Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrorTag holds the error for the context. ErrorTag tag.Key // GroupTag holds the resource group for the context. GroupTag tag.Key // VersionTag holds the resource version for the context. VersionTag tag.Key // ResourceTag holds the resource name for the context. ResourceTag tag.Key // ReasonTag holds the error reason for the context. ReasonTag tag.Key // StatusTag holds the error code for the context. StatusTag tag.Key )
Functions ¶
func RunValidation ¶
func RunValidation(vc *WebhookParameters, kubeConfig string, livenessProbeController, readinessProbeController probe.Controller)
RunValidation start running Galley validation mode
Types ¶
type Webhook ¶
type Webhook struct {
// contains filtered or unexported fields
}
Webhook implements the validating admission webhook for validating Istio configuration.
func NewWebhook ¶
func NewWebhook(p WebhookParameters) (*Webhook, error)
NewWebhook creates a new instance of the admission webhook controller.
type WebhookParameters ¶
type WebhookParameters struct {
// MixerValidator implements the backend validator functions for mixer configuration.
MixerValidator store.BackendValidator
// PilotDescriptor provides a description of all pilot configuration resources.
PilotDescriptor model.ConfigDescriptor
// DomainSuffix is the DNS domain suffix for Pilot CRD resources,
// e.g. cluster.local.
DomainSuffix string
// Port where the webhook is served. Per k8s admission
// registration requirements this should be 443 unless there is
// only a single port for the service.
Port uint
// CertFile is the path to the x509 certificate for https.
CertFile string
// KeyFile is the path to the x509 private key matching `CertFile`.
KeyFile string
// WebhookConfigFile is the path to the validatingwebhookconfiguration
// file that should be used for self-registration.
WebhookConfigFile string
// CACertFile is the path to the x509 CA bundle file.
CACertFile string
// DeploymentAndServiceNamespace is the namespace in which the validation deployment and service resides.
DeploymentAndServiceNamespace string
// Name of the k8s validatingwebhookconfiguration
WebhookName string
// DeploymentName is the name of the validation deployment. This, along with
// DeploymentAndServiceNamespace, is used to set the ownerReference in the
// validatingwebhookconfiguration. This enables k8s to clean-up the cluster-scoped
// validatingwebhookconfiguration when the deployment is deleted.
DeploymentName string
// ServiceName is the name of the k8s service of the validation webhook. This is
// used to verify endpoint readiness before registering the validatingwebhookconfiguration.
ServiceName string
Clientset clientset.Interface
// Enable galley validation mode
EnableValidation bool
// ManageWebhookConfig determines whether the ValidatingWebhookConfiguration
// should be watched and updated by the webhook itself. This can be disabled,
// in which case we simply assume the configuration to be correct. This is
// helpful if you want to remove ClusterRole permissions from galley.
// NOTE: setting this to false requires the WebhookConfiguration to be created
// and updated by something that is external to Galley, e.g. an operator
ManageWebhookConfig bool
}
WebhookParameters contains the configuration for the Istio Pilot validation admission controller.
func DefaultArgs ¶
func DefaultArgs() *WebhookParameters
DefaultArgs allocates an WebhookParameters struct initialized with Webhook's default configuration.
func (*WebhookParameters) String ¶
func (p *WebhookParameters) String() string
String produces a stringified version of the arguments for debugging.
func (*WebhookParameters) Validate ¶
func (args *WebhookParameters) Validate() error
Validate tests if the WebhookParameters has valid params.
Source Files
Click to show internal directories.
Click to hide internal directories.