Documentation ¶
Overview ¶
Package webhook provides methods to build and bootstrap a webhook server.
Currently, it only supports admission webhooks. It will support CRD conversion webhooks in the near future.
Example ¶
package main import ( "context" ctrl "sigs.k8s.io/controller-runtime" . "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) var ( mgr ctrl.Manager ) func main() { // Build webhooks // These handlers could be also be implementations // of the AdmissionHandler interface for more complex // implementations. mutatingHook := &Admission{ Handler: admission.HandlerFunc(func(ctx context.Context, req AdmissionRequest) AdmissionResponse { return Patched("some changes", JSONPatchOp{Operation: "add", Path: "/metadata/annotations/access", Value: "granted"}, JSONPatchOp{Operation: "add", Path: "/metadata/annotations/reason", Value: "not so secret"}, ) }), } validatingHook := &Admission{ Handler: admission.HandlerFunc(func(ctx context.Context, req AdmissionRequest) AdmissionResponse { return Denied("none shall pass!") }), } // Create a webhook server. hookServer := &Server{ Port: 8443, } mgr.Add(hookServer) // Register the webhooks in the server. hookServer.Register("/mutating", mutatingHook) hookServer.Register("/validating", validatingHook) // Start the server by starting a previously-set-up manager err := mgr.Start(ctrl.SetupSignalHandler()) if err != nil { // handle error panic(err) } }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( // Allowed indicates that the admission request should be allowed for the given reason. Allowed = admission.Allowed // Denied indicates that the admission request should be denied for the given reason. Denied = admission.Denied // Patched indicates that the admission request should be allowed for the given reason, // and that the contained object should be mutated using the given patches. Patched = admission.Patched // Errored indicates that an error occurred in the admission request. Errored = admission.Errored )
var DefaultPort = 443
DefaultPort is the default port that the webhook server serves.
Functions ¶
This section is empty.
Types ¶
type Admission ¶
Admission is webhook suitable for registration with the server an admission webhook that validates API operations and potentially mutates their contents.
type AdmissionDecoder ¶
AdmissionDecoder knows how to decode objects from admission requests.
type AdmissionHandler ¶
AdmissionHandler knows how to process admission requests, validating them, and potentially mutating the objects they contain.
type AdmissionRequest ¶
AdmissionRequest defines the input for an admission handler. It contains information to identify the object in question (group, version, kind, resource, subresource, name, namespace), as well as the operation in question (e.g. Get, Create, etc), and the object itself.
type AdmissionResponse ¶
AdmissionResponse is the output of an admission handler. It contains a response indicating if a given operation is allowed, as well as a set of patches to mutate the object in the case of a mutating admission handler.
type JSONPatchOp ¶
JSONPatchOp represents a single JSONPatch patch operation.
type Server ¶
type Server struct { // Host is the address that the server will listen on. // Defaults to "" - all addresses. Host string // Port is the port number that the server will serve. // It will be defaulted to 443 if unspecified. Port int // CertDir is the directory that contains the server key and certificate. // If using FSCertWriter in Provisioner, the server itself will provision the certificate and // store it in this directory. // If using SecretCertWriter in Provisioner, the server will provision the certificate in a secret, // the user is responsible to mount the secret to the this location for the server to consume. CertDir string // WebhookMux is the multiplexer that handles different webhooks. WebhookMux *http.ServeMux // contains filtered or unexported fields }
Server is an admission webhook server that can serve traffic and generates related k8s resources for deploying.
func (*Server) InjectFunc ¶
InjectFunc injects the field setter into the server.