Skip to content

jw-s/safeguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

cmd

cmd

 
 

contrib

contrib

 
 

hack

hack

 
 

pkg

pkg

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

safeguard.yml

safeguard.yml

 
 

Repository files navigation

safeguard

Safeguard is a custom admission controller for kubernetes used to enforce protection on kubernetes resources.

Usage

  1. Configure safeguard.yml with your own ca bundle base64 encoded.

  2. Modify secret.yml with your own tls.crt and tls.key

    NOTE: the certificates have to be signed by the same CA as your api server!

  3. Run the following;

kubectl create -f safeguard.yml -n NAMESPACE
kubectl create -f contrib/secret.yml -n NAMESPACE
kubectl create -f contrib/deployment.yml -n NAMESPACE # this should be in the same namespace as the secret
kubectl create -f contrib/service.yml -n NAMESPACE # this should be in the same namespace as the deployment
  1. Decorate your resources with the following annotation to protect them.
---
apiVersion: v1
kind: Service
metadata:
  name: example
  annotations:
    safeguard.jw-s.com/protected: 'true'
...
  1. Try to delete the protected resource!

Development

Prerequistities

  • Go 1.12.x
  • Make
go get -d github.com/jw-s/safeguard
cd $GOPATH/src/github.com/jw-s/safeguard
make build

About

Brings protected resources to kubernetes!

Topics

kubernetes kubernetes-controller protected protected-resources admission-controller

Resources

Readme

License

MIT license
Activity

Stars

10 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 4

v0.3: Fix kubernetes introduced log to disk by default (#2) Latest
Nov 12, 2019
+ 3 releases

Packages

No packages published

Languages