Implementing a Validating Admission WebHook
Learn how to implement a validating admission webhook service.
We'll cover the following...
Implement a validating admission webhook
A validating admission webhook service is a web server, because the kube-apiserver invokes it through HTTPS POST requests. Now, let’s implement such a service step by step.
Step 1: Write a simple HTTP server
Let’s write a simple HTTP server at the path /validate on port 443. It checks the Pod name and rejects all Pods having mock-app in their names. The development environment that we can use to add and modify our programs is given below. We can hit the “Run” button to initialize it.
-----BEGIN CERTIFICATE----- MIIDDjCCAfagAwIBAgIUWX6Cy5agnx6c0g/5NzmqVQxmMJcwDQYJKoZIhvcNAQEL BQAwDTELMAkGA1UEAxMCQ0EwHhcNMjMwMTAzMDcyNDAwWhcNMzIxMjMxMDcyNDAw WjANMQswCQYDVQQDEwJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANgQo4ebi+XzR1toF4RvgGjO9TbpGIPHAR4meB1s/a1605FadYJjeyMy3djeXfvD 6y5P9rBx6RCoPoAIaQWmwChcN5mMnNhxMPCm4JcsXrbmrEmn+0xJKGEZ88PafjmW q4WIc5Qz8neBRSWKjObqQoOiNrZaAYJZGc1uVdvEHUgBFqcTIqRv+O9A4gdLyQxO 4yRKKen9NhHibYHOigWii7zXVwLI8i/V2vO3KpQiyrKOTFlHW/UpygWd+tnmX5Dp mK1zLn01eamdnZI6gkPNprqo8+K3LU+mKhZGVNypgQegz2Ev8VUgdlcMQ6w8Crbw tHnVm80DCoCTsSzZhJ86TWUCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1Ud EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFBeO3R6z1z0rmQii+bPSUX1Nnl5SMB8G A1UdIwQYMBaAFBeO3R6z1z0rmQii+bPSUX1Nnl5SMA0GCSqGSIb3DQEBCwUAA4IB AQCowSlJ+aSYuxjIG/NIHiCXUKBT/Sy9b1Uu/LhSMl5oEv+UxhZjX+v6PdGulPkr 3i8LphLnJ5KyI/yN9RIJnHVF/HFzAeARYijR1L04zEA3BeHRpN01ml8uMdKjnlvA vuXew5qwPTh79awN2muSv+ZC7zCkJGEf3dcik7NoHaIqZEYq0PgW9NxFQh9p9QzJ 2GNHgjzSlHc4UK05yfLFxmXUmnTjEyOnskl+jICrenC3dDwBzrdk0TF1M+sLNjE/ FzPCs7T9/9nNbJ1OQFHhNQP2yYLusHtWN7zQgMv0M11Fp6rwkj3fzls9KZMXimkD M0S2MuS6doi/uE/qhdeOvidT -----END CERTIFICATE-----
In a real-world scenario, we only need to replace the mock code in the function validate() (line 21 in main.go) with our actual business logic. In the demo above, we’re handling Pods, and other resources can be handled too, only if we’ve set matching rules in ValidatingAdmissionConfiguration.
One of the notable qualities of good ...