Skip to content

jw-s/safeguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
cmd
cmd
 
 
contrib
contrib
 
 
hack
hack
 
 
pkg
pkg
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
safeguard.yml
safeguard.yml
 
 

Repository files navigation

safeguard

Safeguard is a custom admission controller for kubernetes used to enforce protection on kubernetes resources.

Usage

  1. Configure safeguard.yml with your own ca bundle base64 encoded.

  2. Modify secret.yml with your own tls.crt and tls.key

    NOTE: the certificates have to be signed by the same CA as your api server!

  3. Run the following;

kubectl create -f safeguard.yml -n NAMESPACE
kubectl create -f contrib/secret.yml -n NAMESPACE
kubectl create -f contrib/deployment.yml -n NAMESPACE # this should be in the same namespace as the secret
kubectl create -f contrib/service.yml -n NAMESPACE # this should be in the same namespace as the deployment
  1. Decorate your resources with the following annotation to protect them.
---
apiVersion: v1
kind: Service
metadata:
  name: example
  annotations:
    safeguard.jw-s.com/protected: 'true'
...
  1. Try to delete the protected resource!

Development

Prerequistities

  • Go 1.12.x
  • Make
go get -d github.com/jw-s/safeguard
cd $GOPATH/src/github.com/jw-s/safeguard
make build

About

Brings protected resources to kubernetes!

Topics

kubernetes kubernetes-controller protected protected-resources admission-controller

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 4

v0.3: Fix kubernetes introduced log to disk by default (#2) Latest
Nov 12, 2019
+ 3 releases

Packages

No packages published

Languages