webhooks

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2019 License: Apache-2.0 Imports: 30 Imported by: 1

Documentation

Index

Constants

View Source
const (
	Enforce = "enforce" // blocks the request on failure
	Audit   = "audit"   // dont block the request on failure, but report failiures as policy violations
)

Policy Reporting Modes

Variables

This section is empty.

Functions

This section is empty.

Types

type ArrayFlags added in v0.4.0

type ArrayFlags []string

ArrayFlags to store filterkinds

func (*ArrayFlags) Set added in v0.4.0

func (i *ArrayFlags) Set(value string) error

Set setter for array flags

func (*ArrayFlags) String added in v0.4.0

func (i *ArrayFlags) String() string

type WebhookServer

type WebhookServer struct {
	// contains filtered or unexported fields
}

WebhookServer contains configured TLS server with MutationWebhook. MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.

func NewWebhookServer

func NewWebhookServer(
	kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	tlsPair *tlsutils.TlsPemPair,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
	eventGen event.Interface,
	webhookRegistrationClient *webhookconfig.WebhookRegistrationClient,
	policyStatus policy.PolicyStatusInterface,
	filterK8Resources string,
	cleanUp chan<- struct{}) (*WebhookServer, error)

NewWebhookServer creates new instance of WebhookServer accordingly to given configuration Policy Controller and Kubernetes Client should be initialized in configuration

func (*WebhookServer) HandleMutation

func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) (bool, []byte, string)

HandleMutation handles mutating webhook admission request

func (*WebhookServer) HandleValidation

func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, patchedResource []byte) (bool, string)

HandleValidation handles validating webhook admission request If there are no errors in validating rule we apply generation rules patchedResource is the (resource + patches) after applying mutation rules

func (*WebhookServer) RunAsync

func (ws *WebhookServer) RunAsync()

RunAsync TLS server in separate thread and returns control immediately

func (*WebhookServer) Stop

func (ws *WebhookServer) Stop()

Stop TLS server and returns control after the server is shut down

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL