resources on admission b. Runs serially, each webhook can mutate 2. Validating Webhook a. Only allows for validating resources b. Runs in parallel; if any reject, the request fails
namespaces, running critical production tasks ◦ Development namespaces, running work-in-progress services • Quality of Service between the namespaces are different: ◦ Production namespaces should be Guaranteed or Burstable ◦ Development namespaces should be Best Effort • Production services should be deployable in development namespaces without changing resource requests.
resource limits and requests in the Pod spec containers: - name: example resources: limits: memory: "200Mi" cpu: "700m" requests: memory: "200Mi" cpu: "700m"
requests to clientConfig: caBundle: ${PEM_ENCODED_BUNDLE} service: namespace: default name: resource-quotas-wh path: "/pods" The service must listen on port 443, and use an HTTPS certificate matching the caBundle
&pod) // remove each resources from each containers for i, c := range pod.Spec.Containers { c.Resources = v1.ResourceRequirements{} pod.Spec.Containers[i] = c } […]