Photo by ANIRUDH on Unsplash

Written by Erkan Zileli & Furkan Türkal & developer-guy

In Trendyol, we are using Kubernetes Admission Webhooks quite heavily. Because Kubernetes is an extensible platform and we love to extend it by writing our own Kubernetes Admission Webhooks and Operators according to our business requirements. If you decide to do the same thing within your organization, I wrote two blog posts (part 1 and part 2) about how to start writing your own Kubernetes Admission Webhooks. I recommend you take a look at those before continuing to read this one. …

Photo by Clemens van Lay on Unsplash

In the previous post, we mostly had talked about writing Kubernetes Admission Webhooks by using the operator-sdk tool and created our first Mutating Admission Webhook against our custom resource type. But, this time we are going to create another type of Admission Webhook called “Validating” for core types such as Deployment, Pod, etc. instead of the custom resource type because we may not always have some kind of custom resource type. Also, we are going to use “kubebuilder” to scaffold the project template. Why? Because change is always good. …

Photo by LOGAN WEAVER on Unsplash

Kubernetes Admission Controllers concept is very popular these days, especially dynamic ones:
MutatingAdmissionWebhook and ValidatingAdmissionWebhook. 🌟

Before jump into the details of how we can write one of these, let's explain a little bit about, what are they, what we can do with them.

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to the persistence of the object, but after the request is authenticated and authorized. There are lots of admission plugins shipped with the Kubernetes, you can check the list to get more detail about them. It is worth noting…

Photo by Margot RICHARD on Unsplash

“Dynamic Config&Secret Management” çözümümüzü en basit haliyle hatırlatmak gerekirse, ekiplerin uygulamalarının sahip olduğu sensitive ve non-sensitive konfigürasyonlarını bir dosyaya çıkartmak ve bu dosyayı, değerlerin değişimine uygun şekilde güncel tutmak diyebiliriz. Eğer bu konudaki çözümümüzle ilgili yazıları henüz okumadıysanız sırasıyla aşağıdaki linkteki yazılara göz atmanızı tavsiye ederim. 😊

Başlıktaki “Tamamen Farklı Bakış” ile neyi kastettiğimizi açıklayacak olursak, bu yazımızın temel amacı mevcut çözümümüzü farklı şekilde tasarlasaydık bunu nasıl yapabilirdik diye beyin fırtınası yapmak ve aslında bahsedeceğimiz konuya benzer çözümü sunan…

Let’s assume that we are a small organization, and at this organization, we want to migrate our workloads onto Kubernetes, but security is our primary concern and not an afterthought. So, we have already set up our clusters by following the security best practices provided by the Kubernetes official documentation. But when our organization starts to grow, we had to make some decisions to protect our Kubernetes environment and control what end-users can do on the cluster. …

I’m planning to create a series of post related to the Kubernetes Auditing topic and this post is the first part of the series that I’m planning to do, so in the next post, I’ll show you how we can collect and visualize Kubernetes Audit logs using PLG(Promtail-Loki-Grafana) Stack.

First things first, we need to explain what Kubernetes Audit Logs are and what treasures are hidden inside of those for us, so let’s get started with explaining what Kubernetes Audit Logs are.

📝 Kubernetes Audit Logs

As you already know, Kubernetes has a control plane to manage the whole cluster lifecycle and this control…

One of the features of OpenFaaS is an auto-scaling mechanism. The auto-scaling means is that you can scale up/down your function instances as demand increases. Also, OpenFaaS provides a feature called zero-scale. By enabling this feature, you can scale to zero to recover idle resources is available in OpenFaaS.

Using OpenFaaS as an OPA’s Bundle API, you can have all the features by default with less effort. Also, you can’t have to manage to build/push and deploy phases with your Bundle API.

What you will learn in this post?

In this post we are gonna learn:

Photo by José Martín Ramírez Carrasco on Unsplash

In this guide, we are gonna talk about the journey of writing a kubectl plugin for Kubernetes Admission Webhooks. Let’s divide this article into three parts, first, we are gonna explain how we decided to write a plugin for Kubernetes Admission Webhooks, then which tools we used for writing a plugin, how we accomplished distribute the plugin via Krew.

📰 Ingredients

  1. 🤔 How we decided to write a plugin?
  2. 🧰 What tools we used for it?
  3. 📦 How we accomplished to distribute the plugin via Krew?
  4. 👀 References

Please note that, the purpose of this article is not about how to write…

In this post, we are going to demonstrate that how can we manage TLS Certificates for our Kubernetes Admission Webhooks automatically with the help of our brand new project k8s-webhook-certificator and Helm Hooks.

Let’s give a quick introduction about what they are :

  1. Kubernetes Admission Webhooks
  2. Helm Hooks
  3. Certificator
    1. Understand the Problem
    2. Solution
  4. Example of Helm Hook + Certificator

What is the Kubernetes Admission Webhooks?

An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to the persistence of the object, but after the request is authenticated and authorized. The controllers consist of the list below, are…


I do mostly Go, Kubernetes, and cloud-native stuff ⛵️🐰🐳

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store