Skip to content

lachie83/internallb-webhook-admission-controller

Repository files navigation

Kubernetes Internal LoadBalancer Admission Webhook

Go Report Card License

This Kubernetes Admission controller only admits the creation of v1/service resources containing the correct cloud provider annotations to create Internal LoadBalancers.

See upstream k8s docs for details on these annotations

CircleCI Build Status

CircleCI

Project State

Experimental

Attribution

This projects uses the upstream examples found in the following repos:

Massive thanks for all the work that went into crafting reusable examples.

Usage

Usage Demo

Supported Kubernetes versions

  • 1.9
  • 1.10

Supported Clouds

  • Supports any cloud provider that provisions an internal LoadBalancer based on Kubernetes service annotation. See upstream docs.
  • Cloud support include:
    • Azure
    • Google Cloud
    • AWS

Prerequisites

Please enable the admission webhook feature doc.

Build

make docker_build

Deploy

There are two types of Webhook Admission controllers in Kubernetes 1.9.

  • ValidatingAdmissionWebhook
  • MutatingAdmissionWebhook

Enable the relevant Kubernetes Admission controller by adding to following --admission-control and restarting kube-apiserver. See the relevant docs.

ValidatingAdmissionWebhook,MutatingAdmissionWebhook

Here is an example minikube command to build a cluster with the Admission Controller flags already present on the API server.

minikube start --kubernetes-version v1.9.3 --bootstrapper kubeadm --logtostderr --vm-driver=virtualbox --extra-config=apiserver.admission-control="NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,ValidatingAdmissionWebhook,MutatingAdmissionWebhook,PodPreset"

Once the cluster has been configured you can deploy the admission webhook to using Helm. The default installation configures a MutatingWebhookConfiguration.

helm install --name admission-webhook charts/internallb-webhook-admission-controller

To install a ValidatingWebhookConfiguration please use the following command

helm install --name admission-webhook charts/internallb-webhook-admission-controller --set admissionRegistration.kind=ValidatingWebhookConfiguration

For a full list of configurable values in the helm chart please, run the following command

helm inspect charts/internallb-webhook-admission-controller