shoot

package
v1.71.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2023 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 21 Imported by: 16

Documentation

Index

Constants

View Source
const (
	// WebhookName is the name of the shoot webhook.
	WebhookName = "shoot"
	// KindSystem is used for webhooks which should only apply to the to the kube-system namespace.
	KindSystem = "system"
)

Variables

This section is empty.

Functions

func EnsureEgressNetworkPolicy added in v1.66.0

func EnsureEgressNetworkPolicy(ctx context.Context, c client.Client, shootNamespace, extensionNamespace, extensionName string, port int) error

EnsureEgressNetworkPolicy ensures that the required egress network policy is installed that allows the kube-apiserver running in the given shoot namespace to talk to the extension webhook .

func EnsureIngressNetworkPolicy added in v1.66.0

func EnsureIngressNetworkPolicy(ctx context.Context, c client.Client, extensionNamespace, extensionName string, port int) error

EnsureIngressNetworkPolicy ensures that the required ingress network policy is installed that allows the kube-apiservers of shoot namespaces to talk to the extension webhook.

func GetNetworkPolicyMeta

func GetNetworkPolicyMeta(shootNamespace, extensionName string) *networkingv1.NetworkPolicy

GetNetworkPolicyMeta returns the network policy object with filled metadata.

func New added in v1.4.0

New creates a new webhook with the shoot as target cluster.

func ReconcileWebhookConfig added in v1.48.0

func ReconcileWebhookConfig(
	ctx context.Context,
	c client.Client,
	shootNamespace string,
	extensionNamespace string,
	extensionName string,
	managedResourceName string,
	serverPort int,
	shootWebhookConfig *admissionregistrationv1.MutatingWebhookConfiguration,
	cluster *controller.Cluster,
) error

ReconcileWebhookConfig deploys the shoot webhook configuration, i.e., a network policy to allow the kube-apiserver to talk to the extension, and a managed resource that contains the MutatingWebhookConfiguration.

func ReconcileWebhooksForAllNamespaces added in v1.48.0

func ReconcileWebhooksForAllNamespaces(
	ctx context.Context,
	c client.Client,
	extensionNamespace string,
	extensionName string,
	managedResourceName string,
	shootNamespaceSelector map[string]string,
	port int,
	shootWebhookConfig *admissionregistrationv1.MutatingWebhookConfiguration,
) error

ReconcileWebhooksForAllNamespaces reconciles the shoot webhooks in all shoot namespaces of the given provider type. This is necessary in case the webhook port is changed (otherwise, the network policy would only be updated again as part of the ControlPlane reconciliation which might only happen in the next 24h).

Types

type Args added in v1.4.0

type Args struct {
	// Types is a list of resource types.
	Types []extensionswebhook.Type
	// Mutator is a mutator to be used by the admission handler. It doesn't need the shoot client.
	Mutator extensionswebhook.Mutator
	// MutatorWithShootClient is a mutator to be used by the admission handler. It needs the shoot client.
	MutatorWithShootClient extensionswebhook.MutatorWithShootClient
	// FailurePolicy is the failure policy for the webhook (defaults to Ignore).
	FailurePolicy *admissionregistrationv1.FailurePolicyType
}

Args are arguments for creating a webhook targeting a shoot.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL