1

I would like to implement functionality (or even better reuse existing libraries/APIs!) that would intercept a kubectl command to create an object and perform some pre-creation validation tasks on it before allowing kubectl command to proceed.

e.g. check various values in the yaml against external DB for example check a label conforms to the internal naming convention and so on..

Is there an accepted pattern or existing tools etc? Any guidance appreciated

Improve this question

2 Answers 2

Reset to default
2

The way to do this is by creating a ValidatingAdmissionWebhook. It's not for the faint of heart and even a brief example would be an overkill as a SO answer. A few pointers to start:

https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook

https://banzaicloud.com/blog/k8s-admission-webhooks/

https://container-solutions.com/a-gentle-intro-to-validation-admission-webhooks-in-kubernetes/

I hope this helps :-)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I usually append - - dry-run to kubectl command to check and validate the YAML config

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.