webhook

package module
v1.0.1-0...-be6a145 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 8, 2021 License: Apache-2.0 Imports: 37 Imported by: 2

README

k8s webhook手脚架

  1. 自动签发证书

    • 进入 example/cert/testdata 执行 kubectl apply -f webhook_init.yaml 进行初始化webhook
    • 进入 example/cert 调整参数执行cert.go
    • 进入 example/cert/testdata 执行 kubectl get -f webhook_init.yaml -o yaml 验证是否替换证书和service成功
    • example/cert/rbac.yaml是需要的rbac,用管理员权限可忽略

  2. 普通webhook (借鉴kubebuilder实现)

    • main.go加入方法

       hookServer := mgr.GetWebhookServer()
 webhook.SetupWebhook(hookServer, mgr)

Documentation

Overview

Copyright © 2021 cuisongliu@qq.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2021 cuisongliu@qq.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2021 cuisongliu@qq.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2021 cuisongliu@qq.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright 2018 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2021 cuisongliu@qq.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright © 2021 cuisongliu@qq.com

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DefaultingWebhookFor 

func DefaultingWebhookFor(defaulter Defaulter) *admission.Webhook

DefaultingWebhookFor creates a new Webhook for Defaulting the provided type.

func GenerateCSR 

func GenerateCSR(cfg CertConfig, key crypto.Signer) (*x509.CertificateRequest, []byte, error)

GenerateCSR will generate a new *x509.CertificateRequest template to be used by issuers that utilise CSRs to obtain Certificates. The CSR will not be signed, and should be passed to either EncodeCSR or to the x509.CreateCertificateRequest function.

func JsonConvert 

func JsonConvert(from interface{}, to interface{}) error

func NewPrivateKey 

func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)

NewPrivateKey creates an RSA private key

func NewSigned 

func NewSigned(cfg CertConfig) (csr, keyPEM []byte, err error)

func ValidatingWebhookFor 

func ValidatingWebhookFor(validator Validator) *admission.Webhook

ValidatingWebhookFor creates a new Webhook for validating the provided type.

Types

type CertConfig 

type CertConfig struct {
	CommonName   string
	Organization []string
	// AltNames contains the domain names and IP addresses that will be added
	// to the API Server's x509 certificate SubAltNames field. The values will
	// be passed directly to the x509.Certificate object.
	AltNames struct {
		DNSNames []string
		IPs      []net.IP
	}
}

type CertWebHook 

type CertWebHook struct {
	//证书相关
	Subject []string
	CertDir string
	//kubernetes相关资源
	Namespace   string
	ServiceName string
	SecretName  string
	CsrName     string
	WebHook     []WebHook
	// contains filtered or unexported fields
}

func (*CertWebHook) Generator 

func (c *CertWebHook) Generator() error

func (*CertWebHook) Init 

func (c *CertWebHook) Init() error

type Defaulter 

type Defaulter interface {
	Default()
	RuntimeObject
}

Defaulter defines functions for setting defaults on resources

type RuntimeObject 

type RuntimeObject interface {
	OutRuntimeObject() runtime.Object
	IntoRuntimeObject(runtime.Object)
	GetClient() client.Client
}

Defaulter defines functions for setting defaults on resources

type Validator 

type Validator interface {
	RuntimeObject
	ValidateCreate() error
	ValidateUpdate(old runtime.Object) error
	ValidateDelete() error
}

Validator defines functions for validating an operation

type WebHook 

type WebHook struct {
	ValidatingName  string
	MutatingName    string
	ObjectSelect    map[string]*v1.LabelSelector
	NamespaceSelect map[string]*v1.LabelSelector
}

type WebhookObject 

type WebhookObject struct {
	WK             *webhook.Server
	Webhook        RuntimeObject
	Obj            runtime.Object
	ValidatingPath string
	DefaultingPath string
	Client         client.Client
}

func (*WebhookObject) Init 

func (wko *WebhookObject) Init()

Source Files

View all Source files

Directories

Path Synopsis
example
cert
webhook

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.