- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud

Deploy a Custom Admission Controller with Terraform
In this lab, you are being asked to create a dynamic admission controller with Terraform that will use cert-manager for certificate management. You will use Terraform to first create the ClusterIssuer and the CA root certificate. Next, you will create the webhook certificate. Then you will create a certificate that will be used by the Kubernetes API server. Finally, you will test your dynamic admission controller by creating an annotation with the value of the certificate for the Kubernetes API server.

Lab Info
Table of Contents
-
Challenge
Prepare the Environment
-
Install Homebrew.
-
Follow the instructions in the terminal to complete the install.
-
Confirm Homebrew was installed successfully.
-
Install the
awscli
package. -
Install the
kubernetes-cli
package. -
Install the
terraform
package.
-
-
Challenge
Deploy EKS Cluster
-
Create a new AWS Access Key and Secret Access Key in AWS console and copy it to a text editor.
-
Clone the course repo.
-
Move to the
custom-admission-controllers
directory. -
Move to the
eks
directory. -
Initialize your working directory.
-
Apply the Terraform configuration.
Note: This will take 10 to 15 minutes.
-
Configure AWS CLI.
-
Configure Kubernetes-CLI to interact with your EKS cluster.
-
Confirm you are connected to your cluster.
-
-
Challenge
Create the Validating Webhook
-
Move to the
admission-controller
directory. -
Log in to Docker Hub from the command line.
-
Update the
Makefile
file with your Docker Hub username. -
Build the webhook.
Note: This will take 10 to 15 minutes.
-
Build the Docker image.
-
Push the Docker image to Docker Hub.
-
Deploy the certs.
-
-
Challenge
Deploy the Validating Webhook
-
Move into the
terraform
directory. -
Update the deployment configuration with your Docker image.
-
Initialize the working directory.
-
Apply the configuration.
-
Confirm the webhook is up and available.
-
-
Challenge
Test the Dynamic Admission Controller
-
Go back a directory.
-
Create a directory called
test-pods
. -
Move to
test-pods
directory. -
Create three test pods called
test-app-1
,test-app-2
, andtest-app-3
. -
Add a label called
hello = ”world”
totest-app-2
andhello = “universe”
totest-app-3
. -
Initialize your working directory.
-
Apply the webhook configuration.
-
Confirm that your validating webhook is working:
test-app-1
should error and not deploytest-app-2
andtest-app-3
should deploy without issue
-
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.