Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Learn more about Admission Webhooks

Yuichi Saito
September 28, 2018
Technology
1
1.6k

Learn more about Admission Webhooks

kubernetes meetup #13
https://k8sjp.connpass.com/event/100842/

Yuichi Saito

September 28, 2018
Tweet

More Decks by Yuichi Saito

See All by Yuichi Saito
失敗から学ぶ - ポストモーテム / Postmotem culture at Wantedly
munisystem
2
33k
Distributed Tracing with OpenCensus at Wantedly, Inc.
munisystem
3
4.9k
OpenCensus による APM の実現と、未来 / Implementing APM with OpenCensus
munisystem
8
6.6k
Effective Health Checking
munisystem
2
670
An introduction to monitoring Go Application with OpenCensus
munisystem
1
1.1k
Dgraph - A high performance graph database written in pure Go
munisystem
7
7k

Other Decks in Technology

See All in Technology
小さな開発会社がWebサービスを作る理由
polidog
PRO
1
160
長期運用プロジェクトでのMySQLからTiDB移行の検証
colopl
2
670
Tebiki株式会社 エンジニア採用資料
tebiki
0
4.1k
Postman v10リリース後を振り返る
nagix
0
130
自動生成を活用した、運用保守コストを抑える Error/Alert/Runbook の一元集約管理 / Centralized management of Error/Alert/Runbook to minimize operational costs using automated code generation
biwashi
9
2.1k
オーナーシップを持つ領域を明確にする
konifar
11
2.6k
AIQ株式会社 エンジニア向け会社紹介資料
aiqlab
0
370
反実仮想機械学習とは何か
usaito
PRO
7
2.2k
Data and AI Governance: Existing Challenges and Emerging Trends
scotthsieh825
0
160
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
130
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.6k
コンテナセキュリティの基本と脅威への対策
kyohmizu
3
700

Featured

See All Featured
Designing with Data
zakiwarfel
95
4.8k
Building Better People: How to give real-time feedback that sticks.
wjessup
354
18k
How to name files
jennybc
64
92k
Facilitating Awesome Meetings
lara
41
5.6k
Code Reviewing Like a Champion
maltzj
513
39k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
119
38k
In The Pink: A Labor of Love
frogandcode
138
21k
A Modern Web Designer's Workflow
chriscoyier
688
190k
Design by the Numbers
sachag
274
18k
Reflections from 52 weeks, 52 projects
jeffersonlam
344
19k
Building an army of robots
kneath
300
41k
It's Worth the Effort
3n
180
27k

Transcript

  1. ©2018 Wantedly, Inc. Learn more about 
 Admission Webhooks Kubernetes

    meetup #13 Yuichi Saito @munisystem

  2. ©2018 Wantedly, Inc.  "ENJTTJPO$POUSPMMFSͷ͓͞Β͍  "ENJTTJPO8FCIPPLTͱ͸  ·ͱΊ Agenda

  3. ©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͷ͓͞Β͍

  4. ©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹQPEΛ࡞ͬͯΈΔ

  5. ©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE͸࡞Δ͜ͱ͕Ͱ͖ͳ͍

  6. ©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE͸࡞Δ͜ͱ͕Ͱ͖ͳ͍ /BNFTQBDF-JGFDZDMF https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#namespacelifecycle

  7. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛड͚ೖΕΔ͔൑ఆ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

  8. ©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͱ͸ https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/

  9. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

  10. ©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ͜ͱͰɺϚχϑΣετʹॻ͔ͣͱ΋ҎԼͷ͜ͱ͕ߦ͑Δ w ೚ҙͷBOOPUBUJPO΍MBCFMΛ෇༩͢Δ w ΞϓϦέʔγϣϯͷ؀ڥม਺ʹ೚ҙͷσʔλΛຒΊࠐΊΔ w QPEͷલ໘ʹQSPYZΛஔ͘

    w ΠϝʔδΛॻ͖׵͑Δ w FUD "ENJTTJPO$POUSPMMFSͱ͸

  11. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

  12. ©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔ͷ൑அΛҎԼͷ৘ใ͔Βߦ͑Δ w ϚχϑΣετͷ಺༰ w ΫϥΠΞϯτͷΞΧ΢ϯτ΍ϩʔϧͷछྨ w ֎෦αʔϏεͱͷ࿈ܞ

    w FUD "ENJTTJPO$POUSPMMFSͱ͸

  13. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸ ෳࡶͳΦϖϨʔγϣϯ΍ػೳΛ,VCFSOFUFT಺෦Ͱ࣮ݱͰ͖Δ

  14. ©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͱ͸

  15. ©2018 Wantedly, Inc. w Wd͔Βαϙʔτ͞Εͨ"ENJTTJPO$POUSPMMFSΛ֦ு͢ΔͨΊͷػೳ CFUB  w BENJTTJPOQMVHJOTͰҎԼΛ༗ޮʹ͢Δ͜ͱͰར༻͕ՄೳʹͳΔ w

    .VUBUJOH"ENJTTJPO8FCIPPL w 7BMJEBUJOH"ENJTTJPO8FCIPPL w Ͳ͜Ͱ࢖ΘΕ͍ͯΔʁ w *TUJP͕TJEFDBSͱͯ͠FOWPZΛEFQMPZ͢Δ࣌ʹར༻͍ͯ͠Δ w SFGIUUQTHJUIVCDPNJTUJPJTUJPCMPCNBTUFSQJMPUQLHLVCFJOKFDUXFCIPPLHP "ENJTTJPO8FCIPPLTͱ͸

  16. ©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLT0WFSWJFX https://kubernetes.io/blog/2018/01/extensible-admission-is-beta/

  17. ©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ
 ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

    w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ
 "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

  18. ©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ
 ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

    w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ
 "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

  19. ©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͷઃఆ 7BMJEBUJOH8FCIPPLTͷྫ ͜ͷઃఆͩͱ w ৚݅ w $MJFOU͔Βͷཁٻ͕


    BQJ7FSTJPOWͷQPEͷ$3&"5&ͷ৔߹ w Ͳ͜ʹ w EFGBVMUOBNFTQBDFͷ
 FYBNQMFIPPLTFSWFSTFSWJDFͷ
 BENJUQPETʹରͯ͠ w ͳʹ͕ w 7BMJEBUJOHͷͨΊͷ"ENJTTJPO3FRVFTU ͕ૹΒΕͯ͘ΔΑ͏ʹͳΔ

  20. ©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ
 ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

    w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ
 "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

  21. ©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ

  22. ©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ

  23. ©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ QPEͷ࡞੒͕ඞࣦͣഊ͢Δ

  24. ©2018 Wantedly, Inc. w "ENJTTJPO8FCIPPLT͸,VCFSOFUFTΛΧελϚΠζ͢Δ࢓૊Έ w ͜ΕΛ͔ͭ͏͜ͱͰ,VCFSOFUFTʹෳࡶͳΦϖϨʔγϣϯΛ࣮ݱͰ͖Δ w ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ w

    ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ w /05ۜͷ஄ؙ w ͝ར༻͸ܭըతʹ ·ͱΊ