webhookconfig

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2022 License: Apache-2.0 Imports: 43 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var DefaultWebhookTimeout int32 = 10

Functions

This section is empty.

Types

type Monitor added in v1.3.0 

type Monitor struct {
	// contains filtered or unexported fields
}

Monitor stores the last webhook request time and monitors registered webhooks.

If a webhook is not received in the idleCheckInterval the monitor triggers a change in the Kyverno deployment to force a webhook request. If no requests are received after idleDeadline the webhooks are deleted and re-registered.

Each instance has an in-memory flag lastSeenRequestTime, recording the last received admission timestamp by the current instance. And the latest timestamp (latestTimestamp) is recorded in the annotation of the Kyverno deployment, this annotation could be updated by any instance. If the duration from latestTimestamp is longer than idleCheckInterval, the monitor triggers an annotation update; otherwise lastSeenRequestTime is updated to latestTimestamp.

Webhook configurations are checked every tickerInterval across all instances. Currently the check only queries for the expected resource name, and does not compare other details like the webhook settings.

func NewMonitor added in v1.3.0 

func NewMonitor(kubeClient kubernetes.Interface, log logr.Logger) (*Monitor, error)

NewMonitor returns a new instance of webhook monitor

func (*Monitor) Run added in v1.3.0 

func (t *Monitor) Run(register *Register, certRenewer *tls.CertRenewer, eventGen event.Interface, stopCh <-chan struct{})

Run runs the checker and verify the resource update

func (*Monitor) SetTime added in v1.3.0 

func (t *Monitor) SetTime(tm time.Time)

SetTime updates the last request time

func (*Monitor) Time added in v1.3.0 

func (t *Monitor) Time() time.Time

Time returns the last request time

type Register added in v1.3.0 

type Register struct {
	UpdateWebhookChan chan bool
	// contains filtered or unexported fields
}

Register manages webhook registration. There are five webhooks: 1. Policy Validation 2. Policy Mutation 3. Resource Validation 4. Resource Mutation 5. Webhook Status Mutation

func NewRegister added in v1.3.0 

func NewRegister(
	clientConfig *rest.Config,
	client dclient.Interface,
	kubeClient kubernetes.Interface,
	kyvernoClient versioned.Interface,
	mwcInformer admissionregistrationv1informers.MutatingWebhookConfigurationInformer,
	vwcInformer admissionregistrationv1informers.ValidatingWebhookConfigurationInformer,
	kDeplInformer appsv1informers.DeploymentInformer,
	pInformer kyvernov1informers.ClusterPolicyInformer,
	npInformer kyvernov1informers.PolicyInformer,
	metricsConfig metrics.MetricsConfigManager,
	serverIP string,
	webhookTimeout int32,
	debug bool,
	autoUpdateWebhooks bool,
	stopCh <-chan struct{},
	log logr.Logger,
) *Register

NewRegister creates new Register instance

func (*Register) Check added in v1.3.0 

func (wrc *Register) Check() error

Check returns an error if any of the webhooks are not configured

func (*Register) GetKubePolicyClusterRoleName added in v1.5.2 

func (wrc *Register) GetKubePolicyClusterRoleName() (*rbacv1.ClusterRole, error)

func (*Register) GetKubePolicyDeployment added in v1.3.5 

func (wrc *Register) GetKubePolicyDeployment() (*appsv1.Deployment, error)

GetKubePolicyDeployment gets Kyverno deployment using the resource cache it does not initialize any client call

func (*Register) GetWebhookTimeOut added in v1.3.0 

func (wrc *Register) GetWebhookTimeOut() time.Duration

GetWebhookTimeOut returns the value of webhook timeout

func (*Register) Register added in v1.3.0 

func (wrc *Register) Register() error

Register clean up the old webhooks and re-creates admission webhooks configs on cluster

func (*Register) Remove added in v1.3.0 

func (wrc *Register) Remove(cleanupKyvernoResource bool, wg *sync.WaitGroup)

Remove removes all webhook configurations

func (*Register) ResetPolicyStatus added in v1.8.0 

func (wrc *Register) ResetPolicyStatus(kyvernoInTermination bool, wg *sync.WaitGroup)

func (*Register) ShouldCleanupKyvernoResource added in v1.8.0 

func (wrc *Register) ShouldCleanupKyvernoResource() bool

func (*Register) UpdateWebhookConfigurations added in v1.4.0 

func (wrc *Register) UpdateWebhookConfigurations(configHandler config.Configuration)

UpdateWebhookConfigurations updates resource webhook configurations dynamically based on the UPDATEs of Kyverno ConfigMap defined in INIT_CONFIG env

it currently updates namespaceSelector only, can be extend to update other fields +deprecated

func (*Register) UpdateWebhooksCaBundle added in v1.8.0 

func (wrc *Register) UpdateWebhooksCaBundle() error

func (*Register) ValidateWebhookConfigurations added in v1.4.0 

func (wrc *Register) ValidateWebhookConfigurations(namespace, name string) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.