Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Learn more about Admission Webhooks
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Yuichi Saito
September 28, 2018
Technology
1.9k
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Learn more about Admission Webhooks
kubernetes meetup #13
https://k8sjp.connpass.com/event/100842/
Yuichi Saito
September 28, 2018
More Decks by Yuichi Saito
See All by Yuichi Saito
失敗から学ぶ - ポストモーテム / Postmotem culture at Wantedly
munisystem
3
39k
Distributed Tracing with OpenCensus at Wantedly, Inc.
munisystem
3
5.3k
OpenCensus による APM の実現と、未来 / Implementing APM with OpenCensus
munisystem
8
7.3k
Effective Health Checking
munisystem
2
860
An introduction to monitoring Go Application with OpenCensus
munisystem
1
1.4k
Dgraph - A high performance graph database written in pure Go
munisystem
7
7.9k
Other Decks in Technology
See All in Technology
SRE歴2ヶ月でも開発6年の知見を活かして、チームで止まっていた環境改善を前に進めた話
a_ono
1
220
「ちゃんとやっている」は独りよがりだった ― 不安に寄り添うインシデント対応へ / Towards incident response that addresses anxieties
chmikata
1
3.7k
攻撃者がいなくてもAIエージェントはインシデントを起こす
nomizone
0
200
LiDAR SLAMの実装とセンサ融合 ~Lie群からContinuous-Time LIOまで~
naokiakai
1
1k
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
520
ZOZOTOWNの進化と信頼性を両立する負荷試験
zozotech
PRO
0
140
『AIに負けない』より『AIと遊ぶ』」〜ワクワクが最強のテスト・QA学習戦略_公開用
odan611
2
520
キャリアの中で本を作る / Making a Book During Your Career
ak1210
0
120
Empower GenAI with Agile - あなたのアジャイルが生成AIのバフになる仕組み
hageyahhoo
1
140
CIで使うClaude
iwatatomoya
0
170
デジタル・デザイン:次の50年を描く「進化する青写真」
y150saya
0
840
Claude Codeとハーネスについて考えてみる
oikon48
18
8.8k
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
Utilizing Notion as your number one productivity tool
mfonobong
4
350
Test your architecture with Archunit
thirion
1
2.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
Mind Mapping
helmedeiros
PRO
1
280
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.3k
So, you think you're a good person
axbom
PRO
2
2.1k
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
550
Rails Girls Zürich Keynote
gr2m
96
14k
Docker and Python
trallard
47
3.9k
Why Our Code Smells
bkeepers
PRO
340
58k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
659
62k
Transcript
©2018 Wantedly, Inc. Learn more about Admission Webhooks Kubernetes
meetup #13 Yuichi Saito @munisystem
©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͷ͓͞Β͍ "ENJTTJPO8FCIPPLTͱ ·ͱΊ Agenda
©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͷ͓͞Β͍
©2018 Wantedly, Inc. ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹQPEΛ࡞ͬͯΈΔ
©2018 Wantedly, Inc. ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE࡞Δ͜ͱ͕Ͱ͖ͳ͍
©2018 Wantedly, Inc. ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE࡞Δ͜ͱ͕Ͱ͖ͳ͍ /BNFTQBDF-JGFDZDMF https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#namespacelifecycle
©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ ΫϥΠΞϯτ͔ΒͷཁٻΛड͚ೖΕΔ͔ఆ͢ΔͨΊͷΈ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖͑Δ
w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λஅ͢Δ "ENJTTJPO$POUSPMMFSͱ
©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͱ https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/
©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷΈ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖͑Δ
w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λஅ͢Δ "ENJTTJPO$POUSPMMFSͱ
©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛॻ͖͑Δ͜ͱͰɺϚχϑΣετʹॻ͔ͣͱҎԼͷ͜ͱ͕ߦ͑Δ w ҙͷBOOPUBUJPOMBCFMΛ༩͢Δ w ΞϓϦέʔγϣϯͷڥมʹҙͷσʔλΛຒΊࠐΊΔ w QPEͷલ໘ʹQSPYZΛஔ͘
w ΠϝʔδΛॻ͖͑Δ w FUD "ENJTTJPO$POUSPMMFSͱ
©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷΈ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖͑Δ
w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λஅ͢Δ "ENJTTJPO$POUSPMMFSͱ
©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔ͷஅΛҎԼͷใ͔Βߦ͑Δ w ϚχϑΣετͷ༰ w ΫϥΠΞϯτͷΞΧϯτϩʔϧͷछྨ w ֎෦αʔϏεͱͷ࿈ܞ
w FUD "ENJTTJPO$POUSPMMFSͱ
©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷΈ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖͑Δ
w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λஅ͢Δ "ENJTTJPO$POUSPMMFSͱ ෳࡶͳΦϖϨʔγϣϯػೳΛ,VCFSOFUFT෦Ͱ࣮ݱͰ͖Δ
©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͱ
©2018 Wantedly, Inc. w Wd͔Βαϙʔτ͞Εͨ"ENJTTJPO$POUSPMMFSΛ֦ு͢ΔͨΊͷػೳ CFUB w BENJTTJPOQMVHJOTͰҎԼΛ༗ޮʹ͢Δ͜ͱͰར༻͕ՄೳʹͳΔ w
.VUBUJOH"ENJTTJPO8FCIPPL w 7BMJEBUJOH"ENJTTJPO8FCIPPL w Ͳ͜ͰΘΕ͍ͯΔʁ w *TUJP͕TJEFDBSͱͯ͠FOWPZΛEFQMPZ͢Δ࣌ʹར༻͍ͯ͠Δ w SFGIUUQTHJUIVCDPNJTUJPJTUJPCMPCNBTUFSQJMPUQLHLVCFJOKFDUXFCIPPLHP "ENJTTJPO8FCIPPLTͱ
©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLT0WFSWJFX https://kubernetes.io/blog/2018/01/extensible-admission-is-beta/
©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ͢Δ͜ͱͰɺ ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU
w "ENJTTJPO3FRVFTUʹର͠ฦ͢Δ3FTQPOTFͷܗࣜʹΑͬͯ "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ
©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ͢Δ͜ͱͰɺ ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU
w "ENJTTJPO3FRVFTUʹର͠ฦ͢Δ3FTQPOTFͷܗࣜʹΑͬͯ "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ
©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͷઃఆ 7BMJEBUJOH8FCIPPLTͷྫ ͜ͷઃఆͩͱ w ݅ w $MJFOU͔Βͷཁٻ͕
BQJ7FSTJPOWͷQPEͷ$3&"5&ͷ߹ w Ͳ͜ʹ w EFGBVMUOBNFTQBDFͷ FYBNQMFIPPLTFSWFSTFSWJDFͷ BENJUQPETʹରͯ͠ w ͳʹ͕ w 7BMJEBUJOHͷͨΊͷ"ENJTTJPO3FRVFTU ͕ૹΒΕͯ͘ΔΑ͏ʹͳΔ
©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ͢Δ͜ͱͰɺ ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU
w "ENJTTJPO3FRVFTUʹର͠ฦ͢Δ3FTQPOTFͷܗࣜʹΑͬͯ "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ
©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ
©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ
©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ QPEͷ࡞͕ඞࣦͣഊ͢Δ
©2018 Wantedly, Inc. w "ENJTTJPO8FCIPPLT,VCFSOFUFTΛΧελϚΠζ͢ΔΈ w ͜ΕΛ͔ͭ͏͜ͱͰ,VCFSOFUFTʹෳࡶͳΦϖϨʔγϣϯΛ࣮ݱͰ͖Δ w ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ w
ΫϥΠΞϯτͷཁٻΛॻ͖͑Δ w /05ۜͷؙ w ͝ར༻ܭըతʹ ·ͱΊ