How to make exclusive locks in Kubernetes

There is an application running in a Kubernetes cluster. Goal is to protect this application from any modifications, except if those modifications are coming from predefined actor. Setup Requirements To start let’s set up the Kind cluster and Klock. I assume you already have installed Kind. Now let’s create a cluster and install all requirements: Create cluster: kind create cluster Install cert-manager: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml Install Klock : helm repo add rnemet https://rnemet....

October 1, 2022 · 4 min · rnemet

Klock

Problem In an event-driven system like Kubernetes, access to a resource can be restricted with RBAC. RBAC is not designed to execute a mandatory or exclusive lock on a particular resource. It is not impossible, but I found it complicated and error-prone. Sometimes I want: The CronJob named daily-report is constant. No one can DELETE or UPDATE it. A workload payroll can be modified only by the actor with UID aa-dd-f445-d-55-d and no one else....

September 7, 2022 · 2 min · rnemet

Pod

..is the smallest deployable unit one can create and manage inside Kubernetes(K8s). A Pod can have one or more running containers, so it is a set of running containers. What is a container? A container image is a binary containing an application you created and all that needs for its running like system and application libraries, configuration files, etc. When you run a container image it becomes container. You can imagine a container image as a software-package but when you run it becomes container....

March 21, 2021 · 6 min · rnemet