webhooks

package
v1.19.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const MutatingType = "Mutating"

MutatingType indicates that a MutatingWebhookConfiguration must be reconciled

View Source 
const ValidatingType = "Validating"

ValidatingType indicates that a ValidatingWebhookConfiguration must be reconciled

Variables

This section is empty.

Functions

This section is empty.

Types

type AdmissionWebhookRegister 

type AdmissionWebhookRegister struct {
	Type WebhookType
	Hook *admission.Webhook
	Path string
}

AdmissionWebhookRegister registers a given webhook into a specific path. This allows a more low level alternative to the WebhookBuilder, as it can directly get access the the AdmissionReview object sent to the webhook.

func (AdmissionWebhookRegister) GetReconciler 

func (awr AdmissionWebhookRegister) GetReconciler(_ *runtime.Scheme) (WebhookReconciler, error)

GetReconciler creates a reconciler for awr's given Path and Type

func (AdmissionWebhookRegister) RegisterToBuilder 

func (awr AdmissionWebhookRegister) RegisterToBuilder(bldr *builder.WebhookBuilder) *builder.WebhookBuilder

RegisterToBuilder does not mutate the WebhookBuilder

func (AdmissionWebhookRegister) RegisterToServer 

func (awr AdmissionWebhookRegister) RegisterToServer(scheme *runtime.Scheme, srv *webhook.Server)

RegisterToServer regsiters the webhook to the path of `awr`

type CSWebhook 

type CSWebhook struct {
	// Name of the webhookConfiguration.
	Name string

	// Name of the webhook.
	WebhookName string

	// Rule for the webhook to be triggered
	Rule RuleWithOperations

	// Register for the webhook into the server
	Register WebhookRegister

	// NsSelector for add namespaceselector to the admission webhook
	NsSelector v1.LabelSelector
}

CSWebhook acts as a single source of truth for validating webhooks managed by the operator. It's data are used both for registering the endpoint to the webhook server and to reconcile the ValidatingWebhookConfiguration that points to the server.

type CSWebhookConfig 

type CSWebhookConfig struct {
	Port        int
	CertDir     string
	CAConfigMap string

	Webhooks []CSWebhook
	// contains filtered or unexported fields
}

CSWebhookConfig contains the data and logic to setup the webhooks server of a given Manager implementation, and to reconcile webhook configuration CRs pointing to the server. 

var Config *CSWebhookConfig = &CSWebhookConfig{

	Port: operatorPodPort,

	CertDir: mountedCertDir,

	CAConfigMap: caConfigMap,

	Webhooks: []CSWebhook{},
}

Config is a global instance. The same instance is needed in order to use the same configuration for the webhooks server that's run at startup and the reconciliation of the ValidatingWebhookConfiguration CRs

func (*CSWebhookConfig) AddWebhook 

func (webhookConfig *CSWebhookConfig) AddWebhook(webhook CSWebhook)

AddWebhook adds a webhook configuration to a webhookSettings. This must be done before starting the server as it registers the endpoints for the validation

func (*CSWebhookConfig) Reconcile 

func (webhookConfig *CSWebhookConfig) Reconcile(ctx context.Context, client k8sclient.Client, owner ownerutil.Owner) error

Reconcile reconciles a `ValidationWebhookConfiguration` object for each webhook in `webhookConfig.Webhooks`, using the rules and the path as it's generated by controller-runtime webhook builder. It reconciles a Service that exposes the webhook server A ownerRef to the owner parameter is set on the reconciled resources. This parameter is optional, if `nil` is passed, no ownerReference will be set

func (*CSWebhookConfig) ReconcileService 

func (webhookConfig *CSWebhookConfig) ReconcileService(ctx context.Context, client k8sclient.Client, owner ownerutil.Owner, namespace string) error

ReconcileService creates or updates the service that points to the Pod

func (*CSWebhookConfig) SetupServer 

func (webhookConfig *CSWebhookConfig) SetupServer(mgr manager.Manager, namespace string) error

SetupServer sets up the webhook server managed by mgr with the settings from webhookConfig. It sets the port and cert dir based on the settings and registers the Validator implementations from each webhook from webhookConfig.Webhooks

type CompositeWebhookReconciler 

type CompositeWebhookReconciler struct {
	Reconcilers []WebhookReconciler
}

func (*CompositeWebhookReconciler) Reconcile 

func (reconciler *CompositeWebhookReconciler) Reconcile(ctx context.Context, client k8sclient.Client, caBundle []byte) error

func (*CompositeWebhookReconciler) SetName 

func (reconciler *CompositeWebhookReconciler) SetName(name string)

func (*CompositeWebhookReconciler) SetNsSelector added in v1.5.0 

func (reconciler *CompositeWebhookReconciler) SetNsSelector(selector v1.LabelSelector)

func (*CompositeWebhookReconciler) SetRule 

func (reconciler *CompositeWebhookReconciler) SetRule(rule RuleWithOperations)

func (*CompositeWebhookReconciler) SetWebhookName 

func (reconciler *CompositeWebhookReconciler) SetWebhookName(webhookName string)

type MutatingWebhookReconciler 

type MutatingWebhookReconciler struct {
	Path string

	NameSpaceSelector v1.LabelSelector
	// contains filtered or unexported fields
}

func (*MutatingWebhookReconciler) Reconcile 

func (reconciler *MutatingWebhookReconciler) Reconcile(ctx context.Context, client k8sclient.Client, caBundle []byte) error

Reconcile MutatingWebhookConfiguration

func (*MutatingWebhookReconciler) SetName 

func (reconciler *MutatingWebhookReconciler) SetName(name string)

func (*MutatingWebhookReconciler) SetNsSelector added in v1.5.0 

func (reconciler *MutatingWebhookReconciler) SetNsSelector(selector v1.LabelSelector)

func (*MutatingWebhookReconciler) SetRule 

func (reconciler *MutatingWebhookReconciler) SetRule(rule RuleWithOperations)

func (*MutatingWebhookReconciler) SetWebhookName 

func (reconciler *MutatingWebhookReconciler) SetWebhookName(webhookName string)

type ObjectWebhookRegister 

type ObjectWebhookRegister struct {
	Object runtime.Object
}

ObjectWebhookRegister registers objects that implement either the `Validator` interface or the `Defaulting` interface into the WebhookBuilder

func WebhookRegisterFor 

func WebhookRegisterFor(object runtime.Object) (*ObjectWebhookRegister, error)

WebhookRegisterFor creates a WebhookRegister for a given object, validating beforehand that the object implements either the `Defaulter` of `Validator` interfaces

func (ObjectWebhookRegister) GetReconciler 

func (vwr ObjectWebhookRegister) GetReconciler(scheme *runtime.Scheme) (WebhookReconciler, error)

GetReconciler creates a reconciler according to the implementation of vwr.Object. The object can implement the `Validator` or `Defaulter` interfaces, and if both interfaces are implemented, two webhook configurations must be reconciled, as two endpoints will be registered in the webhook server

func (ObjectWebhookRegister) RegisterToBuilder 

func (vwr ObjectWebhookRegister) RegisterToBuilder(bldr *builder.WebhookBuilder) *builder.WebhookBuilder

RegisterToBuilder adds the object into the builder, which registers the webhook for the object into the webhook server

func (ObjectWebhookRegister) RegisterToServer 

func (vwr ObjectWebhookRegister) RegisterToServer(_ *runtime.Scheme, _ *webhook.Server)

RegisterToServer does nothing, as the register is done by the builder

type Rule 

type Rule struct {
	APIGroups   []string
	APIVersions []string
	Resources   []string
	Scope       admissionregistrationv1.ScopeType
}

type RuleWithOperations 

type RuleWithOperations struct {
	Operations []admissionregistrationv1.OperationType
	Rule
}

func NewRule 

func NewRule() RuleWithOperations

func (RuleWithOperations) ForAll 

func (rule RuleWithOperations) ForAll() RuleWithOperations

func (RuleWithOperations) ForCreate 

func (rule RuleWithOperations) ForCreate() RuleWithOperations

func (RuleWithOperations) ForDelete 

func (rule RuleWithOperations) ForDelete() RuleWithOperations

func (RuleWithOperations) ForUpdate 

func (rule RuleWithOperations) ForUpdate() RuleWithOperations

func (RuleWithOperations) NamespacedScope 

func (rule RuleWithOperations) NamespacedScope() RuleWithOperations

func (RuleWithOperations) OneResource 

func (rule RuleWithOperations) OneResource(apiGroup, apiVersion, resource string) RuleWithOperations

type ValidatingWebhookReconciler 

type ValidatingWebhookReconciler struct {
	Path string

	NameSpaceSelector v1.LabelSelector
	// contains filtered or unexported fields
}

func (*ValidatingWebhookReconciler) Reconcile 

func (reconciler *ValidatingWebhookReconciler) Reconcile(ctx context.Context, client k8sclient.Client, caBundle []byte) error

Reconcile ValidatingWebhookConfiguration

func (*ValidatingWebhookReconciler) SetName 

func (reconciler *ValidatingWebhookReconciler) SetName(name string)

func (*ValidatingWebhookReconciler) SetNsSelector added in v1.5.0 

func (reconciler *ValidatingWebhookReconciler) SetNsSelector(selector v1.LabelSelector)

func (*ValidatingWebhookReconciler) SetRule 

func (reconciler *ValidatingWebhookReconciler) SetRule(rule RuleWithOperations)

func (*ValidatingWebhookReconciler) SetWebhookName 

func (reconciler *ValidatingWebhookReconciler) SetWebhookName(webhookName string)

type WebhookReconciler 

type WebhookReconciler interface {
	SetName(name string)
	SetWebhookName(webhookName string)
	SetRule(rule RuleWithOperations)
	SetNsSelector(selector v1.LabelSelector)
	Reconcile(ctx context.Context, client k8sclient.Client, caBundle []byte) error
}

WebhookReconciler knows how to reconcile webhook configuration CRs

type WebhookRegister 

type WebhookRegister interface {
	RegisterToBuilder(blrd *builder.WebhookBuilder) *builder.WebhookBuilder
	RegisterToServer(scheme *runtime.Scheme, srv *webhook.Server)

	GetReconciler(scheme *runtime.Scheme) (WebhookReconciler, error)
}

WebhookRegister knows how the register a webhook into the server. Either by regstering to the WebhookBuilder or directly to the webhook server.

type WebhookType 

type WebhookType string

WebhookType represents the type of webhook configuration to reconcile. Can be ValidatingType or MutatingType

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.