Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs/content: Updated the apis and responses in kubernetes tutorial #3910

Closed
wants to merge 19 commits into from
Closed

docs/content: Updated the apis and responses in kubernetes tutorial #3910

Changes from 5 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
71bc193
docs/content: Updated the apis and responses in kubernetes tutorial
olamiko Oct 18, 2021
a6dc88b
Merge branch 'doc-update' into main
olamiko Oct 22, 2021
08744da
Merge branch 'open-policy-agent:main' into main
olamiko Oct 26, 2021
62b128c
docs/content: Added v1 to admissionReviewVersion in kubernetes tutorial
olamiko Oct 26, 2021
f5aa92c
docs/content: Updated kube-mgmt tags and admissionReview api
olamiko Oct 26, 2021
396fa5f
docs/content: updated kubernetes tutorial
olamiko Oct 26, 2021
2b04e25
docs/content: Updated the apis and responses in kubernetes tutorial
olamiko Oct 18, 2021
c2fecaf
docs/policy-language: move '[some] x in xs' section (#3913)
srenatus Oct 22, 2021
ae57db3
docs/policy-reference: add 'in' operator examples (#3914)
srenatus Oct 22, 2021
cf6cdef
internal/ir: Remove unused MakeNumberFloatStmt (#3918)
tsandall Oct 23, 2021
70fbb9c
docs/policy-reference: fix and clarify 'in' example (#3917)
srenatus Oct 23, 2021
3e11bff
topdown/testdata: make validity 10yrs, update certs (#3919)
srenatus Oct 24, 2021
ca331b0
website/panel: left-align version buttons (#3921)
srenatus Oct 25, 2021
7a3030e
wasm/builder: bump llvm, wabt, binaryen (#3908)
srenatus Oct 26, 2021
0da9dc6
wasm: Update generated binaries
Oct 26, 2021
f5f5757
docs/rest-api: fix sprintf example (#3928)
srenatus Oct 26, 2021
d42bd95
docs/website: add warning to 'http.send'+extension docs, introduce `d…
srenatus Oct 26, 2021
a4231cd
docs/content: Updated kubernetes tutorial
olamiko Oct 26, 2021
32f64e1
Merge branch 'main' of github.com:olamiko/opa into main
olamiko Oct 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 27 additions & 17 deletions docs/content/kubernetes-tutorial.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ package system
import data.kubernetes.admission

main = {
"apiVersion": "admission.k8s.io/v1beta1",
"apiVersion": "admission.k8s.io/v1",
"kind": "AdmissionReview",
"response": response,
}
Expand Down Expand Up @@ -369,10 +369,10 @@ spec:
initialDelaySeconds: 3
periodSeconds: 5
- name: kube-mgmt
image: openpolicyagent/kube-mgmt:0.11
image: openpolicyagent/kube-mgmt:2.0.1
args:
- "--replicate-cluster=v1/namespaces"
- "--replicate=extensions/v1beta1/ingresses"
- "--replicate=networking.k8s.io/v1/ingresses"
volumes:
- name: opa-server
secret:
Expand All @@ -395,7 +395,7 @@ any namespace with the label `openpolicyagent.org/webhook=ignore`.
```bash
cat > webhook-configuration.yaml <<EOF
kind: ValidatingWebhookConfiguration
apiVersion: admissionregistration.k8s.io/v1beta1
apiVersion: admissionregistration.k8s.io/v1
metadata:
name: opa-validating-webhook
webhooks:
Expand All @@ -416,6 +416,8 @@ webhooks:
service:
namespace: opa
name: opa
admissionReviewVersions: ["v1", "v1beta1"]
sideEffects: None
EOF
```

Expand Down Expand Up @@ -479,7 +481,7 @@ and the other will be rejected.
**ingress-ok.yaml**:

```yaml
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-ok
Expand All @@ -488,15 +490,19 @@ spec:
- host: signin.acmecorp.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
- pathType: ImplementationSpecific
path: /
backend:
service:
name: nginx
port:
number: 80
```

**ingress-bad.yaml**:

```yaml
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-bad
Expand All @@ -505,9 +511,13 @@ spec:
- host: acmecorp.com
http:
paths:
- backend:
serviceName: nginx
servicePort: 80
- pathType: ImplementationSpecific
path: /
backend:
service:
name: nginx
port:
number: 80
```

Finally, try to create both Ingress objects:
Expand All @@ -522,8 +532,8 @@ The second Ingress is rejected because its hostname does not match the whitelist
It will report an error as follows:

```
Error from server (invalid ingress host "acmecorp.com"): error when creating "ingress-bad.yaml":
admission webhook "validating-webhook.openpolicyagent.org" denied the request: invalid ingress host "acmecorp.com"
Error from server: error when creating "ingress-bad.yaml": admission webhook "validating-webhook.openpolicyagent.org"
denied the request: invalid ingress host "acmecorp.com"
```

### 8. Exercise Prohibit Hostname Conflicts policy
Expand Down Expand Up @@ -553,9 +563,9 @@ kubectl create -f ingress-ok.yaml -n staging
The above command will report an error as follows:

```
Error from server (invalid ingress host "signin.acmecorp.com" (conflicts with production/ingress-ok)): error when
creating "ingress-ok.yaml": admission webhook "validating-webhook.openpolicyagent.org" denied the request: invalid
ingress host "signin.acmecorp.com" (conflicts with production/ingress-ok)
Error from server (BadRequest): error when creating "ingress-ok.yaml": admission webhook
"validate.nginx.ingress.kubernetes.io" denied the request: host "signin.acmecorp.com" and
path "/" is already defined in ingress production/ingress-ok
```

## Wrap Up
Expand Down