Victor Morales, profile picture
Uploaded byVictor Morales
PPTX, PDF182 views

Mutating Admission Webhook creation

This document discusses mutating admission webhooks in Kubernetes. It provides context on PNFs, VNFs, and CNFs. It then describes how a mutating admission webhook can be implemented to inject a generic NSE sidecar into pods. It outlines the prerequisites and provides links to example implementations of generating certificates, deploying webhook resources, and creating a MutatingWebhookConfiguration to deploy the webhook.

Embed presentation

Download to read offline
Mutating Admission Webhook creation Victor Morales
Victor Morales • +15 yrs as a Software Engineer • .NET, Java, python, Go programmer • OpenStack, OPNFV, ONAP and CNCF contributor. https://about.me/electrocucaracha
Agenda • Context • PNFs, VNFs and CNFs • GW Tester - Proposal • CNF Challenges • Portability – Multus, DANM and NSM • NSM gaps • NSE Generic sidecar • Admission Webhooks • Mutating Admission Webhook • Implementation • Deployment
PNFs, VNFs and CNFs (TBD) • Physical Network Function (PNF): Refers to the legacy network appliances on proprietary hardware. • Virtualized Network Function (VNF): A software application that deliver network functions such as directory services, routers, firewalls, load balancers, and more. https://www.redhat.com/en/topics/cloud-native-apps/vnf-and-cnf-whats-the-difference • Cloud Native Network Function (CNF): A cloud native application that provides network functionality and is developed using cloud native principles. https://github.com/cncf/cnf- wg/blob/main/doc/glossary.md#community-definitions https://networking.cloud-native-principles.org/cloud-native-principles https://github.com/cncf/cnf-wg/pull/171
CNF Reference – GW Tester https://github.com/gw-tester/
Kubernetes – Multiple Networks https://codilime.com/kubernetes-workloads-using-multiple-networks/
Multiple NICs Solutions Multus and DANM annotations can coexist in a Pod/Deployment definition
Multiple NICs Solutions (cont.) NSM requires different approach
Portability?
Multiple NICs – Goal Annotations can help to make CNFs portable
NSM challenges
NSE Generic sidecar https://github.com/gw-tester/nse A NSE sidecar implementation that uses: • Multiple services per one endpoint • DownwardAPI feature
Admission Webhooks Admission webhooks are HTTP callbacks that receive admission requests and do something with them. You can define two types of admission webhooks, validating admission webhook and mutating admission webhook. Mutating admission webhooks are invoked first, and can modify objects sent to the API server to enforce custom defaults… https://kubernetes.io/docs/reference/access- authn-authz/extensible-admission-controllers/ https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/
Mutating Admission Webhook in details https://medium.com/ibm-cloud/diving-into- kubernetes-mutatingadmissionwebhook- 6ef3c5695f74
Webhook Admission Server It is just plain http server that adhere to Kubernetes API. For each request to the apiserver, the MutatingAdmissionWebhook sends an admissionReview(API for reference) to the relevant webhook admission server. Prerequisites: • Kubernetes +1.9 • admissionregistration.k8s.io/v1 API enabled $ kubectl api-versions | grep admissionregistration.k8s.io/v1 NSE injector webhook admissionReview Request /mutate ns.networkservicemesh.io/status == injected ? createPatch json.Marshal(admissionReview) admissionReview Response Yes No
Webhook Admission Implementation
https://github.com/gw-tester/nse-injector- webhook/blob/master/internal/routers/webhookrouter/ webhook.go#L48 https://github.com/gw-tester/nse-injector- webhook/blob/master/internal/handlers/webhookhld/mutator.go#L102
https://github.com/gw-tester/nse-injector-webhook/blob/master/internal/core/domain/mutator.go#L196 https://github.com/gw-tester/nse-injector- webhook/blob/master/internal/core/domain/mutator.go#L116
Webhook Admission Deployment
Overview 1. Generate a certificate signed by Kubernetes CA 2. Deploy NSE injector webhook resources 3. Create a MutatingWebhookConfiguration resource 4. Add nse-sidecar-injection namespace’s label https://github.com/gw-tester/nse-injector-webhook/blob/master/Makefile#L43-L47
Generate a certificate https://github.com/gw-tester/nse-injector- webhook/blob/master/scripts/webhook-create-signed- cert.sh
Deploy K8s resources https://github.com/gw-tester/nse-injector-webhook/blob/master/deployments/k8s.yml
Dockerfile https://github.com/gw-tester/nse-injector- webhook/blob/master/Dockerfile
Create a MutatingWebhookConfiguration https://github.com/gw-tester/nse-injector- webhook/blob/master/deployments/mutatingwebho ok.yaml
Putting all together $ git clone --depth=1 https://github.com/gw-tester/infra $ cd infra/ $ vagrant ssh nsm -- git clone --depth=1 https://github.com/gw-tester/helm-charts $ vagrant ssh nsm -- "cd helm-charts; ./check.sh"
Q&A https://medium.com/ibm-cloud/diving-into-kubernetes- mutatingadmissionwebhook-6ef3c5695f74

More Related Content

PPTX
WebdriverIO: the Swiss Army Knife of testing
byDaniel Chivescu
 
KEY
Selenium Grid
bynirvdrum
 
PDF
Azure App configuration
byMuhammad Sajid
 
PDF
Scalable and Available, Patterns for Success
byDerek Collison
 
PPTX
Testing Spring Applications
byMuhammad Abdullah
 
PPTX
AngularJS - Présentation (french)
byYacine Rezgui
 
PDF
Asp.net core tutorial
byHarikaReddy115
 
PDF
Webinar: Selenium WebDriver - Automation Uncomplicated
byEdureka!
 
WebdriverIO: the Swiss Army Knife of testing
byDaniel Chivescu
 
Selenium Grid
bynirvdrum
 
Azure App configuration
byMuhammad Sajid
 
Scalable and Available, Patterns for Success
byDerek Collison
 
Testing Spring Applications
byMuhammad Abdullah
 
AngularJS - Présentation (french)
byYacine Rezgui
 
Asp.net core tutorial
byHarikaReddy115
 
Webinar: Selenium WebDriver - Automation Uncomplicated
byEdureka!
 

What's hot

PPTX
Dot net platform and dotnet core fundamentals
byLalit Kale
 
PPT
MSDN - ASP.NET MVC
byMaarten Balliauw
 
PDF
Running distributed tests with k6.pdf
byLibbySchulze
 
PDF
Operator SDK for K8s using Go
byCloudOps2005
 
PDF
QThreads: Are You Using Them Wrong?
byICS
 
PDF
Angular 2 Essential Training
byPatrick Schroeder
 
PPTX
Draft: building secure applications with keycloak (oidc/jwt)
byAbhishek Koserwal
 
ODP
Java 9 Features
byNexThoughts Technologies
 
PPTX
TOSCA in Practice with ARIA
byCloudify Community
 
Dot net platform and dotnet core fundamentals
byLalit Kale
 
MSDN - ASP.NET MVC
byMaarten Balliauw
 
Running distributed tests with k6.pdf
byLibbySchulze
 
Operator SDK for K8s using Go
byCloudOps2005
 
QThreads: Are You Using Them Wrong?
byICS
 
Angular 2 Essential Training
byPatrick Schroeder
 
Draft: building secure applications with keycloak (oidc/jwt)
byAbhishek Koserwal
 
Java 9 Features
byNexThoughts Technologies
 
TOSCA in Practice with ARIA
byCloudify Community
 

Similar to Mutating Admission Webhook creation

PDF
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
byShapeBlue
 
PPTX
CNCF Introduction - Feb 2018
byKrishna-Kumar
 
PDF
Load Balancing for Containers and Cloud Native Architecture
byChiradeep Vittal
 
PDF
How to contribute to cloud native computing foundation (CNCF)
byKrishna-Kumar
 
PDF
How to Contribute to Cloud Native Computing Foundation
byCodeOps Technologies LLP
 
PPTX
Building Event Driven API Services Using Webhooks
byCloud Elements
 
PDF
Intro to the CNCF Research User Group
byBob Killen
 
PDF
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
byVMworld
 
PDF
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
byCynthia Thomas
 
PDF
Create great cncf user base from lessons learned from other open source com...
byKrishna-Kumar
 
PPTX
Virtual migration cloud
byShalini Toluchuri
 
PPTX
An API Your Parents Would Be Proud Of
byJose Alfredo Alvarez Aldana
 
PDF
【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community
byシスコシステムズ合同会社
 
PDF
Learn REST in 18 Slides
bySuraj Gupta
 
PPTX
Ccpro_Presentationfddgdddcfbbjjdssvhbvxf11.pptx
by19526YuvaKumarIrigi
 
PPTX
Opendaylight app development
byvjanandr
 
PDF
Deadlock Preventive Adaptive Wormhole Routing on k-ary n-cube Interconnection...
byfbinard
 
PDF
Lfa
byNgoc Nguyen Dang
 
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
byShapeBlue
 
CNCF Introduction - Feb 2018
byKrishna-Kumar
 
Load Balancing for Containers and Cloud Native Architecture
byChiradeep Vittal
 
How to contribute to cloud native computing foundation (CNCF)
byKrishna-Kumar
 
How to Contribute to Cloud Native Computing Foundation
byCodeOps Technologies LLP
 
Building Event Driven API Services Using Webhooks
byCloud Elements
 
Intro to the CNCF Research User Group
byBob Killen
 
VMworld 2014: Advanced Topics & Future Directions in Network Virtualization w...
byVMworld
 
From Nova-Network to Neutron and Beyond: A Look at OpenStack Networking
byCynthia Thomas
 
Create great cncf user base from lessons learned from other open source com...
byKrishna-Kumar
 
Virtual migration cloud
byShalini Toluchuri
 
An API Your Parents Would Be Proud Of
byJose Alfredo Alvarez Aldana
 
【EPN Seminar Nov.10. 2015】 Key note – Open innovation and Engineering community
byシスコシステムズ合同会社
 
Learn REST in 18 Slides
bySuraj Gupta
 
Ccpro_Presentationfddgdddcfbbjjdssvhbvxf11.pptx
by19526YuvaKumarIrigi
 
Opendaylight app development
byvjanandr
 
Deadlock Preventive Adaptive Wormhole Routing on k-ary n-cube Interconnection...
byfbinard
 
Lfa
byNgoc Nguyen Dang
 

More from Victor Morales

PPTX
Kubernetes fundamentals
byVictor Morales
 
PPTX
Understanding kube proxy in ipvs mode
byVictor Morales
 
PPTX
Sudo Fciencias - Kubernetes 101 (6/12/25)
byVictor Morales
 
PPTX
KCD Costa Rica 2024 - Nephio para parvulitos
byVictor Morales
 
PPTX
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem
byVictor Morales
 
PDF
Open Discussion: Nephio Test-infra project
byVictor Morales
 
PPTX
Cloud native fundamentals
byVictor Morales
 
PPTX
Pod Sandbox workflow creation from Dockershim
byVictor Morales
 
PPTX
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
byVictor Morales
 
PPTX
Deep dive networking
byVictor Morales
 
PPTX
Improving cold start with Distroless techniques
byVictor Morales
 
PPTX
Understanding the Cloud-Native origins.pptx
byVictor Morales
 
PPTX
Nephio 101
byVictor Morales
 
PPTX
Deciphering Kubernetes Networking
byVictor Morales
 
PPTX
My OPNFV journey
byVictor Morales
 
PPTX
GW Tester
byVictor Morales
 
PPTX
How to contribute to an open source project and don’t die during the Code Rev...
byVictor Morales
 
PPTX
CCOSS + KCD Mexico 2024 - Embracing GitOps in Telecom with Nephio
byVictor Morales
 
PPTX
Removing Language Barriers for Spanish-speaking Professionals
byVictor Morales
 
PPTX
Tips and tricks for contributing to an Open Source project.pptx
byVictor Morales
 
Kubernetes fundamentals
byVictor Morales
 
Understanding kube proxy in ipvs mode
byVictor Morales
 
Sudo Fciencias - Kubernetes 101 (6/12/25)
byVictor Morales
 
KCD Costa Rica 2024 - Nephio para parvulitos
byVictor Morales
 
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem
byVictor Morales
 
Open Discussion: Nephio Test-infra project
byVictor Morales
 
Cloud native fundamentals
byVictor Morales
 
Pod Sandbox workflow creation from Dockershim
byVictor Morales
 
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressions
byVictor Morales
 
Deep dive networking
byVictor Morales
 
Improving cold start with Distroless techniques
byVictor Morales
 
Understanding the Cloud-Native origins.pptx
byVictor Morales
 
Nephio 101
byVictor Morales
 
Deciphering Kubernetes Networking
byVictor Morales
 
My OPNFV journey
byVictor Morales
 
GW Tester
byVictor Morales
 
How to contribute to an open source project and don’t die during the Code Rev...
byVictor Morales
 
CCOSS + KCD Mexico 2024 - Embracing GitOps in Telecom with Nephio
byVictor Morales
 
Removing Language Barriers for Spanish-speaking Professionals
byVictor Morales
 
Tips and tricks for contributing to an Open Source project.pptx
byVictor Morales
 

Recently uploaded

PPTX
Unit I – Introduction to Devops Deployment Pipeline & Design Options Deploym...
byvenkadeshr123
 
PPTX
70,000 RPM Aerospace Bearing Testing – Why High-Speed Validation Is Critical
byNeometrix_Engineering_Pvt_Ltd
 
PPTX
CFP_Unit 5. Structure and Functions pptx
bypawarbhaktiit
 
PDF
Deterministic Finite Automata to Regular Expression Conversion.pdf
byNileshPardeshi28
 
PPTX
HVAC_Design_Course_Mech_Engineering.pptx
bysabermona665
 
PDF
Performance Benchmarking Strategies for AI/HPC/EdgeAI
byDanny Jiang
 
PDF
Performance_Metrics_Evolution_DannyJiang
byDanny Jiang
 
PDF
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
PDF
BOE 2.1 Inch LCD 1600X1600 For VR AR Headset Smart Device
bySyluxdisplay
 
PPTX
Why Precision Matters CO2 N2 Gas Filling Systems Neometrix
byNeometrix_Engineering_Pvt_Ltd
 
PPTX
High Voltage Direct Current Circuit Breakers.pptx
byJawadAmjad16
 
PPTX
1.1 Structure of Materials_Material science.pptx
byDr. Sandip Thorat
 
PDF
Branches of AI – perception, reasoning, learning, and action.pdf
byVyankateshBhaurkar1
 
PPTX
review of transistor circuit and applications
bysophieshuqinghuang
 
PPTX
Symmetrical faults in power system .pptx
byRased Khan
 
PDF
graph graph graph theory Graph presentation .pdf
bygeekcooder2020
 
PPTX
The Most Dangerous Asset in Your Plant Is the One You Ignore | CXO Guide to H...
byMaintWiz Technologies Private Limited
 
PPTX
Solar PV An Essential Requirement in renewable energy based sources Industria...
byshilpashukla2025
 
PPTX
analog communication part two lecture note
byhirutfanta1212
 
PPTX
Power Circuit Breakers and Substations .pptx
byJawadAmjad16
 
Unit I – Introduction to Devops Deployment Pipeline & Design Options Deploym...
byvenkadeshr123
 
70,000 RPM Aerospace Bearing Testing – Why High-Speed Validation Is Critical
byNeometrix_Engineering_Pvt_Ltd
 
CFP_Unit 5. Structure and Functions pptx
bypawarbhaktiit
 
Deterministic Finite Automata to Regular Expression Conversion.pdf
byNileshPardeshi28
 
HVAC_Design_Course_Mech_Engineering.pptx
bysabermona665
 
Performance Benchmarking Strategies for AI/HPC/EdgeAI
byDanny Jiang
 
Performance_Metrics_Evolution_DannyJiang
byDanny Jiang
 
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
BOE 2.1 Inch LCD 1600X1600 For VR AR Headset Smart Device
bySyluxdisplay
 
Why Precision Matters CO2 N2 Gas Filling Systems Neometrix
byNeometrix_Engineering_Pvt_Ltd
 
High Voltage Direct Current Circuit Breakers.pptx
byJawadAmjad16
 
1.1 Structure of Materials_Material science.pptx
byDr. Sandip Thorat
 
Branches of AI – perception, reasoning, learning, and action.pdf
byVyankateshBhaurkar1
 
review of transistor circuit and applications
bysophieshuqinghuang
 
Symmetrical faults in power system .pptx
byRased Khan
 
graph graph graph theory Graph presentation .pdf
bygeekcooder2020
 
The Most Dangerous Asset in Your Plant Is the One You Ignore | CXO Guide to H...
byMaintWiz Technologies Private Limited
 
Solar PV An Essential Requirement in renewable energy based sources Industria...
byshilpashukla2025
 
analog communication part two lecture note
byhirutfanta1212
 
Power Circuit Breakers and Substations .pptx
byJawadAmjad16
 

Mutating Admission Webhook creation

Editor's Notes

  • #2 Network Service Mesh (NSM) es un proyecto de la CNCF que simplifica la conectividad entre cargas de trabajo independientes. Dicha conectividad es solo creada entre aquellas cargas de trabajo que lo necesiten, lo cual ofrece un modelo mas flexible en el desarrollo de Cloud-Native Network Functions (CNFs). Durante esta platica se mencionara algunas de las limitantes enfrentadas por desarrolladores de CNFs y se ofrecerá la creación de un Kubernetes Mutating Admission Webhook como componente necesario para la portabilidad requerida por CNFs que utilizan NSM.
  • #11 Define it once use it anywhere - Portability
  • #27 Take aways Webhook Admission Development is easy