Admission Webhook Kubernetes

Kubernetes admission webhooks are a powerful mechanism for customizing and controlling the behavior of your Kubernetes cluster at runtime. By intercepting requests to the Kubernetes API server, admission webhooks allow you to validate, mutate, or even reject operations like pod creation, service modifications, and more. Whether you're enforcing security policies, applying default configurations, or ensuring compliance with custom standards, admission webhooks give you the flexibility to tailor your Kubernetes environment to your organization’s needs. In this article, we’ll explore how to set up and leverage Kubernetes admission webhooks to enhance your cluster management.

Generate Certificates

Generating certificates is the most important step in creating your own custom admission controller. This allows the Kubernetes control plane to trust your web server. If the certificate is not trusted by Kubernetes the webhook calls will fail. I like to use Cloudflare's cfssl tool to gener[...]

Micro VM - Firecracker

NOTE: The below blog are notes from a while ago on when I started messing with MicroVM's. These may work now, may not be understandable. I wanted to get these on internet to hopefully help someone else. I am still working on MicroVM's. My method has changed slightly and I do not use Firecracker now.

microVM's are awesome!

They are good for situations where you need to run untrusted code and you need kernel isolation. They are ideal for running multiple secure workloads concurrently on a single machine. There are multiple platforms but this document will focus on Firecracker. Built by AWS for their serverless services.

Installing Firecracker

You can either compile from source or download the latest release from the link below. https://github.com/firecracker-microvm/firecracker/releases/ Make it executable and copy to /usr/bin.

Download

curl -LOJ https://github.com/firecracker-microvm/firecracker/releases/download/v1.14.0/firecracker-v1.14.0
mv firecrac[...]

Setting up a Kubernetes cluster at home

Working with Kubernetes

How can I use Kubernetes at home?

There are several ways that you can practice kubernetes. Spin up cloud resources, K3S, or my favorite K3d.

K3d is a wrapper around K3s, which run in docker container(s). This allows you to quickly deploy and destory clusters. It also allows you to have multi-node clusters, within a single host, to allow you to see how failover and other high availability services work.

Okay, How can I get started?

First you will need Docker installed. I will not be going over that in this document. Please refer to my other container documents. [links coming soon].

Next will be to install the k3d toolset. This can be accomlplished by the following command.

curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash

Important: As always, please review the script before piping to bash. This could lead to bad things.

Now the hard part. Creating the cluster. Lets create a cluster called[...]