Documentation
¶
Overview ¶
Package webhook contains shared infrastructure for setting up webhook configs and certificates
Index ¶
- Constants
- type Config
- func (f *Config) CreateMutationWebhookServerConfig(ctx context.Context, name string, webhooks []*OperatorWebhook) error
- func (f *Config) CreateValidationWebhookServerConfig(ctx context.Context, webhooks []*OperatorWebhook) error
- func (f *Config) SetupCertificate(ctx context.Context, prefix string) error
- type OperatorWebhook
Constants ¶
View Source
const ConfigDir = "/tmp"
ConfigDir contains the dir with the webhook SSL certs
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
ConfigName string
// CertDir is not deleted automatically, so we can re-use the same SSL between operator restarts in production
CertDir string
Certificate []byte
Key []byte
CaCertificate []byte
CaKey []byte
// contains filtered or unexported fields
}
Config generates certificates and the configuration for the webhook server
func NewConfig ¶
func NewConfig(c client.Client, config *config.Config, generator credsgen.Generator, configName string) *Config
NewConfig returns a new Config
func (*Config) CreateMutationWebhookServerConfig ¶
func (f *Config) CreateMutationWebhookServerConfig(ctx context.Context, name string, webhooks []*OperatorWebhook) error
CreateMutationWebhookServerConfig creates a new config for an array of mutating webhoooks
func (*Config) CreateValidationWebhookServerConfig ¶
func (f *Config) CreateValidationWebhookServerConfig(ctx context.Context, webhooks []*OperatorWebhook) error
CreateValidationWebhookServerConfig creates a new config for an array of validation webhoooks
func (*Config) SetupCertificate ¶
SetupCertificate ensures that a CA and a certificate is available for the webhook server. It caches the certificate data in a secret and writes it as files to `CertDir`, for `webhook.Server` to use.
type OperatorWebhook ¶
type OperatorWebhook struct {
// Name is the name of the webhook
Name string
// Path is the path this webhook will serve.
Path string
// Rules maps to the Rules field in admissionregistration.Webhook
Rules []admissionregistration.RuleWithOperations
// FailurePolicy maps to the FailurePolicy field in admissionregistration.Webhook
// This optional. If not set, will be defaulted to Ignore (fail-open) by the server.
// More details: https://github.com/kubernetes/api/blob/f5c295feaba2cbc946f0bbb8b535fc5f6a0345ee/admissionregistration/v1/types.go#L144-L147
FailurePolicy admissionregistration.FailurePolicyType
// NamespaceSelector maps to the NamespaceSelector field in admissionregistration.Webhook
// This optional.
NamespaceSelector *metav1.LabelSelector
// Handlers contains a list of handlers. Each handler may only contains the business logic for its own feature.
// For example, feature foo and bar can be in the same webhook if all the other configurations are the same.
// The handler will be invoked sequentially as the order in the list.
// Note: if you are using mutating webhook with multiple handlers, it's your responsibility to
// ensure the handlers are not generating conflicting JSON patches.
Handler admission.Handler
// Webhook contains the Admission webhook information that we register with the controller runtime.
Webhook *webhook.Admission
}
OperatorWebhook represents an operator webhook
Source Files
Click to show internal directories.
Click to hide internal directories.