- Lab
- A Cloud Guru
Working with Kubernetes Admission Controllers
Kubernetes admission controllers act as gatekeepers by accepting or rejecting requests and can even alter (or mutate) requests to comply to the configuration set in the controller. In this hands-on lab, you will be challenged to enable an admission controller, create a new admission controller resource, edit existing resources, and deploy pods to the cluster while observing the impact the admission controllers have on the pods.
Path Info
Table of Contents
-
Challenge
Enable and Disable Admission Controllers
- Use a text editor to modify the
kube-apiserver.yamlfile.- Enable the
ResourceQuotaadmission controller. - Disable the
MutatingAdmissionWebhookadmission controller.
- Enable the
- Validate that the
kube-apiserverpod redeploys successfully by issuing a simplekubectlcommand (the pod can take several seconds to redeploy).
- Use a text editor to modify the
-
Challenge
Create and Edit Admission Controller Resources
- Use the
kubectlcommand to edit theLimitRangeobject in the dev namespace.- Update the default CPU limit to be
500mand the memory limit to be512Mi. - Update the default CPU request to be
250mand the memory request to be128Mi.
- Update the default CPU limit to be
- Create and deploy a
ResourceQuotaobject to thetestnamespace using the following steps:-
Create a manifest file called
test-quota.yamlwith the following specifications:Note: Performing a copy paste directly from the objective will result in additional spaces being added. To remove additional spaces, either copy to a text editor on your computer before copying to the file on the host or manually remove the spaces once you have copied the file.
-
apiVersion: v1 kind: ResourceQuota metadata: name: test-quota namespace: test spec: hard: requests.memory: 128Mi requests.cpu: 250m limits.memory: 512Mi limits.cpu: "1"- Use
kubectlto deploy the manifest file.
- Use the
-
Challenge
Deploy Pods to the Cluster
- View the contents of the
nginx-pod.yamlfile in the/home/cloud_userdirectory (take note of any memory requests or limits, if they appear).- Use the
kubectlcommand to deploy the manifest. - Use the
kubectlcommand to print information about the pod in YAML format (pay attention to the requests and limits for memory and CPU).
- Use the
- Edit the
nginx-pod.yamlfile and change the namespace totestand attempt to deploy the pod (take note of any output you receive). - Edit the
nginx-pod.yamlfile and redeploy it to the test namespace.- Under the
containerssection, add a section forresources. - Under
resources, add a section forlimitsand setmemoryto256Miandcputo500m. - Under
resources, add a section forrequestsand setmemoryto64Miandcputo125m. - Use the
kubectlcommand to deploy thenginx-pod.yaml(take note of any output). - Use the
kubectlcommand to print information about the pod in YAML format (view the requests and limits).
- Under the
- View the contents of the
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
