webhook

package
v4.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 25, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// SnapshotV1Beta1GVR is GroupVersionResource for v1beta1 VolumeSnapshots
	SnapshotV1Beta1GVR = metav1.GroupVersionResource{Group: volumesnapshotv1beta1.GroupName, Version: "v1beta1", Resource: "volumesnapshots"}
	// SnapshotV1GVR is GroupVersionResource for v1 VolumeSnapshots
	SnapshotV1GVR = metav1.GroupVersionResource{Group: volumesnapshotv1.GroupName, Version: "v1", Resource: "volumesnapshots"}
	// SnapshotContentV1Beta1GVR is GroupVersionResource for v1beta1 VolumeSnapshotContents
	SnapshotContentV1Beta1GVR = metav1.GroupVersionResource{Group: volumesnapshotv1beta1.GroupName, Version: "v1beta1", Resource: "volumesnapshotcontents"}
	// SnapshotContentV1GVR is GroupVersionResource for v1 VolumeSnapshotContents
	SnapshotContentV1GVR = metav1.GroupVersionResource{Group: volumesnapshotv1.GroupName, Version: "v1", Resource: "volumesnapshotcontents"}
)
View Source
var CmdWebhook = &cobra.Command{
	Use:   "validation-webhook",
	Short: "Starts a HTTPS server, uses ValidatingAdmissionWebhook to perform ratcheting validation on VolumeSnapshot and VolumeSnapshotContent",
	Long: `Starts a HTTPS server, uses ValidatingAdmissionWebhook to perform ratcheting validation on VolumeSnapshot and VolumeSnapshotContent.
After deploying it to Kubernetes cluster, the Administrator needs to create a ValidatingWebhookConfiguration
in the Kubernetes cluster to register remote webhook admission controllers. Phase one of https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/177-volume-snapshot/tighten-validation-webhook-crd.md`,
	Args: cobra.MaximumNArgs(0),
	Run:  main,
}

CmdWebhook is used by Cobra.

Functions

func ValidateV1Beta1Snapshot added in v4.1.0

func ValidateV1Beta1Snapshot(snapshot *crdv1beta1.VolumeSnapshot) error

ValidateV1Beta1Snapshot performs additional strict validation. Do NOT rely on this function to fully validate snapshot objects. This function will only check the additional rules provided by the webhook.

func ValidateV1Beta1SnapshotContent added in v4.1.0

func ValidateV1Beta1SnapshotContent(snapcontent *crdv1beta1.VolumeSnapshotContent) error

ValidateV1Beta1SnapshotContent performs additional strict validation. Do NOT rely on this function to fully validate snapshot content objects. This function will only check the additional rules provided by the webhook.

func ValidateV1Snapshot added in v4.1.0

func ValidateV1Snapshot(snapshot *crdv1.VolumeSnapshot) error

ValidateV1Snapshot performs additional strict validation. Do NOT rely on this function to fully validate snapshot objects. This function will only check the additional rules provided by the webhook.

func ValidateV1SnapshotContent added in v4.1.0

func ValidateV1SnapshotContent(snapcontent *crdv1.VolumeSnapshotContent) error

ValidateV1SnapshotContent performs additional strict validation. Do NOT rely on this function to fully validate snapshot content objects. This function will only check the additional rules provided by the webhook.

Types

type CertWatcher

type CertWatcher struct {
	sync.Mutex
	// contains filtered or unexported fields
}

CertWatcher watches certificate and key files for changes. When either file changes, it reads and parses both and calls an optional callback with the new certificate.

func NewCertWatcher

func NewCertWatcher(certPath, keyPath string) (*CertWatcher, error)

NewCertWatcher returns a new CertWatcher watching the given certificate and key.

func (*CertWatcher) GetCertificate

func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error)

GetCertificate fetches the currently loaded certificate, which may be nil.

func (*CertWatcher) ReadCertificate

func (cw *CertWatcher) ReadCertificate() error

ReadCertificate reads the certificate and key files from disk, parses them, and updates the current certificate on the watcher. If a callback is set, it is invoked with the new certificate.

func (*CertWatcher) Start

func (cw *CertWatcher) Start(ctx context.Context) error

Start starts the watch on the certificate and key files.

func (*CertWatcher) Watch

func (cw *CertWatcher) Watch()

Watch reads events from the watcher's channel and reacts to changes.

type Config

type Config struct {
	CertFile string
	KeyFile  string
}

Config contains the server (the webhook) cert and key.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL