webhooks

package
v1.1.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 8, 2020 License: Apache-2.0 Imports: 52 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HandleValidation added in v1.1.7

func HandleValidation(
	request *v1beta1.AdmissionRequest,
	policies []*kyverno.ClusterPolicy,
	patchedResource []byte,
	ctx *context.Context,
	userRequestInfo kyverno.RequestInfo,
	statusListener policystatus.Listener,
	eventGen event.Interface,
	pvGenerator policyviolation.GeneratorInterface,
	log logr.Logger,
	dynamicConfig config.Interface) (bool, string)

HandleValidation handles validating webhook admission request If there are no errors in validating rule we apply generation rules patchedResource is the (resource + patches) after applying mutation rules

Types

type ArrayFlags added in v0.4.0

type ArrayFlags []string

ArrayFlags to store filterkinds

func (*ArrayFlags) Set added in v0.4.0

func (i *ArrayFlags) Set(value string) error

Set setter for array flags

func (*ArrayFlags) String added in v0.4.0

func (i *ArrayFlags) String() string

type AuditHandler added in v1.1.7

type AuditHandler interface {
	Add(request *v1beta1.AdmissionRequest)
	Run(workers int, stopCh <-chan struct{})
}

Handler applies validate audit policies to the admission request the handler adds the request to the work queue and returns immediately the request is processed in background, with the exact same logic when process the admission request in the webhook

func NewValidateAuditHandler added in v1.1.7

func NewValidateAuditHandler(pCache policycache.Interface,
	eventGen event.Interface,
	statusListener policystatus.Listener,
	pvGenerator policyviolation.GeneratorInterface,
	rbInformer rbacinformer.RoleBindingInformer,
	crbInformer rbacinformer.ClusterRoleBindingInformer,
	log logr.Logger,
	dynamicConfig config.Interface) AuditHandler

NewValidateAuditHandler returns a new instance of audit policy handler

type WebhookServer

type WebhookServer struct {
	// contains filtered or unexported fields
}

WebhookServer contains configured TLS server with MutationWebhook.

func NewWebhookServer

func NewWebhookServer(
	kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	tlsPair *tlsutils.TlsPemPair,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	rbInformer rbacinformer.RoleBindingInformer,
	crbInformer rbacinformer.ClusterRoleBindingInformer,
	rInformer rbacinformer.RoleInformer,
	crInformer rbacinformer.ClusterRoleInformer,
	eventGen event.Interface,
	pCache policycache.Interface,
	webhookRegistrationClient *webhookconfig.WebhookRegistrationClient,
	statusSync policystatus.Listener,
	configHandler config.Interface,
	pvGenerator policyviolation.GeneratorInterface,
	grGenerator *generate.Generator,
	resourceWebhookWatcher *webhookconfig.ResourceWebhookRegister,
	auditHandler AuditHandler,
	supportMutateValidate bool,
	cleanUp chan<- struct{},
	log logr.Logger,
	openAPIController *openapi.Controller,
) (*WebhookServer, error)

NewWebhookServer creates new instance of WebhookServer accordingly to given configuration Policy Controller and Kubernetes Client should be initialized in configuration

func (*WebhookServer) HandleGenerate added in v1.1.0

func (ws *WebhookServer) HandleGenerate(request *v1beta1.AdmissionRequest, policies []*kyverno.ClusterPolicy, ctx *context.Context, userRequestInfo kyverno.RequestInfo, dynamicConfig config.Interface)

HandleGenerate handles admission-requests for policies with generate rules

func (*WebhookServer) HandleMutation

func (ws *WebhookServer) HandleMutation(
	request *v1beta1.AdmissionRequest,
	resource unstructured.Unstructured,
	policies []*kyverno.ClusterPolicy,
	ctx *context.Context,
	userRequestInfo kyverno.RequestInfo) []byte

HandleMutation handles mutating webhook admission request return value: generated patches

func (*WebhookServer) ResourceMutation added in v1.1.11

func (ws *WebhookServer) ResourceMutation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse

func (*WebhookServer) RunAsync

func (ws *WebhookServer) RunAsync(stopCh <-chan struct{})

RunAsync TLS server in separate thread and returns control immediately

func (*WebhookServer) Stop

func (ws *WebhookServer) Stop(ctx context.Context)

Stop TLS server and returns control after the server is shut down

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL