Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Learn more about Admission Webhooks

Yuichi Saito
September 28, 2018
Technology
1
1.7k

Learn more about Admission Webhooks

kubernetes meetup #13
https://k8sjp.connpass.com/event/100842/

Yuichi Saito

September 28, 2018
Tweet

More Decks by Yuichi Saito

See All by Yuichi Saito
失敗から学ぶ - ポストモーテム / Postmotem culture at Wantedly
munisystem
3
36k
Distributed Tracing with OpenCensus at Wantedly, Inc.
munisystem
3
5.1k
OpenCensus による APM の実現と、未来 / Implementing APM with OpenCensus
munisystem
8
6.9k
Effective Health Checking
munisystem
2
720
An introduction to monitoring Go Application with OpenCensus
munisystem
1
1.2k
Dgraph - A high performance graph database written in pure Go
munisystem
7
7.3k

Other Decks in Technology

See All in Technology
終了の危機にあった15年続くWebサービスを全力で存続させる - phpcon2024
yositosi
3
3.7k
株式会社ログラス − エンジニア向け会社説明資料 / Loglass Comapany Deck for Engineer
loglass2019
3
32k
生成AIのガバナンスの全体像と現実解
fnifni
1
180
社内イベント管理システムを1週間でAKSからACAに移行した話し
shingo_kawahara
0
180
非機能品質を作り込むための実践アーキテクチャ
knih
3
1.1k
KubeCon NA 2024 Recap / Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads
z63d
1
240
KubeCon NA 2024 Recap: How to Move from Ingress to Gateway API with Minimal Hassle
ysakotch
0
200
Turing × atmaCup #18 - 1st Place Solution
hakubishin3
0
480
レンジャーシステムズ | 会社紹介(採用ピッチ)
rssytems
0
150
C++26 エラー性動作
faithandbrave
2
730
マイクロサービスにおける容易なトランザクション管理に向けて
scalar
0
120
5分でわかるDuckDB
chanyou0311
10
3.2k

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1030
460k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
132
33k
Gamification - CAS2011
davidbonilla
80
5.1k
The Invisible Side of Design
smashingmag
298
50k
Making Projects Easy
brettharned
116
5.9k
Imperfection Machines: The Place of Print at Facebook
scottboms
266
13k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.5k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9.1k
Scaling GitHub
holman
458
140k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
127
18k
Raft: Consensus for Rubyists
vanstee
137
6.7k
How to train your dragon (web standard)
notwaldorf
88
5.7k

Transcript

  1. ©2018 Wantedly, Inc. Learn more about 
 Admission Webhooks Kubernetes

    meetup #13 Yuichi Saito @munisystem

  2. ©2018 Wantedly, Inc.  "ENJTTJPO$POUSPMMFSͷ͓͞Β͍  "ENJTTJPO8FCIPPLTͱ͸  ·ͱΊ Agenda

  3. ©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͷ͓͞Β͍

  4. ©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹQPEΛ࡞ͬͯΈΔ

  5. ©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE͸࡞Δ͜ͱ͕Ͱ͖ͳ͍

  6. ©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE͸࡞Δ͜ͱ͕Ͱ͖ͳ͍ /BNFTQBDF-JGFDZDMF https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#namespacelifecycle

  7. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛड͚ೖΕΔ͔൑ఆ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

  8. ©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͱ͸ https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/

  9. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

  10. ©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ͜ͱͰɺϚχϑΣετʹॻ͔ͣͱ΋ҎԼͷ͜ͱ͕ߦ͑Δ w ೚ҙͷBOOPUBUJPO΍MBCFMΛ෇༩͢Δ w ΞϓϦέʔγϣϯͷ؀ڥม਺ʹ೚ҙͷσʔλΛຒΊࠐΊΔ w QPEͷલ໘ʹQSPYZΛஔ͘

    w ΠϝʔδΛॻ͖׵͑Δ w FUD "ENJTTJPO$POUSPMMFSͱ͸

  11. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

  12. ©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔ͷ൑அΛҎԼͷ৘ใ͔Βߦ͑Δ w ϚχϑΣετͷ಺༰ w ΫϥΠΞϯτͷΞΧ΢ϯτ΍ϩʔϧͷछྨ w ֎෦αʔϏεͱͷ࿈ܞ

    w FUD "ENJTTJPO$POUSPMMFSͱ͸

  13. ©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ
 ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

    w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸ ෳࡶͳΦϖϨʔγϣϯ΍ػೳΛ,VCFSOFUFT಺෦Ͱ࣮ݱͰ͖Δ

  14. ©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͱ͸

  15. ©2018 Wantedly, Inc. w Wd͔Βαϙʔτ͞Εͨ"ENJTTJPO$POUSPMMFSΛ֦ு͢ΔͨΊͷػೳ CFUB  w BENJTTJPOQMVHJOTͰҎԼΛ༗ޮʹ͢Δ͜ͱͰར༻͕ՄೳʹͳΔ w

    .VUBUJOH"ENJTTJPO8FCIPPL w 7BMJEBUJOH"ENJTTJPO8FCIPPL w Ͳ͜Ͱ࢖ΘΕ͍ͯΔʁ w *TUJP͕TJEFDBSͱͯ͠FOWPZΛEFQMPZ͢Δ࣌ʹར༻͍ͯ͠Δ w SFGIUUQTHJUIVCDPNJTUJPJTUJPCMPCNBTUFSQJMPUQLHLVCFJOKFDUXFCIPPLHP "ENJTTJPO8FCIPPLTͱ͸

  16. ©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLT0WFSWJFX https://kubernetes.io/blog/2018/01/extensible-admission-is-beta/

  17. ©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ
 ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

    w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ
 "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

  18. ©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ
 ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

    w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ
 "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

  19. ©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͷઃఆ 7BMJEBUJOH8FCIPPLTͷྫ ͜ͷઃఆͩͱ w ৚݅ w $MJFOU͔Βͷཁٻ͕


    BQJ7FSTJPOWͷQPEͷ$3&"5&ͷ৔߹ w Ͳ͜ʹ w EFGBVMUOBNFTQBDFͷ
 FYBNQMFIPPLTFSWFSTFSWJDFͷ
 BENJUQPETʹରͯ͠ w ͳʹ͕ w 7BMJEBUJOHͷͨΊͷ"ENJTTJPO3FRVFTU ͕ૹΒΕͯ͘ΔΑ͏ʹͳΔ

  20. ©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ
 ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

    w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ
 "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

  21. ©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ

  22. ©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ

  23. ©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ QPEͷ࡞੒͕ඞࣦͣഊ͢Δ

  24. ©2018 Wantedly, Inc. w "ENJTTJPO8FCIPPLT͸,VCFSOFUFTΛΧελϚΠζ͢Δ࢓૊Έ w ͜ΕΛ͔ͭ͏͜ͱͰ,VCFSOFUFTʹෳࡶͳΦϖϨʔγϣϯΛ࣮ݱͰ͖Δ w ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ w

    ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ w /05ۜͷ஄ؙ w ͝ར༻͸ܭըతʹ ·ͱΊ