Updates

docs/presentation.md

@@ -0,0 +1,42 @@
+# CFL Summit | Rancher Lab
+
+---
+
+## What are we working with?
+
+In the lab environment the following has been pre-created:
+- Rancher
+- RKE2 downstream clusters
+- Some deployments to troubleshoot
+
+# Webhooks in Kubernetes
+
+---
+
+## What are they?
+
+---
+
+
+
+[webhook-flow](https://miro.medium.com/v2/resize:fit:4800/format:webp/0*rKDzcFeAFWuYsFeg.jpg)
+
+---
+
+[webhook-detailed](https://miro.medium.com/v2/resize:fit:4800/format:webp/1*tFRqBPkv9X4Y8RO7agtcWw.jpeg)
+
+---
+
+More info on webhooks
+
+https://book-v1.book.kubebuilder.io/beyond_basics/what_is_a_webhook
+
+## Common network issues
+
+---
+
+- connection refused
+- i/o timeout
+- connection reset by peer
+- no route to hose
+- dns failure

instructors/lab-deployments/README.md

@@ -1,3 +1,11 @@
+## Lab 1 webhook
+
+- webhook is deployed with several issues
+  1. wrong port in service
+  2. ca.cert is not trusted - ca is available in the webhook pod and can be added to the webhook configuration base64 under `caBundle`
+
+## Lab 2 network issues
+
 - lab-a -- connection refused
 - lab-b -- i/o timeout
 - lab-c -- connection reset by peer

instructors/lab-deployments/deployments.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: test-pod
-  namespace: lab
+  namespace: default
 spec:
   selector:
     matchLabels:

instructors/lab-deployments/lab-1-container-image/Dockerfile

@@ -0,0 +1,12 @@
+# Use a minimal image for the final container
+FROM k8s.gcr.io/e2e-test-images/agnhost:2.43
+
+WORKDIR /
+
+RUN rm /localhost.*
+
+COPY ca.crt tls.crt tls.key .
+
+# Run the application
+ENTRYPOINT ["/agnhost"]
+CMD ["webhook", "--tls-cert-file", "tls.crt", "--tls-private-key-file", "tls.key"]

instructors/lab-deployments/lab-1-container-image/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNjCCAh6gAwIBAgIUChKZwXzapaq1cTjNbxr4XBli/dMwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAgFw0yNDA5MzAyMzUyNTlaGA8yMDUyMDIx
+NjIzNTI1OVowEjEQMA4GA1UEAwwHdGVzdC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJcvhkVRvD7Q96S6kD7orMhXQr+lC9IIPZYVr6n1AUzNWt7O
+ZNzAln/LBwmurFU+i+p8bbMwOhEqtPaBfGcLm4T8cinEs06fc2DzJfd+f47NdXbQ
+7Ayx66HbAmFC1xav5ZKHSo3pkLMWvNRs6QDJxjgyfGFKuf9z3lqVotOa0f8sJbjM
+eiOIlKPH6we939lyDTW4LOXAL/FpAcX/7PF5Yp9Vg3uNdX0QAk55nw7Y5HQx4Ifo
+VN+8IL4gGrFJofBUk1RDugvlDqVjY55x/J9mQTEcc0+HalmlXUkwyRa2Ope6mcTf
+PNwQzIUZq0ohs4eoqmqFarwAPMPISkqCNTxbQL0CAwEAAaOBgTB/MA8GA1UdEwEB
+/wQFMAMBAf8wHQYDVR0OBBYEFPuyGLNv23ZkgfO/bTaBQzGDJq0wME0GA1UdIwRG
+MESAFPuyGLNv23ZkgfO/bTaBQzGDJq0woRakFDASMRAwDgYDVQQDDAd0ZXN0LWNh
+ghQKEpnBfNqlqrVxOM1vGvhcGWL90zANBgkqhkiG9w0BAQsFAAOCAQEAK1QOXguI
+R36soaaonrJq4v3/cqyUg9TQ9OD2FCCg4M+EDV4XxmrkoA+Zoq3FQj/Bl094tF6l
+QQsBxklrmndHBqnpZ5Hggs93sLTISLz51Qnkq3gE0kohDEguSUFiuMg8rnBHyRyG
+yLX3c3Stdt7f8ryqmz8kthLT6xL+37lpsZ5Z+iAQoTQgiiKEQql2vY19PDfQC1sh
+OsIqN1bkCxDBCd9n/5zFpEvPCzuJEkAcbdQSEayCC9f80tt9sb8fTLOuwRm4Bv9Q
+OCe61Ieegfx5EN9q8L1jPA2ZjVshYY0w99GQT2DjBoCTimJ1XbkquazXkJ/2OT2F
+U4s/BWFdb3pSLw==
+-----END CERTIFICATE-----

instructors/lab-deployments/lab-1-container-image/tls.crt

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcjCCAlqgAwIBAgIUJn4h2Py6yi4gJTE5mKSNzXXGESswDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHdGVzdC1jYTAgFw0yNDA5MzAyMzUyNTlaGA8yMDUyMDIx
+NjIzNTI1OVowNDEyMDAGA1UEAwwpdmFsaWRhdGluZy13ZWJob29rLXN2Yy53ZWJo
+b29rLXN5c3RlbS5zdmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa
+5S1s6b15JkP7ZWYjIc3IXUQIW16vt8l82y5NDLWZqBDW5oc5TtmYZ3AluS0yDzO2
+uzek1sY9b6OoyXx0Iu0617cbsaDLFnH1Hox4G0bMNUoV/XC5L55XR3Hm88lQk7LA
+VG3itUsrozl8YF5xxx0OB6gr992DUhhWp8j3/fzig0sNWaZPNy2AiaZDPiXu8o2h
+4VY0pCufjmiN3yq7h+RtPBoOf1q4y/763TKbgOmGiSEiivfzvXZzOho+EU0IDN/p
+OZ0Af07td2XYCrO+5pT/o4Dszb8d9wZmkMt+la2lGO0m7wzOvAhgn2/ZXwGxen9h
+by3MjXsC39bxwvHCA4y/AgMBAAGjgZswgZgwCQYDVR0TBAIwADALBgNVHQ8EBAMC
+BeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMF8GA1UdEQRYMFaCKXZh
+bGlkYXRpbmctd2ViaG9vay1zdmMud2ViaG9vay1zeXN0ZW0uc3Zjgil2YWxpZGF0
+aW5nLXdlYmhvb2stc3ZjLndlYmhvb2stc3lzdGVtLnN2YzANBgkqhkiG9w0BAQsF
+AAOCAQEAfcsVDiXsaj21euhCPOH6nx8elbFD5B0G/l5fzSwNWJuug2arlkdYp4FO
+cVG96FPHjGHrNytlkp06veMin7Iiap7LepQmTNCxHfk6sig4iJsrrn4UYQJE/Qo1
+pjdnHnvCpzcAUukXF3wpIKxd8eDU9GZLY5Q0VWS77Fr10qhMwcDxjqMO6CQ0/Mvw
+BhjFLV9pSp8r2sCoix314fH0YsK3hoVs+3VYEr/uVMd/xGTpMZ+21VX+wKEluatk
+FjTdBgNq40pWWYAviRSACqk8zh2M3DAdCeIf+Cgl/f5Rw83eoSTGkECQ0lCi2vdk
+rnik8Gf6Vix6wgSz1o53VGipoIBtoQ==
+-----END CERTIFICATE-----

instructors/lab-deployments/lab-1-container-image/tls.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2uUtbOm9eSZD+2VmIyHNyF1ECFter7fJfNsuTQy1magQ1uaH
+OU7ZmGdwJbktMg8ztrs3pNbGPW+jqMl8dCLtOte3G7GgyxZx9R6MeBtGzDVKFf1w
+uS+eV0dx5vPJUJOywFRt4rVLK6M5fGBecccdDgeoK/fdg1IYVqfI9/384oNLDVmm
+TzctgImmQz4l7vKNoeFWNKQrn45ojd8qu4fkbTwaDn9auMv++t0ym4DphokhIor3
+8712czoaPhFNCAzf6TmdAH9O7Xdl2AqzvuaU/6OA7M2/HfcGZpDLfpWtpRjtJu8M
+zrwIYJ9v2V8BsXp/YW8tzI17At/W8cLxwgOMvwIDAQABAoIBADTYi2T18UZkVJlG
+26ezq4ip65jQ5kUp67z29XColtcn2hjnwtG1FZdTsaGJ2T1yqht9i2uCZo3CfBJt
+wlwPapKALbbD5XviSVTSMTt16lu2qdIxQ5uRwXp0xyzowjtvzQHd4EGRXzqDx4cd
+hO+XEI6ojpM+3f2sPi/9helJKlpMwcvXyhLVB36Zo7lzxtXGUrxSpCBiIt+M22jS
+jSQCuDSS97e29rtihzaxdD7VM/J7tZGcu6mJWIRSdCYCJ6duboxMXYizh1jxTV2N
+bBsb6s0zEpiy/fTws4lNdigfxRnaiQSiImiPfYGvcUmcuiBoWLc0smjjdeShjWZs
+UnErhIECgYEA+JPsGS6aRHwbzfsTiGwbHqahyE5zf9TDJnIbJPU5H1L1Q/Dyrdlk
+61Wqe4sDGwJ5kzFt2HSbWdroz+klUiWzrjyLoRS4ioxywt+A8OFgYIYtecw9GKW1
+UZQ6rQpZ/x5Y9le7LNR7LEhITbCwswyZLo2cZTg6DUOuugWnKFeNvCECgYEA4W5e
+FaTqRxgFWWFynJR1gP7ZrX+SgeQaluWYf7r75HiOBg/ZpwrPM5jj98/o59vb6DRz
+Nl7rMibx2mQX/r3glrDOksQeRIyg/sMp6phGARGWZCIwkBPly9Rb40Y36H097XA9
+XzSyeYHqa6GkcQ6HJIBgXWCd4F1P0nZa3/JXLN8CgYEAj2VVt5koqQUnTQXf2Lz0
+UBQ0E8cd3cow4YbFneZQk39ZuV3PwPY9v3xlomso2XXuCDllco6h543e68FFJERX
+iNWofr3jTxmCQmSIj2yUGlqM9UwampNNK8hkqNnl3MP28fTeJxhUDdGM1DRvWnqU
+C0TpyYJMCsbWjr0gFqebPcECgYBLxjpv0hBBt2xM3/mTcj+RDZkDvab0bEUXxbMd
+9C8pW/B5TyidAoAlWtX9/W/PR9LCWacEdqFeKUMQYqbCJPbyEBpPsQZvikmveNCF
+H4wgXdYMcIWcWGPcwNPmMDsotbh0ME8gymjXePjgFuRccEKy3UgG+yv2N8dV+hyP
+vDjbRwKBgGJzLLwkeUni5fiQqaTSPAkowk2udj74WI4z4aJHa93cdNtY4oRvPSWk
+zaS+fX98fOcGE7RrziiythNNNmvpbpCsUlskAEYuOY+JtR23tWgbc7D5CAys5Llc
+z28IFeXPt52YmUBwhMZYDgjod4B3+CbFFj1BNeQLw8w0uGUD5NI2
+-----END RSA PRIVATE KEY-----

instructors/lab-deployments/webhook.yaml

@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: deployment-lab
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: webhook-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: validating-webhook
+  namespace: webhook-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: validating-webhook
+  template:
+    metadata:
+      labels:
+        app: validating-webhook
+    spec:
+      containers:
+      - name: webhook
+        image: derekdemo/lab-1
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: validating-webhook-svc
+  namespace: webhook-system
+spec:
+  selector:
+    app: validating-webhook
+  ports:
+  - port: 443
+    targetPort: 8443
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-config
+webhooks:
+- name: validating.webhook.example.com
+  clientConfig:
+    service:
+      name: validating-webhook-svc
+      namespace: webhook-system
+      path: "/always-allow-delay-5s"
+    # caBundle: "Cg=="
+  rules:
+  - apiGroups: ["*"]
+    apiVersions: ["*"]
+    operations: ["CREATE", "UPDATE", "DELETE"]
+    resources: ["*"]
+    scope: "Namespaced"
+  namespaceSelector:
+    matchLabels:
+      kubernetes.io/metadata.name: deployment-lab
+  failurePolicy: Fail
+  sideEffects: None
+  admissionReviewVersions: ["v1"]
+  timeoutSeconds: 10