Red Hat Training
A Red Hat training course is available for OpenShift Container Platform
4.7.2.3. Admission Webhook Example
다음은 네임스페이스가 예약된 경우 네임스페이스 생성을 허용하지 않는 승인 Webhook의 예입니다.
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: namespacereservations.admission.online.openshift.io
webhooks:
- name: namespacereservations.admission.online.openshift.io
clientConfig:
service:
namespace: default
name: webhooks
path: /apis/admission.online.openshift.io/v1beta1/namespacereservations
caBundle: KUBE_CA_HERE
rules:
- operations:
- CREATE
apiGroups:
- ""
apiVersions:
- "b1"
resources:
- namespaces
failurePolicy: Ignore다음은 webhook라는 승인 Webhook에 의해 평가되는 Pod의 예입니다.
apiVersion: v1
kind: Pod
metadata:
labels:
role: webhook
name: webhook
spec:
containers:
- name: webhook
image: myrepo/myimage:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8000다음은 웹 후크의 프런트엔드 서비스입니다.
apiVersion: v1
kind: Service
metadata:
labels:
role: webhook
name: webhook
spec:
ports:
- port: 443
targetPort: 8000
selector:
role: webhook