Documentation ¶
Index ¶
- Constants
- func EnsureLabelSelectorExpressions(current *metav1.LabelSelector, want *metav1.LabelSelector) *metav1.LabelSelector
- func MakeErrorStatus(reason string, args ...interface{}) *admissionv1.AdmissionResponse
- func NameFromEnv() string
- func PortFromEnv(defaultPort int) int
- func RegisterMetrics()
- func WithOptions(ctx context.Context, opt Options) context.Context
- type AdmissionController
- type ConversionController
- type Operation
- type Options
- type StatelessAdmissionController
- type StatelessAdmissionImpl
- type StatsReporter
- type Webhook
Constants ¶
const ( // AdmissionReviewUID is the key used to represent the admission review // request/response UID in logs AdmissionReviewUID = "admissionreview/uid" // AdmissionReviewAllowed is the key used to represent whether or not // the admission request was permitted in logs AdmissionReviewAllowed = "admissionreview/allowed" // AdmissionReviewResult is the key used to represent extra details into // why an admission request was denied in logs AdmissionReviewResult = "admissionreview/result" // AdmissionReviewPatchType is the key used to represent the type of Patch in logs AdmissionReviewPatchType = "admissionreview/patchtype" )
Variables ¶
This section is empty.
Functions ¶
func EnsureLabelSelectorExpressions ¶
func EnsureLabelSelectorExpressions( current *metav1.LabelSelector, want *metav1.LabelSelector) *metav1.LabelSelector
EnsureLabelSelectorExpressions merges the current label selector's MatchExpressions with the ones wanted. It keeps all non-knative keys intact, removes all knative-keys no longer wanted and adds all knative-keys not yet there.
func MakeErrorStatus ¶
func MakeErrorStatus(reason string, args ...interface{}) *admissionv1.AdmissionResponse
MakeErrorStatus creates an 'BadRequest' error AdmissionResponse
func NameFromEnv ¶
func NameFromEnv() string
func PortFromEnv ¶
PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set.
func RegisterMetrics ¶
func RegisterMetrics()
Types ¶
type AdmissionController ¶
type AdmissionController interface { // Path returns the path that this particular admission controller serves on. Path() string // Admit is the callback which is invoked when an HTTPS request comes in on Path(). Admit(context.Context, *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse }
AdmissionController provides the interface for different admission controllers
type ConversionController ¶
type ConversionController interface { // Path returns the path that this particular conversion controller serves on. Path() string // Convert is the callback which is invoked when an HTTPS request comes in on Path(). Convert(context.Context, *apixv1.ConversionRequest) *apixv1.ConversionResponse }
ConversionController provides the interface for different conversion controllers
type Operation ¶
type Operation = admissionv1.Operation
Operation is the verb being operated on it is aliased in Validation from the k8s admission package
const ( Create Operation = admissionv1.Create Update Operation = admissionv1.Update Delete Operation = admissionv1.Delete Connect Operation = admissionv1.Connect )
Operation types
type Options ¶
type Options struct { // ServiceName is the service name of the webhook. ServiceName string // SecretName is the name of k8s secret that contains the webhook // server key/cert and corresponding CA cert that signed them. The // server key/cert are used to serve the webhook and the CA cert // is provided to k8s apiserver during admission controller // registration. // If no SecretName is provided, then the webhook serves without TLS. SecretName string // Port where the webhook is served. Per k8s admission // registration requirements this should be 443 unless there is // only a single port for the service. Port int // StatsReporter reports metrics about the webhook. // This will be automatically initialized by the constructor if left uninitialized. StatsReporter StatsReporter // GracePeriod is how long to wait after failing readiness probes // before shutting down. GracePeriod time.Duration }
Options contains the configuration for the webhook
func GetOptions ¶
GetOptions retrieves webhook.Options associated with the given context via WithOptions (above).
type StatelessAdmissionController ¶
type StatelessAdmissionController interface {
// A silly name that should avoid collisions.
ThisTypeDoesNotDependOnInformerState()
}
StatelessAdmissionController is implemented by AdmissionControllers where Admit may be safely called before informers have finished syncing. This is implemented by inlining StatelessAdmissionImpl in your Go type.
type StatelessAdmissionImpl ¶
type StatelessAdmissionImpl struct{}
StatelessAdmissionImpl marks a reconciler as stateless. Inline this type to implement StatelessAdmissionController.
func (StatelessAdmissionImpl) ThisTypeDoesNotDependOnInformerState ¶
func (sai StatelessAdmissionImpl) ThisTypeDoesNotDependOnInformerState()
type StatsReporter ¶
type StatsReporter interface {
ReportRequest(request *admissionv1.AdmissionRequest, response *admissionv1.AdmissionResponse, d time.Duration) error
}
StatsReporter reports webhook metrics
func NewStatsReporter ¶
func NewStatsReporter() (StatsReporter, error)
NewStatsReporter creates a reporter for webhook metrics
type Webhook ¶
type Webhook struct { Options Options Logger *zap.SugaredLogger // contains filtered or unexported fields }
Webhook implements the external webhook for validation of resources and configuration.
func (*Webhook) InformersHaveSynced ¶
func (wh *Webhook) InformersHaveSynced()
InformersHaveSynced is called when the informers have all been synced, which allows any outstanding admission webhooks through.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package psbinding provides facilities to make authoring Bindings that work with "Pod Spec"-able subjects easier.
|
Package psbinding provides facilities to make authoring Bindings that work with "Pod Spec"-able subjects easier. |