Test a Dynamic Admission Controller with Terraform

1.5 hours
  • 4 Learning Objectives

About this Hands-on Lab

In this lab, you will be asked to test the dynamic admission controller with test pods that you will create and deploy with Terraform. Two of the pods will have labels that will match the validating webhooks policy, and one of the test pods will not.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Lab Setup
  1. Move to the validating-admission-webhook directory.

  2. Create an access key in the AWS Management Console.

    Note: You need to copy the access key ID and secret key somewhere safe and accessible for the next step.

  3. Make the lab-setup.sh script executable.

  4. Run the lab-setup.sh script.

    Note: This script will run for about 10–15 minutes.

Create and Deploy the Webhook
  1. Move to the validating-webhook directory.

  2. Log in to Docker Hub from the command line.

  3. Update the Makefile with your Docker Hub username.

  4. Build the webhook.

    Note: This can take 5–10 minutes.

  5. Build the Docker image.

  6. Push the Docker image to Docker Hub.

  7. Deploy the certs.

  8. Deploy the validating webhook.

Create and Deploy the Test Pods with Terraform
  1. Create a directory called test-pods.

  2. Move to the test-pods directory.

  3. Create three test pods called test-app-1 , test-app-2, and test-app-3, and add a label called hello = "world" to test-app-2 and hello = "universe" to test-app-3.

  4. Initialize your working directory.

  5. Apply the webhook configuration.

Confirm the Dynamic Admission Controller Is Working
  1. Confirm that your validating webhook is working:
    • test-app-1 should error and not deploy.
    • test-app-2 and test-app-3 should deploy without issue.

Additional Resources

In this scenario, you will first need to set up the lab, which involves the deployment of an EKS cluster. You will then build and deploy the validating webhook with your Makefile. You will then create the Terraform configuration that will deploy three test pods: test-app-1, test-app-2, and test-app-3. The test-app-2 pod will have a label of hello = "world", and the test-app-3 pod will have a label of hello = "universe". Confirm that your webhook is functioning as intended.

Lab Resources

Code to Use for the Test Pods

terraform {
  required_providers {
    kubernetes = {
      source = "hashicorp/kubernetes"

provider "kubernetes" {
  config_path = "~/.kube/config"

resource "kubernetes_pod" "test_app" {
  metadata {
    name = "test-app"

  spec {
    container {
      name    = "test-app-1"
      image   = "ubuntu:focal"
      command = ["/bin/bash"]
      args    = ["-c", "sleep infinity"]

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?