Lab
A Cloud Guru

Deploy a Custom Admission Controller with Terraform

In this lab, you are being asked to create a dynamic admission controller with Terraform that will use cert-manager for certificate management. You will use Terraform to first create the ClusterIssuer and the CA root certificate. Next, you will create the webhook certificate. Then you will create a certificate that will be used by the Kubernetes API server. Finally, you will test your dynamic admission controller by creating an annotation with the value of the certificate for the Kubernetes API server.

Try for free Contact sales

Path Info

Level

Intermediate

Duration

2h 0m

Published

Apr 20, 2023

Challenge

Prepare the Environment
1. Install Homebrew.
2. Follow the instructions in the terminal to complete the install.
3. Confirm Homebrew was installed successfully.
4. Install the awscli package.
5. Install the kubernetes-cli package.
6. Install the terraform package.
Challenge

Deploy EKS Cluster
1. Create a new AWS Access Key and Secret Access Key in AWS console and copy it to a text editor.
2. Clone the course repo.
3. Move to the custom-admission-controllers directory.
4. Move to the eks directory.
5. Initialize your working directory.
6. Apply the Terraform configuration.
  
  Note: This will take 10 to 15 minutes.
7. Configure AWS CLI.
8. Configure Kubernetes-CLI to interact with your EKS cluster.
9. Confirm you are connected to your cluster.
Challenge

Create the Validating Webhook
1. Move to the admission-controller directory.
2. Log in to Docker Hub from the command line.
3. Update the Makefile file with your Docker Hub username.
4. Build the webhook.
  
  Note: This will take 10 to 15 minutes.
5. Build the Docker image.
6. Push the Docker image to Docker Hub.
7. Deploy the certs.
Challenge

Deploy the Validating Webhook
1. Move into the terraform directory.
2. Update the deployment configuration with your Docker image.
3. Initialize the working directory.
4. Apply the configuration.
5. Confirm the webhook is up and available.
Challenge

Test the Dynamic Admission Controller
1. Go back a directory.
2. Create a directory called test-pods.
3. Move to test-pods directory.
4. Create three test pods called test-app-1 , test-app-2, and test-app-3.
5. Add a label called hello = ”world” to test-app-2 and hello = “universe” to test-app-3.
6. Initialize your working directory.
7. Apply the webhook configuration.
8. Confirm that your validating webhook is working:
- test-app-1 should error and not deploy
- test-app-2 and test-app-3 should deploy without issue

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans

Deploy a Custom Admission Controller with Terraform

Path Info

Table of Contents

Prepare the Environment

Deploy EKS Cluster

Create the Validating Webhook

Deploy the Validating Webhook

Test the Dynamic Admission Controller

What's a lab?

Provided environment for hands-on practice

Guided walkthrough

Did you know?

Start learning by doing today