webhook

package
v0.0.0-...-7cc1d6a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 15, 2019 License: Apache-2.0 Imports: 41 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateCerts 

func CreateCerts(ctx context.Context, name, namespace string) (serverKey, serverCert, caCert []byte, err error)

CreateCerts creates and returns a CA certificate and certificate and key for the server. serverKey and serverCert are used by the server to establish trust for clients, CA certificate is used by the client to verify the server authentication chain.

func SetUserInfoAnnotations 

func SetUserInfoAnnotations(resource apis.HasSpec, ctx context.Context, groupName string)

SetUserInfoAnnotations sets creator and updater annotations on a resource.

Types

type AdmissionController 

type AdmissionController interface {
	Admit(context.Context, *admissionv1beta1.AdmissionRequest) *admissionv1beta1.AdmissionResponse
	Register(context.Context, kubernetes.Interface, []byte) error
}

AdmissionController provides the interface for different admission controllers

func NewConfigValidationController 

func NewConfigValidationController(
	constructors configmap.Constructors,
	opts ControllerOptions) AdmissionController

NewConfigValidationController constructs a ConfigValidationController

func NewResourceAdmissionController 

func NewResourceAdmissionController(
	handlers map[schema.GroupVersionKind]GenericCRD,
	opts ControllerOptions,
	disallowUnknownFields bool) AdmissionController

NewResourceAdmissionController constructs a ResourceAdmissionController

type ConfigValidationController 

type ConfigValidationController struct {
	// contains filtered or unexported fields
}

ConfigValidationController implements the AdmissionController for ConfigMaps

func (*ConfigValidationController) Admit 

func (ac *ConfigValidationController) Admit(ctx context.Context, request *admissionv1beta1.AdmissionRequest) *admissionv1beta1.AdmissionResponse

func (*ConfigValidationController) Register 

func (ac *ConfigValidationController) Register(ctx context.Context, kubeClient kubernetes.Interface, caCert []byte) error

type ControllerOptions 

type ControllerOptions struct {
	// ResourceMutatingWebhookName is the name of the webhook we create to handle
	// mutations before they get stored in the storage.
	ResourceMutatingWebhookName string

	// ConfigValidationWebhookName is the name of the webhook we create to handle
	// mutations before they get stored in the storage.
	ConfigValidationWebhookName string

	// ServiceName is the service name of the webhook.
	ServiceName string

	// DeploymentName is the service name of the webhook.
	DeploymentName string

	// SecretName is the name of k8s secret that contains the webhook
	// server key/cert and corresponding CA cert that signed them. The
	// server key/cert are used to serve the webhook and the CA cert
	// is provided to k8s apiserver during admission controller
	// registration.
	SecretName string

	// Namespace is the namespace in which everything above lives.
	Namespace string

	// Port where the webhook is served. Per k8s admission
	// registration requirements this should be 443 unless there is
	// only a single port for the service.
	Port int

	// RegistrationDelay controls how long admission registration
	// occurs after the webhook is started. This is used to avoid
	// potential races where registration completes and k8s apiserver
	// invokes the webhook before the HTTP server is started.
	RegistrationDelay time.Duration

	// ClientAuthType declares the policy the webhook server will follow for
	// TLS Client Authentication.
	// The default value is tls.NoClientCert.
	ClientAuth tls.ClientAuthType

	// StatsReporter reports metrics about the webhook.
	// This will be automatically initialized by the constructor if left uninitialized.
	StatsReporter StatsReporter

	// Service path for ResourceAdmissionController webhook
	// Default is "/" for backward compatibility and is set by the constructor
	ResourceAdmissionControllerPath string

	// Service path for ConfigValidationController webhook
	// Default is "/config-validation" and is set by the constructor
	ConfigValidationControllerPath string

	// NamespaceLabel is the label for the Namespace we bind ConfigValidationController to
	ConfigValidationNamespaceLabel string
}

ControllerOptions contains the configuration for the webhook

type GenericCRD 

type GenericCRD interface {
	apis.Defaultable
	apis.Validatable
	runtime.Object
}

GenericCRD is the interface definition that allows us to perform the generic CRD actions like deciding whether to increment generation and so forth.

type ResourceAdmissionController 

type ResourceAdmissionController struct {
	// contains filtered or unexported fields
}

ResourceAdmissionController implements the AdmissionController for resources

func (*ResourceAdmissionController) Admit 

func (ac *ResourceAdmissionController) Admit(ctx context.Context, request *admissionv1beta1.AdmissionRequest) *admissionv1beta1.AdmissionResponse

func (*ResourceAdmissionController) Register 

func (ac *ResourceAdmissionController) Register(ctx context.Context, kubeClient kubernetes.Interface, caCert []byte) error

type ResourceCallback 

type ResourceCallback func(patches *[]jsonpatch.JsonPatchOperation, old GenericCRD, new GenericCRD) error

ResourceCallback defines a signature for resource specific (Route, Configuration, etc.) handlers that can validate and mutate an object. If non-nil error is returned, object mutation is denied. Mutations should be appended to the patches operations.

type ResourceDefaulter 

type ResourceDefaulter func(patches *[]jsonpatch.JsonPatchOperation, crd GenericCRD) error

ResourceDefaulter defines a signature for resource specific (Route, Configuration, etc.) handlers that can set defaults on an object. If non-nil error is returned, object mutation is denied. Mutations should be appended to the patches operations.

type StatsReporter 

type StatsReporter interface {
	ReportRequest(request *admissionv1beta1.AdmissionRequest, response *admissionv1beta1.AdmissionResponse, d time.Duration) error
}

StatsReporter reports webhook metrics

func NewStatsReporter 

func NewStatsReporter() (StatsReporter, error)

NewStatsReporter creaters a reporter for webhook metrics

type Webhook 

type Webhook struct {
	Client  kubernetes.Interface
	Options ControllerOptions
	Logger  *zap.SugaredLogger

	WithContext func(context.Context) context.Context
	// contains filtered or unexported fields
}

Webhook implements the external webhook for validation of resources and configuration.

func New 

func New(
	client kubernetes.Interface,
	opts ControllerOptions,
	admissionControllers map[string]AdmissionController,
	logger *zap.SugaredLogger,
	ctx func(context.Context) context.Context,
) (*Webhook, error)

New constructs a Webhook

func (*Webhook) Run 

func (ac *Webhook) Run(stop <-chan struct{}) error

Run implements the admission controller run loop.

func (*Webhook) ServeHTTP 

func (ac *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements the external admission webhook for mutating serving resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.