Kubernetes Admission Controllers concept is very popular these days, especially dynamic ones:
MutatingAdmissionWebhook and ValidatingAdmissionWebhook. 🌟

Before jump into the details of how we can write one of these, let's explain a little bit about, what are they, what we can do with them.

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to the persistence of the object, but after the request is authenticated and authorized. There are lots of admission plugins shipped with the Kubernetes, you can check the list to get more detail about them. It is worth noting…

“Dynamic Config&Secret Management” çözümümüzü en basit haliyle hatırlatmak gerekirse, ekiplerin uygulamalarının sahip olduğu sensitive ve non-sensitive konfigürasyonlarını bir dosyaya çıkartmak ve bu dosyayı, değerlerin değişimine uygun şekilde güncel tutmak diyebiliriz. Eğer bu konudaki çözümümüzle ilgili yazıları henüz okumadıysanız sırasıyla aşağıdaki linkteki yazılara göz atmanızı tavsiye ederim. 😊

• Trendyol’da Kubernetes’i Kendi İhtiyaçlarımıza göre Nasıl Extend Ettik ?
• Dynamic Config&Secret Management Sidecar Geliştirme Serüvenimiz⛵☀️🌊
• Ne eeettin Istio?(Sidecar Lifecycle Problemi)🤔 ⛵️

Başlıktaki “Tamamen Farklı Bakış” ile neyi kastettiğimizi açıklayacak olursak, bu yazımızın temel amacı mevcut çözümümüzü farklı şekilde tasarlasaydık bunu nasıl yapabilirdik diye beyin fırtınası yapmak ve aslında bahsedeceğimiz konuya benzer çözümü sunan…

🎁 İçerik

·⛵☀️🌊 Dynamic Config&Secret Management Sidecar Geliştirme Serüvenimiz
· ✨ Dynamic Config & Secret Management Sidecar
∘ 👨 Sidecar Containerımız non-root bir kullanıcıyla çalışmalı
∘ 🧰 Sidecar containerımız içerisinde herhangi bir shell veya paket yöneticisi içermemeli
∘ 📍 Containerımızın başlatacağı process PID 1'de çalışmalı ve terminasyon sinyallerine cevap verebilmeli
∘ 🛡 ️Güvenlik açısından göz önünde bulundurduğumuz maddeleri nasıl çözüyoruz ?
∘ ⚙️ Main process PID 1 açısından göz önünde bulundurduğumuz maddeleri nasıl çözüyoruz ?
· 📝 Özet
· 👀 Referanslar

⛵☀️🌊 Dynamic Config&Secret Management Sidecar Geliştirme Serüvenimiz

Bir önceki yazımızda Dynamic Config&Secret Management sürecini Kubernetes ile beraber nasıl kurguladığımızdan ve Sidecar geliştirme süreçlerimizden bahsetmiştik, bu yazımızda ise sidecar…

Let’s assume that we are a small organization, and at this organization, we want to migrate our workloads onto Kubernetes, but security is our primary concern and not an afterthought. So, we have already set up our clusters by following the security best practices provided by the Kubernetes official documentation. But when our organization starts to grow, we had to make some decisions to protect our Kubernetes environment and control what end-users can do on the cluster. …

I’m planning to create a series of post related to the Kubernetes Auditing topic and this post is the first part of the series that I’m planning to do, so in the next post, I’ll show you how we can collect and visualize Kubernetes Audit logs using PLG(Promtail-Loki-Grafana) Stack.

First things first, we need to explain what Kubernetes Audit Logs are and what treasures are hidden inside of those for us, so let’s get started with explaining what Kubernetes Audit Logs are.

📝 Kubernetes Audit Logs

As you already know, Kubernetes has a control plane to manage the whole cluster lifecycle and this control…

One of the features of OpenFaaS is an auto-scaling mechanism. The auto-scaling means is that you can scale up/down your function instances as demand increases. Also, OpenFaaS provides a feature called zero-scale. By enabling this feature, you can scale to zero to recover idle resources is available in OpenFaaS.

Using OpenFaaS as an OPA’s Bundle API, you can have all the features by default with less effort. Also, you can’t have to manage to build/push and deploy phases with your Bundle API.

What you will learn in this post?

In this post we are gonna learn:

• What is OPA (Open Policy Agent)?
• How can we deploy OPA…

In this guide, we are gonna talk about the journey of writing a kubectl plugin for Kubernetes Admission Webhooks. Let’s divide this article into three parts, first, we are gonna explain how we decided to write a plugin for Kubernetes Admission Webhooks, then which tools we used for writing a plugin, how we accomplished distribute the plugin via Krew.

📰 Ingredients

1. 🤔 How we decided to write a plugin?
2. 🧰 What tools we used for it?
3. 📦 How we accomplished to distribute the plugin via Krew?
4. 👀 References

Please note that, the purpose of this article is not about how to write…

In this post, we are going to demonstrate that how can we manage TLS Certificates for our Kubernetes Admission Webhooks automatically with the help of our brand new project k8s-webhook-certificator and Helm Hooks.

Let’s give a quick introduction about what they are :

1. Kubernetes Admission Webhooks
2. Helm Hooks
3. Certificator
   1. Understand the Problem
   2. Solution
4. Example of Helm Hook + Certificator

What is the Kubernetes Admission Webhooks?

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to the persistence of the object, but after the request is authenticated and authorized. The controllers consist of the list below, are…