Initial changes #1
Conversation
| # Validation Admission Controller | ||
| This Validation Admission Controller is a solution designed to enforce custom admission policies for Kubernetes resources using a combination of Terraform modules and a Ruby application. |
There was a problem hiding this comment.
I would reword this intro paragraph to focus on the purpose of this code -- preventing accidental pod deletions. Then explain how it works (uses a validation admission controller and looks for certain labels on pods, what its reliability guarantees are, etc.)
E.g.
# Kubernetes pod deletion protection
This module helps prevent accidental Kubernetes pod deletion...
## How it works
It uses...
| ## Overview | ||
| The Validation Admission Controller intercepts Kubernetes resource creation requests and applies custom validation logic before allowing resources to be created or modified. This helps enforce specific policies and ensure that only compliant resources are admitted into the cluster. |
There was a problem hiding this comment.
Nitpick: formatting-wise, it's better to have a blank line around headings (that includes between a heading and the content that follows it).
| ## Overview | |
| The Validation Admission Controller intercepts Kubernetes resource creation requests and applies custom validation logic before allowing resources to be created or modified. This helps enforce specific policies and ensure that only compliant resources are admitted into the cluster. | |
| ## Overview | |
| The Validation Admission Controller intercepts Kubernetes resource creation requests and applies custom validation logic before allowing resources to be created or modified. This helps enforce specific policies and ensure that only compliant resources are admitted into the cluster. |
| - **Ruby Application:** Core validation logic implemented in Ruby for flexibility and extensibility. | ||
|
|
||
| ## Prerequisites | ||
| - **Kubernetes Cluster:** Access to a Kubernetes cluster (min version X.X) where the admission controller will be deployed. |
There was a problem hiding this comment.
TODO: Update the min version of the k8s cluster here.
|
|
||
| ```hcl | ||
| module "termination_protection" { | ||
| source = "https://github.com/Dext/k8s-pod-deletion-protection//ac_termination_protection?ref=v0.1" |
There was a problem hiding this comment.
| source = "https://github.com/Dext/k8s-pod-deletion-protection//ac_termination_protection?ref=v0.1" | |
| source = "https://github.com/dext/k8s-pod-deletion-protection//ac_termination_protection?ref=v0.1" |
|
|
||
| 1. Add the module to your Terraform configuration | ||
|
|
||
| ```hcl |
There was a problem hiding this comment.
This fenced code block should be indented with at least 2 spaces (or 3) to become a part of list item 1 and to make the whole thing an actual numbered list.
| }) | ||
|
|
||
| default = { | ||
| name = "vutoff/k8s-termination-protection:v0.1" |
There was a problem hiding this comment.
Let's push it under the dext DockerHub org.
| }) | ||
| default = { | ||
| limits = { | ||
| cpu = "100m" |
There was a problem hiding this comment.
I don't recommend setting a CPU limit under 0.5 CPUs.
| @@ -0,0 +1,65 @@ | |||
| variable "name" { | |||
| type = string | |||
| description = "The name of the resource" | |||
There was a problem hiding this comment.
Of which resource? The one being protected? Or the webhook deployment?
I know what it refers to as I've read the code, but let's be more clear here. Otherwise, the description is useless and one has to always read the code.
|
|
||
| variable "namespace" { | ||
| type = string | ||
| description = "The namespace of the resource" |
| } | ||
|
|
||
| variable "docker_image" { | ||
| description = "The docker image to use for the container" |
There was a problem hiding this comment.
...for the container of the admission webhook.
You get the idea.
Initial implementation