Skip to content

Latest commit

 

History

History
59 lines (40 loc) · 1.45 KB

Readme.md

File metadata and controls

59 lines (40 loc) · 1.45 KB

Policy as Code with CFK and Kyverno

Setup the K3d cluster

./cluster.sh

The script will create a K3d cluster and will deploy:

  • Kyverno Kubernetes Native Policy Management

  • Confluent For Kubernetes - Zookeeper, Kafka and Schema Registry

  • A Kyverno rule for the maximum number of partitions (5) allowed for a KafkaTopic resource.

kubectl get clusterpolicy     
NAME                      BACKGROUND   VALIDATE ACTION   READY
topic-number-partitions   true         enforce           true

Topics

  • Create a Topic with partitionCount: 1
kubectl apply -f ./topics/valid-topic.yaml
kubectl get topic -n confluent         
NAME          REPLICAS   PARTITION   STATUS    CLUSTERID                AGE
valid-topic   1          1           CREATED   Gcp3tTPhRF-suuldcu8R3w   22m
  • Create a Topic with partitionCount: 15
kubectl apply -f ./topics/invalid-topic.yaml

Output:

Error from server: error when creating "./topics/invalid-topic.yaml": admission webhook "validate.kyverno.svc-fail" denied the request: 

policy KafkaTopic/confluent/invalid-topic for resource violation: 

topic-number-partitions:
  topic-number-partitions: 'validation error: The number of partitions for a Topic
    can not be greater than 5!. rule topic-number-partitions failed at path /spec/partitionCount/'

Clean

./cleanup.sh