Documentation
¶
Index ¶
- Constants
- func EnsureEgressNetworkPolicy(ctx context.Context, c client.Client, ...) error
- func EnsureIngressNetworkPolicy(ctx context.Context, c client.Client, extensionNamespace, extensionName string, ...) error
- func GetNetworkPolicyMeta(shootNamespace, extensionName string) *networkingv1.NetworkPolicy
- func New(mgr manager.Manager, args Args) (*extensionswebhook.Webhook, error)
- func ReconcileWebhookConfig(ctx context.Context, c client.Client, shootNamespace string, ...) error
- func ReconcileWebhooksForAllNamespaces(ctx context.Context, c client.Client, extensionNamespace string, ...) error
- type Args
Constants ¶
const ( // WebhookName is the name of the shoot webhook. WebhookName = "shoot" // KindSystem is used for webhooks which should only apply to the to the kube-system namespace. KindSystem = "system" )
Variables ¶
This section is empty.
Functions ¶
func EnsureEgressNetworkPolicy ¶ added in v1.66.0
func EnsureEgressNetworkPolicy(ctx context.Context, c client.Client, shootNamespace, extensionNamespace, extensionName string, port int) error
EnsureEgressNetworkPolicy ensures that the required egress network policy is installed that allows the kube-apiserver running in the given shoot namespace to talk to the extension webhook .
func EnsureIngressNetworkPolicy ¶ added in v1.66.0
func EnsureIngressNetworkPolicy(ctx context.Context, c client.Client, extensionNamespace, extensionName string, port int) error
EnsureIngressNetworkPolicy ensures that the required ingress network policy is installed that allows the kube-apiservers of shoot namespaces to talk to the extension webhook.
func GetNetworkPolicyMeta ¶
func GetNetworkPolicyMeta(shootNamespace, extensionName string) *networkingv1.NetworkPolicy
GetNetworkPolicyMeta returns the network policy object with filled metadata.
func ReconcileWebhookConfig ¶ added in v1.48.0
func ReconcileWebhookConfig( ctx context.Context, c client.Client, shootNamespace string, extensionNamespace string, extensionName string, managedResourceName string, serverPort int, shootWebhookConfig *admissionregistrationv1.MutatingWebhookConfiguration, cluster *controller.Cluster, ) error
ReconcileWebhookConfig deploys the shoot webhook configuration, i.e., a network policy to allow the kube-apiserver to talk to the extension, and a managed resource that contains the MutatingWebhookConfiguration.
func ReconcileWebhooksForAllNamespaces ¶ added in v1.48.0
func ReconcileWebhooksForAllNamespaces( ctx context.Context, c client.Client, extensionNamespace string, extensionName string, managedResourceName string, shootNamespaceSelector map[string]string, port int, shootWebhookConfig *admissionregistrationv1.MutatingWebhookConfiguration, ) error
ReconcileWebhooksForAllNamespaces reconciles the shoot webhooks in all shoot namespaces of the given provider type. This is necessary in case the webhook port is changed (otherwise, the network policy would only be updated again as part of the ControlPlane reconciliation which might only happen in the next 24h).
Types ¶
type Args ¶ added in v1.4.0
type Args struct {
// Types is a list of resource types.
Types []extensionswebhook.Type
// Mutator is a mutator to be used by the admission handler. It doesn't need the shoot client.
Mutator extensionswebhook.Mutator
// MutatorWithShootClient is a mutator to be used by the admission handler. It needs the shoot client.
MutatorWithShootClient extensionswebhook.MutatorWithShootClient
// FailurePolicy is the failure policy for the webhook (defaults to Ignore).
FailurePolicy *admissionregistrationv1.FailurePolicyType
}
Args are arguments for creating a webhook targeting a shoot.
Source Files