webhook

package
v0.11.0-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 4, 2021 License: Apache-2.0 Imports: 22 Imported by: 3,942

Documentation

Overview

Package webhook provides methods to build and bootstrap a webhook server.

Currently, it only supports admission webhooks. It will support CRD conversion webhooks in the near future.

Example

This example registers a webhooks to a webhook server that gets ran by a controller manager.

// Create a manager
// Note: GetConfigOrDie will os.Exit(1) w/o any message if no kube-config can be found
mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{})
if err != nil {
	panic(err)
}

// Create a webhook server.
hookServer := &Server{
	Port: 8443,
}
if err := mgr.Add(hookServer); err != nil {
	panic(err)
}

// Register the webhooks in the server.
hookServer.Register("/mutating", mutatingHook)
hookServer.Register("/validating", validatingHook)

// Start the server by starting a previously-set-up manager
err = mgr.Start(ctrl.SetupSignalHandler())
if err != nil {
	// handle error
	panic(err)
}
Output:

Index

Examples

Constants

This section is empty.

Variables

View Source
var (
	// Allowed indicates that the admission request should be allowed for the given reason.
	Allowed = admission.Allowed

	// Denied indicates that the admission request should be denied for the given reason.
	Denied = admission.Denied

	// Patched indicates that the admission request should be allowed for the given reason,
	// and that the contained object should be mutated using the given patches.
	Patched = admission.Patched

	// Errored indicates that an error occurred in the admission request.
	Errored = admission.Errored
)
View Source
var DefaultPort = 9443

DefaultPort is the default port that the webhook server serves.

Functions

This section is empty.

Types

type Admission added in v0.2.0

type Admission = admission.Webhook

Admission is webhook suitable for registration with the server an admission webhook that validates API operations and potentially mutates their contents.

type AdmissionDecoder added in v0.2.0

type AdmissionDecoder = admission.Decoder

AdmissionDecoder knows how to decode objects from admission requests.

type AdmissionHandler added in v0.2.0

type AdmissionHandler = admission.Handler

AdmissionHandler knows how to process admission requests, validating them, and potentially mutating the objects they contain.

type AdmissionRequest added in v0.2.0

type AdmissionRequest = admission.Request

AdmissionRequest defines the input for an admission handler. It contains information to identify the object in question (group, version, kind, resource, subresource, name, namespace), as well as the operation in question (e.g. Get, Create, etc), and the object itself.

type AdmissionResponse added in v0.2.0

type AdmissionResponse = admission.Response

AdmissionResponse is the output of an admission handler. It contains a response indicating if a given operation is allowed, as well as a set of patches to mutate the object in the case of a mutating admission handler.

type CustomDefaulter added in v0.10.2

type CustomDefaulter = admission.CustomDefaulter

CustomDefaulter defines functions for setting defaults on resources.

type CustomValidator added in v0.10.2

type CustomValidator = admission.CustomValidator

CustomValidator defines functions for validating an operation.

type Defaulter added in v0.2.0

type Defaulter = admission.Defaulter

Defaulter defines functions for setting defaults on resources.

type JSONPatchOp added in v0.2.0

type JSONPatchOp = jsonpatch.Operation

JSONPatchOp represents a single JSONPatch patch operation.

type Server

type Server struct {
	// Host is the address that the server will listen on.
	// Defaults to "" - all addresses.
	Host string

	// Port is the port number that the server will serve.
	// It will be defaulted to 9443 if unspecified.
	Port int

	// CertDir is the directory that contains the server key and certificate. The
	// server key and certificate.
	CertDir string

	// CertName is the server certificate name. Defaults to tls.crt.
	CertName string

	// KeyName is the server key name. Defaults to tls.key.
	KeyName string

	// ClientCAName is the CA certificate name which server used to verify remote(client)'s certificate.
	// Defaults to "", which means server does not verify client's certificate.
	ClientCAName string

	// TLSVersion is the minimum version of TLS supported. Accepts
	// "", "1.0", "1.1", "1.2" and "1.3" only ("" is equivalent to "1.0" for backwards compatibility)
	TLSMinVersion string

	// WebhookMux is the multiplexer that handles different webhooks.
	WebhookMux *http.ServeMux
	// contains filtered or unexported fields
}

Server is an admission webhook server that can serve traffic and generates related k8s resources for deploying.

TLS is required for a webhook to be accessed by kubernetes, so you must provide a CertName and KeyName or have valid cert/key at the default locations (tls.crt and tls.key). If you do not want to configure TLS (i.e for testing purposes) run an admission.StandaloneWebhook in your own server.

func (*Server) InjectFunc added in v0.2.0

func (s *Server) InjectFunc(f inject.Func) error

InjectFunc injects the field setter into the server.

func (*Server) NeedLeaderElection added in v0.2.0

func (*Server) NeedLeaderElection() bool

NeedLeaderElection implements the LeaderElectionRunnable interface, which indicates the webhook server doesn't need leader election.

func (*Server) Register

func (s *Server) Register(path string, hook http.Handler)

Register marks the given webhook as being served at the given path. It panics if two hooks are registered on the same path.

func (*Server) Start

func (s *Server) Start(ctx context.Context) error

Start runs the server. It will install the webhook related resources depend on the server configuration.

func (*Server) StartStandalone added in v0.9.0

func (s *Server) StartStandalone(ctx context.Context, scheme *runtime.Scheme) error

StartStandalone runs a webhook server without a controller manager.

Example

This example creates a webhook server that can be ran without a controller manager.

Note that this assumes and requires a valid TLS cert and key at the default locations tls.crt and tls.key.

// Create a webhook server
hookServer := &Server{
	Port: 8443,
}

// Register the webhooks in the server.
hookServer.Register("/mutating", mutatingHook)
hookServer.Register("/validating", validatingHook)

// Start the server without a manger
err := hookServer.StartStandalone(signals.SetupSignalHandler(), scheme.Scheme)
if err != nil {
	// handle error
	panic(err)
}
Output:

func (*Server) StartedChecker added in v0.9.3

func (s *Server) StartedChecker() healthz.Checker

StartedChecker returns an healthz.Checker which is healthy after the server has been started.

type Validator added in v0.2.0

type Validator = admission.Validator

Validator defines functions for validating an operation.

Directories

Path Synopsis
Package admission provides implementation for admission webhook and methods to implement admission webhook handlers.
Package admission provides implementation for admission webhook and methods to implement admission webhook handlers.
admissiontest
Package admissiontest contains fake webhooks for validating admission webhooks
Package admissiontest contains fake webhooks for validating admission webhooks
Package authentication provides implementation for authentication webhook and methods to implement authentication webhook handlers.
Package authentication provides implementation for authentication webhook and methods to implement authentication webhook handlers.
Package conversion provides implementation for CRD conversion webhook that implements handler for version conversion requests for types that are convertible.
Package conversion provides implementation for CRD conversion webhook that implements handler for version conversion requests for types that are convertible.
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL