K8s API Admission Control and Policy

2023-06-19 23:19
This post provides an overview of Admission Controllers in Kubernetes, including their implementation and usage. Third-party admission controllers can be integrated into kube-apiserver by implementing them as admission webhooks. Many policy engines have appeared in the community on top of admission webhooks. This post introduces two policy engines, OPA/Gatekeeper and Kyverno. Finally, it covers the official policy engine, ValidatingAdmissionPolicy.
Read more...

K8s 多版本 API 转换最佳实践

2023-06-19 23:19
规范的 K8s APIVersion 往往会经历由 alpha 到 beta 最后到 stable 的过程,API 转换就成了应有之义。本文提供多版本 API 转换的最佳实践。本文详细讲述了基于 CRD 提供多版本 API 时的困境和解决办法,并提供了一个基于最佳实践的 Conversion Webhook Server 实现
Read more...

慎重选用 Runtime 类框架开发 K8s apiserver

2023-06-18 16:09
apiserver-runtime 本身也是基于 k8s.io/apiserver 提供增强。当项目需要灵活定制策略时,就不可避免需要直接使用底层库。结果是,开发者除了要熟悉 k8s.io 库,还需要再学一套框架。那为什么不从一开始直接使用 k8s.io/apiserver?
Read more...