How to make exclusive locks in Kubernetes

There is an application running in a Kubernetes cluster. Goal is to protect this application from any modifications, except if those modifications are coming from predefined actor. Setup Requirements To start let’s set up the Kind cluster and Klock. I assume you already have installed Kind. Now let’s create a cluster and install all requirements: Create cluster: kind create cluster Install cert-manager: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml Install Klock : helm repo add rnemet https://rnemet....

October 1, 2022 · 4 min · rnemet

Klock

Problem In an event-driven system like Kubernetes, access to a resource can be restricted with RBAC. RBAC is not designed to execute a mandatory or exclusive lock on a particular resource. It is not impossible, but I found it complicated and error-prone. Sometimes I want: The CronJob named daily-report is constant. No one can DELETE or UPDATE it. A workload payroll can be modified only by the actor with UID aa-dd-f445-d-55-d and no one else....

September 7, 2022 · 2 min · rnemet