Documentation ¶
Overview ¶
Package mutating delegates admission checks to dynamically configured mutating webhooks.
Package mutating makes calls to mutating webhooks during the admission process.
Index ¶
Constants ¶
View Source
const ( // PatchAuditAnnotationPrefix is a prefix for persisting webhook patch in audit annotation. // Audit handler decides whether annotation with this prefix should be logged based on audit level. // Since mutating webhook patches the request body, audit level must be greater or equal to Request // for the annotation to be logged PatchAuditAnnotationPrefix = "patch.webhook.admission.k8s.io/" // MutationAuditAnnotationPrefix is a prefix for presisting webhook mutation existence in audit annotation. MutationAuditAnnotationPrefix = "mutation.webhook.admission.k8s.io/" // MutationAnnotationFailedOpenKeyPrefix in an annotation indicates // the mutating webhook failed open when the webhook backend connection // failed or returned an internal server error. MutationAuditAnnotationFailedOpenKeyPrefix string = "failed-open." + MutationAuditAnnotationPrefix )
View Source
const (
// PluginName indicates the name of admission plug-in
PluginName = "MutatingAdmissionWebhook"
)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type MutationAuditAnnotation ¶
type MutationAuditAnnotation struct { Configuration string `json:"configuration"` Webhook string `json:"webhook"` Mutated bool `json:"mutated"` }
MutationAuditAnnotation logs if a webhook invocation mutated the request object
type PatchAuditAnnotation ¶
type PatchAuditAnnotation struct { Configuration string `json:"configuration"` Webhook string `json:"webhook"` Patch interface{} `json:"patch,omitempty"` PatchType string `json:"patchType,omitempty"` }
PatchAuditAnnotation logs a patch from a mutating webhook
type Plugin ¶
Plugin is an implementation of admission.Interface.
func NewMutatingWebhook ¶
NewMutatingWebhook returns a generic admission webhook plugin.
func (*Plugin) Admit ¶
func (a *Plugin) Admit(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error
Admit makes an admission decision based on the request attributes.
func (*Plugin) ValidateInitialization ¶
ValidateInitialization implements the InitializationValidator interface.
Click to show internal directories.
Click to hide internal directories.