Learn more about Admission Webhooks

©2018 Wantedly, Inc. Learn more about   Admission Webhooks Kubernetes
meetup #13 Yuichi Saito @munisystem

©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ  ΫϥΠΞϯτ͔ΒͷཁٻΛड͚ೖΕΔ͔൑ఆ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ
w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸

©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ͜ͱͰɺϚχϑΣετʹॻ͔ͣͱ΋ҎԼͷ͜ͱ͕ߦ͑Δ w ೚ҙͷBOOPUBUJPO΍MBCFMΛ෇༩͢Δ w ΞϓϦέʔγϣϯͷ؀ڥม਺ʹ೚ҙͷσʔλΛຒΊࠐΊΔ w QPEͷલ໘ʹQSPYZΛஔ͘
w ΠϝʔδΛॻ͖׵͑Δ w FUD "ENJTTJPO$POUSPMMFSͱ͸

©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔ͷ൑அΛҎԼͷ৘ใ͔Βߦ͑Δ w ϚχϑΣετͷ಺༰ w ΫϥΠΞϯτͷΞΧ΢ϯτ΍ϩʔϧͷछྨ w ֎෦αʔϏεͱͷ࿈ܞ
w FUD "ENJTTJPO$POUSPMMFSͱ͸

w WBMJEBUJOHΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔Λ൑அ͢Δ "ENJTTJPO$POUSPMMFSͱ͸ ෳࡶͳΦϖϨʔγϣϯ΍ػೳΛ,VCFSOFUFT಺෦Ͱ࣮ݱͰ͖Δ

©2018 Wantedly, Inc. w Wd͔Βαϙʔτ͞Εͨ"ENJTTJPO$POUSPMMFSΛ֦ு͢ΔͨΊͷػೳ CFUB w BENJTTJPOQMVHJOTͰҎԼΛ༗ޮʹ͢Δ͜ͱͰར༻͕ՄೳʹͳΔ w
.VUBUJOH"ENJTTJPO8FCIPPL w 7BMJEBUJOH"ENJTTJPO8FCIPPL w Ͳ͜Ͱ࢖ΘΕ͍ͯΔʁ w *TUJP͕TJEFDBSͱͯ͠FOWPZΛEFQMPZ͢Δ࣌ʹར༻͍ͯ͠Δ w SFGIUUQTHJUIVCDPNJTUJPJTUJPCMPCNBTUFSQJMPUQLHLVCFJOKFDUXFCIPPLHP "ENJTTJPO8FCIPPLTͱ͸

©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ  ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU
w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ  "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͷઃఆ 7BMJEBUJOH8FCIPPLTͷྫ ͜ͷઃఆͩͱ w ৚݅ w $MJFOU͔Βͷཁٻ͕ 
BQJ7FSTJPOWͷQPEͷ$3&"5&ͷ৔߹ w Ͳ͜ʹ w EFGBVMUOBNFTQBDFͷ  FYBNQMFIPPLTFSWFSTFSWJDFͷ  BENJUQPETʹରͯ͠ w ͳʹ͕ w 7BMJEBUJOHͷͨΊͷ"ENJTTJPO3FRVFTU ͕ૹΒΕͯ͘ΔΑ͏ʹͳΔ

©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ  ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU
w "ENJTTJPO3FRVFTUʹର͠ฦ౴͢Δ3FTQPOTFͷܗࣜʹΑͬͯ  "ENJTTJPO$POUSPMΛ࣮ݱ͢Δ "ENJTTJPO8FCIPPLTͱ͸

©2018 Wantedly, Inc. w "ENJTTJPO8FCIPPLT͸,VCFSOFUFTΛΧελϚΠζ͢Δ࢓૊Έ w ͜ΕΛ͔ͭ͏͜ͱͰ,VCFSOFUFTʹෳࡶͳΦϖϨʔγϣϯΛ࣮ݱͰ͖Δ w ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ w
ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ w /05ۜͷ஄ؙ w ͝ར༻͸ܭըతʹ ·ͱΊ

Learn more about Admission Webhooks

Learn more about Admission Webhooks

Yuichi Saito

More Decks by Yuichi Saito

Other Decks in Technology

Featured

Transcript

©2018 Wantedly, Inc. Learn more about   Admission Webhooks Kubernetes

©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͷ͓͞Β͍ "ENJTTJPO8FCIPPLTͱ͸ ·ͱΊ Agenda

©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͷ͓͞Β͍

©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹQPEΛ࡞ͬͯΈΔ

©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE͸࡞Δ͜ͱ͕Ͱ͖ͳ͍

©2018 Wantedly, Inc. ਎ۙʹ͋Δ"ENJTTJPO$POUSPMMFSͷྫ ଘࡏ͠ͳ͍OBNFTQBDFʹରͯ͠QPE͸࡞Δ͜ͱ͕Ͱ͖ͳ͍ /BNFTQBDF-JGFDZDMF https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#namespacelifecycle

©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ  ΫϥΠΞϯτ͔ΒͷཁٻΛड͚ೖΕΔ͔൑ఆ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

©2018 Wantedly, Inc. "ENJTTJPO$POUSPMMFSͱ͸ https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/

©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ  ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ͜ͱͰɺϚχϑΣετʹॻ͔ͣͱ΋ҎԼͷ͜ͱ͕ߦ͑Δ w ೚ҙͷBOOPUBUJPO΍MBCFMΛ෇༩͢Δ w ΞϓϦέʔγϣϯͷ؀ڥม਺ʹ೚ҙͷσʔλΛຒΊࠐΊΔ w QPEͷલ໘ʹQSPYZΛஔ͘

©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ  ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

©2018 Wantedly, Inc. ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ͔Ͳ͏͔ͷ൑அΛҎԼͷ৘ใ͔Βߦ͑Δ w ϚχϑΣετͷ಺༰ w ΫϥΠΞϯτͷΞΧ΢ϯτ΍ϩʔϧͷछྨ w ֎෦αʔϏεͱͷ࿈ܞ

©2018 Wantedly, Inc. w ೝূೝՄͷ͋ͱɺ0CKFDU͕ӬଓԽ͢Δલʹ  ΫϥΠΞϯτ͔ΒͷཁٻΛΤΫηϓτ͢ΔͨΊͷ࢓૊Έ w "ENJTTJPO$POUSPMMFSNVUBUJOHͱWBMJEBUJOHͷछྨ͕ଘࡏ͢Δ w NVUBUJOHΫϥΠΞϯτͷཁٻΛॻ͖׵͑Δ

©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͱ͸

©2018 Wantedly, Inc. w Wd͔Βαϙʔτ͞Εͨ"ENJTTJPO$POUSPMMFSΛ֦ு͢ΔͨΊͷػೳ CFUB w BENJTTJPOQMVHJOTͰҎԼΛ༗ޮʹ͢Δ͜ͱͰར༻͕ՄೳʹͳΔ w

©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLT0WFSWJFX https://kubernetes.io/blog/2018/01/extensible-admission-is-beta/

©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ  ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ  ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

©2018 Wantedly, Inc. "ENJTTJPO8FCIPPLTͷઃఆ 7BMJEBUJOH8FCIPPLTͷྫ ͜ͷઃఆͩͱ w ৚݅ w $MJFOU͔Βͷཁٻ͕

©2018 Wantedly, Inc. w LVCFBQJTFSWFSʹ$BMMCBDLઌͱͯ͠)551TFSWFSΛొ࿥͢Δ͜ͱͰɺ  ͦ͜ʹ"ENJTTJPO3FRVFTU͕ඈΜͰ͘ΔΑ͏ʹͳΔ w 7BMJEBUJOH8FCIPPL$POpHVSBUJPO0CKFDU w .VUBUJOH8FCIPPL$POpHVSBUJPO0CKFDU

©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ

©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ

©2018 Wantedly, Inc. γϯϓϧͳ"ENJTTJPO8FCIPPLTͷྫ QPEͷ࡞੒͕ඞࣦͣഊ͢Δ

©2018 Wantedly, Inc. w "ENJTTJPO8FCIPPLT͸,VCFSOFUFTΛΧελϚΠζ͢Δ࢓૊Έ w ͜ΕΛ͔ͭ͏͜ͱͰ,VCFSOFUFTʹෳࡶͳΦϖϨʔγϣϯΛ࣮ݱͰ͖Δ w ΫϥΠΞϯτͷཁٻΛड͚ೖΕΔ w