webhook

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 17, 2018 License: Apache-2.0 Imports: 30 Imported by: 4,226

Documentation

Overview

Package webhook provides functions to build and bootstrap an admission webhook server for a k8s cluster.

Build webhooks

// mgr is the manager that runs the server.
webhook1, err := NewWebhookBuilder().
	Name("foo.k8s.io").
	Mutating().
	Path("/mutating-pods").
	Operations(admissionregistrationv1beta1.Create).
	ForType(&corev1.Pod{}).
	WithManager(mgr).
	Handlers(mutatingHandler1, mutatingHandler2).
	Build()
if err != nil {
	// handle error
}

webhook2, err := NewWebhookBuilder().
	Name("bar.k8s.io").
	Validating().
	Path("/validating-deployment").
	Operations(admissionregistrationv1beta1.Create, admissionregistrationv1beta1.Update).
	ForType(&appsv1.Deployment{}).
	WithManager(mgr).
	Handlers(validatingHandler1).
	Build()
if err != nil {
	// handle error
}

Create a server for webhooks.

as, err := NewServer("baz-admission-server", mrg, ServerOptions{})
if err != nil {
	// handle error
}

Register the webhooks in the server.

err = as.Register(webhook1, webhook2)
if err != nil {
	// handle error
}

Start the server by starting the manager

err := mrg.Start(signals.SetupSignalHandler())
if err != nil {
	// handle error
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BootstrapOptions

type BootstrapOptions struct {
	// MutatingWebhookConfigName is the name that used for creating the MutatingWebhookConfiguration object.
	MutatingWebhookConfigName string
	// ValidatingWebhookConfigName is the name that used for creating the ValidatingWebhookConfiguration object.
	ValidatingWebhookConfigName string

	// Secret is the location for storing the certificate for the admission server.
	// The server should have permission to create a secret in the namespace.
	// This is optional. If unspecified, it will write to the filesystem.
	// It the secret already exists and is different from the desired, it will be replaced.
	Secret *apitypes.NamespacedName
	// Writer is used in dryrun mode for writing the objects in yaml format.
	Writer io.Writer

	// Service is k8s service fronting the webhook server pod(s).
	// This field is optional. But one and only one of Service and Host need to be set.
	// This maps to field .webhooks.getClientConfig.service
	// https://github.com/kubernetes/api/blob/183f3326a9353bd6d41430fc80f96259331d029c/admissionregistration/v1beta1/types.go#L260
	Service *Service
	// Host is the host name of .webhooks.clientConfig.url
	// https://github.com/kubernetes/api/blob/183f3326a9353bd6d41430fc80f96259331d029c/admissionregistration/v1beta1/types.go#L250
	// This field is optional. But one and only one of Service and Host need to be set.
	// If neither Service nor Host is unspecified, Host will be defaulted to "localhost".
	Host *string
	// contains filtered or unexported fields
}

BootstrapOptions are options for bootstrapping an admission webhook server.

type Server

type Server struct {
	// Name is the name of server
	Name string

	// ServerOptions contains options for configuring the admission server.
	ServerOptions
	// contains filtered or unexported fields
}

Server is an admission webhook server that can serve traffic and generates related k8s resources for deploying.

func NewServer

func NewServer(name string, mgr manager.Manager, options ServerOptions) (*Server, error)

NewServer creates a new admission webhook server.

func (*Server) InjectClient

func (s *Server) InjectClient(c client.Client) error

InjectClient injects the client into the server

func (*Server) InjectDecoder

func (s *Server) InjectDecoder(d atypes.Decoder) error

InjectDecoder injects the client into the server

func (*Server) RefreshCert

func (s *Server) RefreshCert() (bool, error)

RefreshCert refreshes the certificate using Server's Provisioner if the certificate is expiring.

func (*Server) Register

func (s *Server) Register(webhooks ...Webhook) error

Register validates and registers webhook(s) in the server

func (*Server) Start

func (s *Server) Start(stop <-chan struct{}) error

Start runs the server if s.Dryrun is false. Otherwise, it will print the objects in yaml format.

type ServerOptions

type ServerOptions struct {
	// Port is the port number that the server will serve.
	// It will be defaulted to 443 if unspecified.
	Port int32

	// CertDir is the directory that contains the server key and certificate.
	// If using FSCertWriter in Provisioner, the server itself will provision the certificate and
	// store it in this directory.
	// If using SecretCertWriter in Provisioner, the server will provision the certificate in a secret,
	// the user is responsible to mount the secret to the this location for the server to consume.
	CertDir string

	// Client is a client defined in controller-runtime instead of a client-go client.
	// It knows how to talk to a kubernetes cluster.
	// Client will be injected by the manager if not set.
	Client client.Client

	// Dryrun controls if the server will install the webhookConfiguration and service if any.
	// If true, it will print the objects in yaml format.
	// If false, it will install the objects in the cluster.
	Dryrun bool

	// BootstrapOptions contains the options for bootstrapping the admission server.
	*BootstrapOptions
}

ServerOptions are options for configuring an admission webhook server.

type Service

type Service struct {
	// Name of the service
	Name string
	// Namespace of the service
	Namespace string
	// Selectors is the selector of the service.
	// This must select the pods that runs this webhook server.
	Selectors map[string]string
}

Service contains information for creating a service

type Webhook

type Webhook interface {
	// GetName returns the name of the webhook.
	GetName() string
	// GetPath returns the path that the webhook registered.
	GetPath() string
	// GetType returns the Type of the webhook.
	// e.g. mutating or validating
	GetType() types.WebhookType
	// Handler returns a http.Handler for the webhook.
	Handler() http.Handler
	// Validate validates if the webhook itself is valid.
	// If invalid, a non-nil error will be returned.
	Validate() error
}

Webhook defines the basics that a webhook should support.

Directories

Path Synopsis
Package admission provides functions to build and bootstrap an admission webhook server for a k8s cluster.
Package admission provides functions to build and bootstrap an admission webhook server for a k8s cluster.
internal
cert
Package cert provides functions to manage certificates for webhookClientConfiguration.
Package cert provides functions to manage certificates for webhookClientConfiguration.
cert/generator
Package generator provides an interface and implementation to provision certificates.
Package generator provides an interface and implementation to provision certificates.
cert/writer
Package writer provides method to provision and persist the certificates.
Package writer provides method to provision and persist the certificates.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL