Documentation ¶
Index ¶
- Constants
- Variables
- func GenerateWebhookManifests(...) (*admissionregistration.ValidatingWebhookConfiguration, ...)
- func RegisterAbandonOnUninstallWebhook(mgr manager.Manager, nocacheClient client.Client) error
- func RegisterCommonWebhooks(mgr manager.Manager, nocacheClient client.Client) error
- type Config
- type HandlerFunc
- func NewAbandonOnCRDUninstallWebhook() HandlerFunc
- func NewContainerAnnotationHandler(smLoader *servicemappingloader.ServiceMappingLoader, ...) HandlerFunc
- func NewGenericDefaulter() HandlerFunc
- func NewIAMDefaulter(smLoader *servicemappingloader.ServiceMappingLoader, ...) HandlerFunc
- func NewIAMValidatorHandler(smLoader *servicemappingloader.ServiceMappingLoader, ...) HandlerFunc
- func NewImmutableFieldsValidatorHandler(smLoader *servicemappingloader.ServiceMappingLoader, ...) HandlerFunc
- func NewManagementConflictAnnotationDefaulter(smLoader *servicemappingloader.ServiceMappingLoader, ...) HandlerFunc
- func NewNoUnknownFieldsValidatorHandler(smLoader *servicemappingloader.ServiceMappingLoader) HandlerFunc
- func NewRequestLoggingHandler(handlerFunc HandlerFunc, handlerName string) HandlerFunc
- func NewResourceValidatorHandler() HandlerFunc
- func NewStateIntoSpecAnnotationValidatorHandler() HandlerFunc
- type RequestLoggingHandler
Constants ¶
View Source
const ( ControllerManagerServiceAccountRegex = "system:serviceaccount:[a-z0-9.-]+:cnrm-controller-manager" // ServicePort is the port that the webhook binary will bind to, as well as use as the service port. // // must be 443 as private GKE clusters have opened up 443 specifically // as a port that GKE masters can send requests to nodes to, and the requests are sent // directly to the targetPort of the pod rather than the service port. // see b/180354275 // // Since the TargetPort is effectively being used as a public port, // standardizing public ports removes ambiguity. ServicePort = 443 )
View Source
const ( Mutating webhookType = "Mutating" Validating webhookType = "Validating" )
Variables ¶
View Source
var ( ValidatingWebhookConfigurationName = "validating-webhook.cnrm.cloud.google.com" MutatingWebhookConfigurationName = "mutating-webhook.cnrm.cloud.google.com" CommonWebhookServiceName = "cnrm-validating-webhook" )
View Source
var (
ErrTFSchemaNotFound = fmt.Errorf("schema does not exist")
)
Functions ¶
func GenerateWebhookManifests ¶
func GenerateWebhookManifests(validatingWebhookConfigurationName, mutatingWebhookConfigurationName, serviceName string, whCfgs []Config) (*admissionregistration.ValidatingWebhookConfiguration, *admissionregistration.MutatingWebhookConfiguration)
Types ¶
type Config ¶ added in v1.114.0
type Config struct { Type webhookType Name string Path string HandlerFunc func(mgr manager.Manager) admission.Handler FailurePolicy admissionregistration.FailurePolicyType ObjectSelector *metav1.LabelSelector Rules []admissionregistration.RuleWithOperations SideEffects admissionregistration.SideEffectClass }
func GetCommonWebhookConfigs ¶
type HandlerFunc ¶ added in v1.112.0
func NewAbandonOnCRDUninstallWebhook ¶ added in v1.112.0
func NewAbandonOnCRDUninstallWebhook() HandlerFunc
func NewContainerAnnotationHandler ¶
func NewContainerAnnotationHandler(smLoader *servicemappingloader.ServiceMappingLoader, dclSchemaLoader dclschemaloader.DCLSchemaLoader, serviceMetadataLoader dclmetadata.ServiceMetadataLoader) HandlerFunc
func NewGenericDefaulter ¶
func NewGenericDefaulter() HandlerFunc
func NewIAMDefaulter ¶
func NewIAMDefaulter(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetadataLoader metadata.ServiceMetadataLoader) HandlerFunc
func NewIAMValidatorHandler ¶
func NewIAMValidatorHandler(smLoader *servicemappingloader.ServiceMappingLoader, serviceMetadataLoader metadata.ServiceMetadataLoader, schemaLoader dclschemaloader.DCLSchemaLoader) HandlerFunc
func NewImmutableFieldsValidatorHandler ¶
func NewImmutableFieldsValidatorHandler(smLoader *servicemappingloader.ServiceMappingLoader, dclSchemaLoader dclschemaloader.DCLSchemaLoader, serviceMetadataLoader dclmetadata.ServiceMetadataLoader) HandlerFunc
func NewManagementConflictAnnotationDefaulter ¶
func NewManagementConflictAnnotationDefaulter(smLoader *servicemappingloader.ServiceMappingLoader, dclSchemaLoader dclschemaloader.DCLSchemaLoader, serviceMetadataLoader dclmetadata.ServiceMetadataLoader) HandlerFunc
func NewNoUnknownFieldsValidatorHandler ¶
func NewNoUnknownFieldsValidatorHandler(smLoader *servicemappingloader.ServiceMappingLoader) HandlerFunc
func NewRequestLoggingHandler ¶
func NewRequestLoggingHandler(handlerFunc HandlerFunc, handlerName string) HandlerFunc
func NewResourceValidatorHandler ¶
func NewResourceValidatorHandler() HandlerFunc
func NewStateIntoSpecAnnotationValidatorHandler ¶ added in v1.119.0
func NewStateIntoSpecAnnotationValidatorHandler() HandlerFunc
NewStateIntoSpecAnnotationValidatorHandler creates an instance of stateIntoSpecAnnotationValidator to handle state-into-spec annotation validation.
Source Files ¶
- abandon_on_uninstall_webhook.go
- constants.go
- container_annotation_handler.go
- generic_defaulter.go
- iam_defaulter.go
- iam_utils.go
- iam_validator.go
- immutable_fields_validator.go
- logging_handler.go
- management_conflict_annotation_defaulter.go
- manifests.go
- no_unknown_fields_validator.go
- register.go
- resource_validator.go
- state_into_spec_annotation_validator.go
- types.go
Directories ¶
Path | Synopsis |
---|---|
Package cert provides functions to manage certificates for webhookClientConfiguration.
|
Package cert provides functions to manage certificates for webhookClientConfiguration. |
generator
Package generator provides an interface and implementation to provision certificates.
|
Package generator provides an interface and implementation to provision certificates. |
writer
Package writer provides method to provision and persist the certificates.
|
Package writer provides method to provision and persist the certificates. |
Click to show internal directories.
Click to hide internal directories.