Skip to content
/ kube-admission-image Public

kubernetes ImagePolicyWebhook on admission-controllers for kube-admission-image

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

weiqiang333/kube-admission-image

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
bin
bin
 
 
configs/kubernetes
configs/kubernetes
 
 
docs
docs
 
 
logs
logs
 
 
pkg
pkg
 
 
web
web
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
kube-admission-image.go
kube-admission-image.go
 
 

Repository files navigation

kube-admission-image

ImagePolicyWebhook on admission-controllers for kubernetes

Use kube-admission-image for customized image verification or scanning

admission category

This will define the game rules for admission

building

  • go get github.com/weiqiang333/kube-admission-image

dev

  • go run kube-admission-image.go

container

  • docker pull weiqiang333/kube-admission-image

docker hub

open ImagePolicyWebhook

TLS

  • Create a TLS certificate to protect the webhook service

  • kubernetes will be accessed via the TLS protocol

    View detailed process

kube-apiserver

  • kube-apiserver admission-control add ImagePolicyWebhook Control plugin

  • config admission-control-config-file

  • load kube-admission-image kubeconfig

    View detailed process

deploy kube-admission-image

  • First, create the TLS secret required by the webhook:
kubectl -n kube-system create secret tls tls-kube-admission-image \
  --key kube-admission-image-key.pem \
  --cert kube-admission-image.pem
  • deploy kube-admission-image
kubectl apply -f configs/kubernetes/kube-admission-image-deployment.yaml

Test acceptance

pigeon

  • pigeon version is: ImagePolicyWebhook entry rules inspection, but do not refuse
  • Usually for the stability of the environment, we need pigeon version to find non-compliant admission images, and use the official version after correcting them
  • tag: pigeon, images: weiqiang333/kube-admission-image:pigeon

FAQ

  • Pay attention to using strategy logic to avoid chicken and egg problems

About

kubernetes ImagePolicyWebhook on admission-controllers for kube-admission-image

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages