Documentation ¶
Overview ¶
Package admission provides functions to build and bootstrap an admission webhook server for a k8s cluster.
Build webhooks
webhook1, err := NewWebhookBuilder(). Name("foo.k8s.io"). Mutating(). Operations(admissionregistrationv1beta1.Create). ForType(&corev1.Pod{}). WithManager(mgr). Build(mutatingHandler1, mutatingHandler2) if err != nil { // handle error } webhook2, err := NewWebhookBuilder(). Name("bar.k8s.io"). Validating(). Operations(admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update). ForType(&appsv1.Deployment{}). WithManager(mgr). Build(validatingHandler1) if err != nil { // handle error }
Index ¶
- func ErrorResponse(code int32, err error) types.Response
- func NewDecoder(scheme *runtime.Scheme) (types.Decoder, error)
- func PatchResponse(original, current runtime.Object) types.Response
- func ValidationResponse(allowed bool, reason string) types.Response
- type DecodeFunc
- type Handler
- type HandlerFunc
- type Webhook
- func (w *Webhook) Add(handlers ...Handler)
- func (w *Webhook) GetName() string
- func (w *Webhook) GetPath() string
- func (w *Webhook) GetType() types.WebhookType
- func (w *Webhook) Handle(ctx context.Context, req atypes.Request) atypes.Response
- func (w *Webhook) Handler() http.Handler
- func (w *Webhook) InjectClient(c client.Client) error
- func (w *Webhook) InjectDecoder(d atypes.Decoder) error
- func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (w *Webhook) Validate() error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ErrorResponse ¶
ErrorResponse creates a new Response for error-handling a request.
func NewDecoder ¶
NewDecoder creates a Decoder given the runtime.Scheme
func PatchResponse ¶
PatchResponse returns a new response with json patch.
Types ¶
type DecodeFunc ¶
DecodeFunc is a function that implements the Decoder interface.
type HandlerFunc ¶
HandlerFunc implements Handler interface using a single function.
type Webhook ¶
type Webhook struct { // Name is the name of the webhook Name string // Type is the webhook type, i.e. mutating, validating Type types.WebhookType // Path is the path this webhook will serve. Path string // Rules maps to the Rules field in admissionregistrationv1beta1.Webhook Rules []admissionregistrationv1beta1.RuleWithOperations // FailurePolicy maps to the FailurePolicy field in admissionregistrationv1beta1.Webhook // This optional. If not set, will be defaulted to Ignore (fail-open) by the server. // More details: https://github.com/kubernetes/api/blob/f5c295feaba2cbc946f0bbb8b535fc5f6a0345ee/admissionregistration/v1beta1/types.go#L144-L147 FailurePolicy *admissionregistrationv1beta1.FailurePolicyType // NamespaceSelector maps to the NamespaceSelector field in admissionregistrationv1beta1.Webhook // This optional. NamespaceSelector *metav1.LabelSelector // Handlers contains a list of handlers. Each handler may only contains the business logic for its own feature. // For example, feature foo and bar can be in the same webhook if all the other configurations are the same. // The handler will be invoked sequentially as the order in the list. // Note: if you are using mutating webhook with multiple handlers, it's your responsibility to // ensure the handlers are not generating conflicting JSON patches. Handlers []Handler // contains filtered or unexported fields }
Webhook represents each individual webhook.
func (*Webhook) GetType ¶
func (w *Webhook) GetType() types.WebhookType
GetType returns the type of the webhook.
func (*Webhook) Handle ¶
Handle processes AdmissionRequest. If the webhook is mutating type, it delegates the AdmissionRequest to each handler and merge the patches. If the webhook is validating type, it delegates the AdmissionRequest to each handler and deny the request if anyone denies.
func (*Webhook) InjectClient ¶
InjectClient injects the client into the handlers
func (*Webhook) InjectDecoder ¶
InjectDecoder injects the decoder into the handlers