Documentation ¶
Index ¶
- Constants
- type ArrayFlags
- type WebhookServer
- func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, ...) (bool, []byte, string)
- func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, ...) (bool, string)
- func (ws *WebhookServer) RunAsync(stopCh <-chan struct{})
- func (ws *WebhookServer) Stop()
Constants ¶
const ( Enforce = "enforce" // blocks the request on failure Audit = "audit" // dont block the request on failure, but report failiures as policy violations )
Policy Reporting Modes
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ArrayFlags ¶ added in v0.4.0
type ArrayFlags []string
ArrayFlags to store filterkinds
func (*ArrayFlags) Set ¶ added in v0.4.0
func (i *ArrayFlags) Set(value string) error
Set setter for array flags
func (*ArrayFlags) String ¶ added in v0.4.0
func (i *ArrayFlags) String() string
type WebhookServer ¶
type WebhookServer struct {
// contains filtered or unexported fields
}
WebhookServer contains configured TLS server with MutationWebhook. MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.
func NewWebhookServer ¶
func NewWebhookServer( kyvernoClient *kyvernoclient.Clientset, client *client.Client, tlsPair *tlsutils.TlsPemPair, pInformer kyvernoinformer.ClusterPolicyInformer, pvInformer kyvernoinformer.ClusterPolicyViolationInformer, namespacepvInformer kyvernoinformer.NamespacedPolicyViolationInformer, rbInformer rbacinformer.RoleBindingInformer, crbInformer rbacinformer.ClusterRoleBindingInformer, eventGen event.Interface, webhookRegistrationClient *webhookconfig.WebhookRegistrationClient, policyStatus policy.PolicyStatusInterface, configHandler config.Interface, pMetaStore policystore.LookupInterface, pvGenerator policyviolation.GeneratorInterface, cleanUp chan<- struct{}) (*WebhookServer, error)
NewWebhookServer creates new instance of WebhookServer accordingly to given configuration Policy Controller and Kubernetes Client should be initialized in configuration
func (*WebhookServer) HandleMutation ¶
func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, roles, clusterRoles []string) (bool, []byte, string)
HandleMutation handles mutating webhook admission request
func (*WebhookServer) HandleValidation ¶
func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, patchedResource []byte, roles, clusterRoles []string) (bool, string)
handleValidation handles validating webhook admission request If there are no errors in validating rule we apply generation rules patchedResource is the (resource + patches) after applying mutation rules
func (*WebhookServer) RunAsync ¶
func (ws *WebhookServer) RunAsync(stopCh <-chan struct{})
RunAsync TLS server in separate thread and returns control immediately
func (*WebhookServer) Stop ¶
func (ws *WebhookServer) Stop()
Stop TLS server and returns control after the server is shut down