watchman
A general purpose admission controller that uses open-feature to control it's capabilities.
This is a demonstration project that is designed to familiarise the user with how open-feature can be used within Kubernetes to control infrastructure.
This project demonstrates:
But how does it work?
Run the demo
- Setup a Kubernetes cluster
- Install open-feature-operator as described here
kubectl create namespace watchman-system
kubectl create -f config/samples/flags.yaml
kubectl create -f config/webhook/certificate.yaml
IMG=cnskunkworks/watchman:0.0.3 make deploy
You should see that you have watchman injected with flagd.
This now means you can turn on or off pod admission with the watchman FeatureFlagConfiguration
custom resource named watchman-flags/watchman-system
The end result should be that you can turn on or off the admission controller with the FeatureFlagConfiguration
custom resource.
❯ kubectl apply -f config/samples/pod.yaml
Error from server (flag set to block admission): error when creating "config/samples/pod.yaml": admission webhook "mutate-demo.openfeature.dev" denied the request: flag set to block admission