webhook

package

v1.13.1-rc.1 Latest Latest Go to latest Published: Nov 7, 2024 License: Apache-2.0 Imports: 52 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/kyverno/kyverno

Documentation ¶

Index ¶

Constants
func AddFinalizers[T metav1.Object](ctx context.Context, client controllerutils.ObjectClient[T], ...) error
func DeleteFinalizers[T metav1.Object](ctx context.Context, client controllerutils.ObjectClient[T], ...) error
func NewController(discoveryClient dclient.IDiscovery, ...) controllers.Controller
func WebhookCleanupHandler(kubeClient kubernetes.Interface, finalizer string) func(context.Context, logr.Logger) error
func WebhookCleanupSetup(kubeClient kubernetes.Interface, finalizer string) func(context.Context, logr.Logger) error

Constants ¶

View Source

const (
	// Workers is the number of workers for this controller
	Workers                   = 2
	ControllerName            = "webhook-controller"
	DefaultWebhookTimeout     = 10
	AnnotationLastRequestTime = "kyverno.io/last-request-time"
	IdleDeadline              = tickerInterval * 10
)

Variables ¶

This section is empty.

Functions ¶

func AddFinalizers ¶ added in v1.13.0

func AddFinalizers[T metav1.Object](ctx context.Context, client controllerutils.ObjectClient[T], name, finalizer string) error

func DeleteFinalizers ¶ added in v1.13.0

func DeleteFinalizers[T metav1.Object](ctx context.Context, client controllerutils.ObjectClient[T], name, finalizer string) error

func NewController ¶

func NewController(
	discoveryClient dclient.IDiscovery,
	mwcClient controllerutils.ObjectClient[*admissionregistrationv1.MutatingWebhookConfiguration],
	vwcClient controllerutils.ObjectClient[*admissionregistrationv1.ValidatingWebhookConfiguration],
	leaseClient controllerutils.ObjectClient[*coordinationv1.Lease],
	kyvernoClient versioned.Interface,
	mwcInformer admissionregistrationv1informers.MutatingWebhookConfigurationInformer,
	vwcInformer admissionregistrationv1informers.ValidatingWebhookConfigurationInformer,
	cpolInformer kyvernov1informers.ClusterPolicyInformer,
	polInformer kyvernov1informers.PolicyInformer,
	deploymentInformer appsv1informers.DeploymentInformer,
	secretInformer corev1informers.SecretInformer,
	leaseInformer coordinationv1informers.LeaseInformer,
	clusterroleInformer rbacv1informers.ClusterRoleInformer,
	gctxentryInformer kyvernov2alpha1informers.GlobalContextEntryInformer,
	server string,
	defaultTimeout int32,
	servicePort int32,
	webhookServerPort int32,
	autoUpdateWebhooks bool,
	autoDeleteWebhooks bool,
	admissionReports bool,
	runtime runtimeutils.Runtime,
	configuration config.Configuration,
	caSecretName string,
	webhookCleanupSetup func(context.Context, logr.Logger) error,
	postWebhookCleanup func(context.Context, logr.Logger) error,
) controllers.Controller

func WebhookCleanupHandler ¶ added in v1.13.0

func WebhookCleanupHandler(
	kubeClient kubernetes.Interface,
	finalizer string,
) func(context.Context, logr.Logger) error

WebhookCleanupHandler is run after webhook configuration cleanup is performed to delete roles and service account. Admission controller cluster and namespaced roles and role bindings have finalizers to block their deletion until admission controller terminates. This handler removes the finalizers on roles and service account after they are used to cleanup webhook cfg. It does the following:

Deletes the cluster scoped rbac in order: a. Removes finalizers from controller cluster role binding b. Removes finalizers from controller core cluster role c. Removes finalizers from controller aggregated cluster role d. Temporary cluster role and cluster role binding created by WebhookCleanupSetup gets garbage collected after (c) automatically

Deletes the namespace scoped rbac in order: a. Removes finalizers from controller role binding. b. Removes finalizers from controller role. c. Removes finalizers from controller service account d. Temporary role and role binding created by WebhookCleanupSetup gets garbage collected after (c) automatically

func WebhookCleanupSetup ¶ added in v1.13.0

func WebhookCleanupSetup(
	kubeClient kubernetes.Interface,
	finalizer string,
) func(context.Context, logr.Logger) error

WebhookCleanupSetup creates temporary rbac owned by kyverno resources, these roles and cluster roles get automatically deleted when kyverno is uninstalled It creates the following resources:

Creates a temporary cluster role binding to give permission to delete kyverno's cluster role and set its owner ref to aggregated cluster role itself.
Creates a temporary role and role binding with permissions to delete a service account, roles and role bindings with owner ref set to the service account.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL