Deploy a Custom Admission Controller with Terraform

Libraries: If you want this lab, consider one of these libraries.
Cloud

Deploy a Custom Admission Controller with Terraform

In this lab, you are being asked to create a dynamic admission controller with Terraform that will use cert-manager for certificate management. You will use Terraform to first create the ClusterIssuer and the CA root certificate. Next, you will create the webhook certificate. Then you will create a certificate that will be used by the Kubernetes API server. Finally, you will test your dynamic admission controller by creating an annotation with the value of the certificate for the Kubernetes API server.

Get started Contact sales

Lab Info

Level

Intermediate

Last updated

Sep 24, 2025

Duration

2h 0m

Challenge

Prepare the Environment
1. Install Homebrew.
2. Follow the instructions in the terminal to complete the install.
3. Confirm Homebrew was installed successfully.
4. Install the awscli package.
5. Install the kubernetes-cli package.
6. Install the terraform package.
Challenge

Deploy EKS Cluster
1. Create a new AWS Access Key and Secret Access Key in AWS console and copy it to a text editor.
2. Clone the course repo.
3. Move to the custom-admission-controllers directory.
4. Move to the eks directory.
5. Initialize your working directory.
6. Apply the Terraform configuration.
  
  Note: This will take 10 to 15 minutes.
7. Configure AWS CLI.
8. Configure Kubernetes-CLI to interact with your EKS cluster.
9. Confirm you are connected to your cluster.
Challenge

Create the Validating Webhook
1. Move to the admission-controller directory.
2. Log in to Docker Hub from the command line.
3. Update the Makefile file with your Docker Hub username.
4. Build the webhook.
  
  Note: This will take 10 to 15 minutes.
5. Build the Docker image.
6. Push the Docker image to Docker Hub.
7. Deploy the certs.
Challenge

Deploy the Validating Webhook
1. Move into the terraform directory.
2. Update the deployment configuration with your Docker image.
3. Initialize the working directory.
4. Apply the configuration.
5. Confirm the webhook is up and available.
Challenge

Test the Dynamic Admission Controller
1. Go back a directory.
2. Create a directory called test-pods.
3. Move to test-pods directory.
4. Create three test pods called test-app-1 , test-app-2, and test-app-3.
5. Add a label called hello = ”world” to test-app-2 and hello = “universe” to test-app-3.
6. Initialize your working directory.
7. Apply the webhook configuration.
8. Confirm that your validating webhook is working:
- test-app-1 should error and not deploy
- test-app-2 and test-app-3 should deploy without issue

About the author

Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.