Documentation ¶
Index ¶
- Constants
- func HasMutateOrValidate(policy kyverno.Policy) bool
- func HasMutateOrValidatePolicies(policies []*kyverno.Policy) bool
- type ArrayFlags
- type WebhookServer
- func (ws *WebhookServer) HandleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse
- func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) (bool, engine.EngineResponse)
- func (ws *WebhookServer) HandlePolicyValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse
- func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, resource unstructured.Unstructured) *v1beta1.AdmissionResponse
- func (ws *WebhookServer) RunAsync()
- func (ws *WebhookServer) Stop()
Constants ¶
const ( BlockChanges = "enforce" ReportViolation = "audit" )
Policy Reporting Modes
Variables ¶
This section is empty.
Functions ¶
func HasMutateOrValidate ¶ added in v0.8.0
func HasMutateOrValidatePolicies ¶ added in v0.8.0
Types ¶
type ArrayFlags ¶ added in v0.4.0
type ArrayFlags []string
ArrayFlags to store filterkinds
func (*ArrayFlags) Set ¶ added in v0.4.0
func (i *ArrayFlags) Set(value string) error
Set setter for array flags
func (*ArrayFlags) String ¶ added in v0.4.0
func (i *ArrayFlags) String() string
type WebhookServer ¶
type WebhookServer struct {
// contains filtered or unexported fields
}
WebhookServer contains configured TLS server with MutationWebhook. MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.
func NewWebhookServer ¶
func NewWebhookServer( kyvernoClient *kyvernoclient.Clientset, client *client.Client, tlsPair *tlsutils.TlsPemPair, pInformer kyvernoinformer.PolicyInformer, pvInormer kyvernoinformer.PolicyViolationInformer, eventGen event.Interface, webhookRegistrationClient *webhookconfig.WebhookRegistrationClient, policyStatus policy.PolicyStatusInterface, filterK8Resources string) (*WebhookServer, error)
NewWebhookServer creates new instance of WebhookServer accordingly to given configuration Policy Controller and Kubernetes Client should be initialized in configuration
func (*WebhookServer) HandleAdmissionRequest ¶ added in v0.8.0
func (ws *WebhookServer) HandleAdmissionRequest(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse
func (*WebhookServer) HandleMutation ¶
func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest) (bool, engine.EngineResponse)
HandleMutation handles mutating webhook admission request
func (*WebhookServer) HandlePolicyValidation ¶ added in v0.6.0
func (ws *WebhookServer) HandlePolicyValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse
HandlePolicyValidation performs the validation check on policy resource
func (*WebhookServer) HandleValidation ¶
func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, resource unstructured.Unstructured) *v1beta1.AdmissionResponse
HandleValidation handles validating webhook admission request If there are no errors in validating rule we apply generation rules
func (*WebhookServer) RunAsync ¶
func (ws *WebhookServer) RunAsync()
RunAsync TLS server in separate thread and returns control immediately
func (*WebhookServer) Stop ¶
func (ws *WebhookServer) Stop()
Stop TLS server and returns control after the server is shut down