You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/06/27 07:34:42 UTC

[GitHub] [apisix-ingress-controller] tokers commented on issue #244: Implement the admission server

tokers commented on issue #244:
URL: https://github.com/apache/apisix-ingress-controller/issues/244#issuecomment-869116626


   > I did a research and found three ways to implement this:
   > 
   > 1. The hand-crafted solution：implement the server with `net/http` or `gin`, verbose and time-consuming, but most flexible.
   > 2. [openshift/generic-admission-server](https://github.com/openshift/generic-admission-server): it is simpler to set up but more opinionated (e.g. you can’t select the server framework). It is worth noting that the framework uses TLS authentication and authorization mechanisms which are built into the Kubernetes aggregated API server library, which means that webhooks are secure by default. Using this library allows you to avoid the complication of creating and maintaining a client key and certificate for each webhook server; you only need to maintain a server key and certificate for each webhook server. And by using this library your webhook will also perform authorization which uses Kubernetes' own SubjectAccessReview and RBAC mechanisms.
   > 3. [kubewebhook](https://github.com/slok/kubewebhook):  the setup code at the beginning is longer,  but writing the actual business logic is much easier. More flexible than `openshift/generic-admission-server`.
   > 
   > Reference: https://banzaicloud.com/blog/slok-webhook/
   > 
   > Could you give some advice that which way should I take ? Thanks.
   
   I look through these two packages, I like the features provided by kubewebhook like the metrics integration, I'd like to vote for it. BTW, do you know which admission server frameworks are used by other famous ingress controllers or service mesh control plane?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org