sample-controller: https://github.com/kubernetes/sample-controller ▶ apiserver-builder-alpha: https://github.com/kubernetes-sigs/apiserver-builder-alpha ▶ Custom Metrics Adapter Server Boilerplate: https://github.com/kubernetes-sigs/custom-metrics-apiserver ▶ Prometheus Adapter for Kubernetes Metrics APIs: https://github.com/kubernetes-sigs/prometheus-adapter ▶ metrics: https://github.com/kubernetes/metrics ▶ CRI Streaming Requests (exec/attach/port-forward): https://docs.google.com/document/d/1OE_QoInPlVCK9rMAx9aybRmgFiVjHpJCHI9LrfdNM_s/edit#heading=h.4yfjiw58o8d3 ▶ Using a KMS provider for data encryption: https://kubernetes.io/docs/tasks/administer-cluster/kms-provider/ ▶ Encrypting Secret Data at Rest: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ ▶ Adding custom resources to the Kubernetes API server: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/extending-api.md ▶ Use an HTTP Proxy to Access the Kubernetes API: https://kubernetes.io/docs/tasks/extend-kubernetes/http-proxy-access-api/ ▶ Control Plane-Node Communication: https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/ ▶ Dynamic Admission Control: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/ ▶ Kubernetes Proposal - Admission Control: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/admission_control.md ▶ Extension of Admission Control via Initializers and External Admission Enforcement: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/ admission_control_extension.md ▶ Webhook Bootstrapping: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/admission-webhook-bootstrapping.md ▶ Webhooks Beta: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/admission-control-webhooks.md ▶ Dynamic Admission Control: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers ▶ Configure the Aggregation Layer: https://kubernetes.io/docs/tasks/extend-kubernetes/configure-aggregation-layer/ ▶ Set up an Extension API Server: https://kubernetes.io/docs/tasks/extend-kubernetes/setup-extension-api-server/ ▶ Vanilla CRD OpenAPI subset: structural schemas: https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/2335-vanilla-crd-openapi-subset-structural-schemas ▶ The Kubernetes API: https://kubernetes.io/docs/concepts/overview/kubernetes-api/ ▶ Controlling Access to the Kubernetes API: https://kubernetes.io/docs/concepts/security/controlling-access/ ▶ Authenticating: https://kubernetes.io/docs/reference/access-authn-authz/authentication/ ▶ Authorization Overview: https://kubernetes.io/docs/reference/access-authn-authz/authorization/