Affected by 
Documentation
¶
Index ¶
- Constants
- type ArrayFlags
- type WebhookServer
- func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, ...) (bool, string)
- func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resource unstructured.Unstructured, ...) []byte
- func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, ...) (bool, string)
- func (ws *WebhookServer) RunAsync(stopCh <-chan struct{})
- func (ws *WebhookServer) Stop(ctx context.Context)
Constants ¶
const ( Enforce = "enforce" // blocks the request on failure Audit = "audit" // dont block the request on failure, but report failiures as policy violations )
Policy Reporting Modes
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArrayFlags ¶ added in v0.4.0
type ArrayFlags []string
ArrayFlags to store filterkinds
func (*ArrayFlags) Set ¶ added in v0.4.0
func (i *ArrayFlags) Set(value string) error
Set setter for array flags
func (*ArrayFlags) String ¶ added in v0.4.0
func (i *ArrayFlags) String() string
type WebhookServer ¶
type WebhookServer struct {
// contains filtered or unexported fields
}
WebhookServer contains configured TLS server with MutationWebhook. MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.
func NewWebhookServer ¶
func NewWebhookServer( kyvernoClient *kyvernoclient.Clientset, client *client.Client, tlsPair *tlsutils.TlsPemPair, pInformer kyvernoinformer.ClusterPolicyInformer, rbInformer rbacinformer.RoleBindingInformer, crbInformer rbacinformer.ClusterRoleBindingInformer, eventGen event.Interface, webhookRegistrationClient *webhookconfig.WebhookRegistrationClient, policyStatus policy.PolicyStatusInterface, configHandler config.Interface, pMetaStore policystore.LookupInterface, pvGenerator policyviolation.GeneratorInterface, grGenerator *generate.Generator, resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister, cleanUp chan<- struct{}) (*WebhookServer, error)
NewWebhookServer creates new instance of WebhookServer accordingly to given configuration Policy Controller and Kubernetes Client should be initialized in configuration
func (*WebhookServer) HandleGenerate ¶ added in v1.1.0
func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, patchedResource []byte, roles, clusterRoles []string) (bool, string)
func (*WebhookServer) HandleMutation ¶
func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, resource unstructured.Unstructured, policies []kyverno.ClusterPolicy, roles, clusterRoles []string) []byte
HandleMutation handles mutating webhook admission request return value: generated patches
func (*WebhookServer) HandleValidation ¶
func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, patchedResource []byte, roles, clusterRoles []string) (bool, string)
HandleValidation handles validating webhook admission request If there are no errors in validating rule we apply generation rules patchedResource is the (resource + patches) after applying mutation rules
func (*WebhookServer) RunAsync ¶
func (ws *WebhookServer) RunAsync(stopCh <-chan struct{})
RunAsync TLS server in separate thread and returns control immediately
func (*WebhookServer) Stop ¶
func (ws *WebhookServer) Stop(ctx context.Context)
Stop TLS server and returns control after the server is shut down
Source Files
Directories