Yuri Fenyuk YurgenUA
YurgenUA
/ reconsiliation-loop-output.sh
Created
May 25, 2025 22:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| 2025-05-25T22:02:29Z INFO Reconciling ClientQuota... {"controller": "clientquota", "controllerGroup": "quota.operator.k8s.yfenyuk.io", "controllerKind": "ClientQuota", "ClientQuota": {"name":"client-quota","namespace":"playground"}, "namespace": "playground", "name": "client-quota", "reconcileID": "3dc7a4c1-8cae-4e20-885c-e1aa84f4da89", "name": {"name":"client-quota","namespace":"playground"}} | |
| 2025-05-25T22:02:29Z INFO QuotaMap {"controller": "clientquota", "controllerGroup": "quota.operator.k8s.yfenyuk.io", "controllerKind": "ClientQuota", "ClientQuota": {"name":"client-quota","namespace":"playground"}, "namespace": "playground", "name": "client-quota", "reconcileID": "3dc7a4c1-8cae-4e20-885c-e1aa84f4da89", "quotaMap": {"team-x":120,"team-y":44}} | |
| ... |
YurgenUA
/ incorrect-attempt-logs.sh
Created
May 25, 2025 22:05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| 2025-05-25T21:59:10Z INFO admission Start handling... {"object": {"name":"test-pod3","namespace":"playground"}, "namespace": "playground", "name": "test-pod3", "resource": {"group":"","version":"v1","resource":"pods"}, "user": "kubernetes-admin", "requestID": "b498c468-cff6-487e-9596-0477adc31686"} | |
| 2025-05-25T21:59:10Z INFO admission Request {"object": {"name":"test-pod3","namespace":"playground"}, "namespace": "playground", "name": "test-pod3", "resource": {"group":"","version":"v1","resource":"pods"}, "user": "kubernetes-admin", "requestID": "b498c468-cff6-487e-9596-0477adc31686", "req": {"uid":"b498c468-cff6-487e-9596-0477adc31686","kind":{"group":"","version":"v1","kind":"Pod"},"resource":{"group":"","version":"v1","resource":"pods"},"requestKind":{"group":"","version":"v1","kind":"Pod"},"requestResource":{"group":"","version":"v1","resource":"pods"},"name":"test-pod3","namespace":"playground","operation":"CREATE","userInfo":{"username":"kubernetes-admin","groups":["kubeadm:cluster-admins","system:aut |
YurgenUA
/ incorrect-client.sh
Created
May 25, 2025 22:00
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % kubectl apply -f - <<EOF | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: test-pod3 | |
| namespace: playground | |
| annotations: | |
| quota.operator.k8s.yfenyuk.io/api-key: teamy456_not_existing | |
| spec: | |
| containers: |
YurgenUA
/ more_logs.sh
Created
May 25, 2025 21:50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % kubectl logs -n kube-client-quota2-system kube-client-quota2-controller-manager-6cd6879f55-xfgf8 -c manager | |
| ... | |
| 2025-05-25T21:45:37Z INFO admission Start handling... {"object": {"name":"test-pod2","namespace":"playground"}, "namespace": "playground", "name": "test-pod2", "resource": {"group":"","version":"v1","resource":"pods"}, "user": "kubernetes-admin", "requestID": "d855ea4f-6330-4e0f-acc0-0b3f17df8aa7"} | |
| 2025-05-25T21:45:37Z INFO admission Request {"object": {"name":"test-pod2","namespace":"playground"}, "namespace": "playground", "name": "test-pod2", "resource": {"group":"","version":"v1","resource":"pods"}, "user": "kubernetes-admin", "requestID": "d855ea4f-6330-4e0f-acc0-0b3f17df8aa7", "req": {"uid":"d855ea4f-6330-4e0f-acc0-0b3f17df8aa7","kind":{"group":"","version":"v1","kind":"Pod"},"resource":{"group":"","version":"v1","resource":"pods"},"requestKind":{"group":"","version":"v1","kind":"Pod"},"requestResource":{"group":"","version":"v1","resource":"pods"},"name":"test-pod2","namespace":"playground |
YurgenUA
/ correct-client.sh
Created
May 25, 2025 21:46
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % kubectl apply -f - <<EOF | |
| apiVersion: v1 | |
| kind: Pod | |
| metadata: | |
| name: test-pod2 | |
| namespace: playground | |
| annotations: | |
| quota.operator.k8s.yfenyuk.io/api-key: teamy456 | |
| spec: | |
| containers: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| % kubectl get pods -n kube-client-quota2-system | |
| NAME READY STATUS RESTARTS AGE | |
| kube-client-quota2-controller-manager-6cd6879f55-xfgf8 1/1 Running 0 100s | |
| % kubectl logs -n kube-client-quota2-system kube-client-quota2-controller-manager-6cd6879f55-xfgf8 -c manager | |
| 2025-05-25T21:34:57Z INFO setup Initializing webhook certificate watcher using provided certificates {"webhook-cert-path": "/tmp/k8s-webhook-server/serving-certs", "webhook-cert-name": "tls.crt", "webhook-cert-key": "tls.key"} | |
| 2025-05-25T21:34:57Z INFO controller-runtime.certwatcher Updated current TLS certificate | |
| 2025-05-25T21:34:57Z INFO controller-runtime.builder Registering a mutating webhook {"GVK": "quota.operator.k8s.yfenyuk.io/v1alpha1, Kind=ClientQuota", "path": "/mutate-quota-operator-k8s-yfenyuk-io-v1alpha1-clientquota"} | |
| 2025-05-25T21:34:57Z INFO controller-runtime.webhook Registering webhook {"path": "/ |
YurgenUA
/ quota_v1alpha1_clientquota.yaml
Created
May 25, 2025 21:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: quota.operator.k8s.yfenyuk.io/v1alpha1 | |
| kind: ClientQuota | |
| metadata: | |
| name: client-quota | |
| spec: | |
| namespace: playground | |
| clients: | |
| - name: team-x | |
| apiKey: teamx123 | |
| quotaMinutes: 120 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| transfer-to-kind: | |
| IMG=clientquota:latest | |
| @echo "Prepare k8s deployment..." | |
| make manifests | |
| @echo "Building docker image..." | |
| make docker-build | |
| @echo "Loading image into kind cluster..." | |
| @$(KIND) load docker-image ${IMG} | |
| make deploy | |
| @echo "Waiting for webhook service to be ready..." |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| if os.Getenv("ENABLE_WEBHOOKS") != "false" { | |
| ... | |
| // Register admission webhook handler | |
| mgr.GetWebhookServer().Register("/validate-v1-pod", &webhook.Admission{ | |
| Handler: &webhookquotav1alpha1.PodValidator{ | |
| Client: mgr.GetClient(), | |
| CfgMapNamespace: "playground", | |
| CfgMapName: "client-quotas", |
YurgenUA
/ pod_webhook.go
Created
May 25, 2025 20:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch | |
| func (v *PodValidator) Handle(ctx context.Context, req admission.Request) admission.Response { | |
| log := logf.FromContext(ctx) | |
| log.Info("Start handling...") | |
| log.Info("Request", "req", req) | |
| // Only process Pods | |
| if req.Kind.Kind != "Pod" { | |
| return admission.Allowed("Not a Pod") |
NewerOlder