bash. This could lead to bad things.
Now the hard part. Creating the cluster. Lets create a cluster called[...]