This section is empty.


View Source
var (
	// ErrorTag holds the error for the context.
	ErrorTag tag.Key

	// GroupTag holds the resource group for the context.
	GroupTag tag.Key

	// VersionTag holds the resource version for the context.
	VersionTag tag.Key

	// ResourceTag holds the resource name for the context.
	ResourceTag tag.Key

	// ReasonTag holds the error reason for the context.
	ReasonTag tag.Key

	// StatusTag holds the error code for the context.
	StatusTag tag.Key


func RunValidation

func RunValidation(vc *WebhookParameters, kubeConfig string,
	livenessProbeController, readinessProbeController probe.Controller)

RunValidation start running Galley validation mode


type Webhook

type Webhook struct {

	// contains filtered or unexported fields


Webhook implements the validating admission webhook for validating Istio configuration.

func NewWebhook

func NewWebhook(p WebhookParameters) (*Webhook, error)

NewWebhook creates a new instance of the admission webhook controller.

func (*Webhook) Run

func (wh *Webhook) Run(stopCh <-chan struct{})

Run implements the webhook server

type WebhookParameters

type WebhookParameters struct {
	// MixerValidator implements the backend validator functions for mixer configuration.
	MixerValidator store.BackendValidator

	// PilotDescriptor provides a description of all pilot configuration resources.
	PilotDescriptor model.ConfigDescriptor

	// DomainSuffix is the DNS domain suffix for Pilot CRD resources,
	// e.g. cluster.local.
	DomainSuffix string

	// Port where the webhook is served. Per k8s admission
	// registration requirements this should be 443 unless there is
	// only a single port for the service.
	Port uint

	// CertFile is the path to the x509 certificate for https.
	CertFile string

	// KeyFile is the path to the x509 private key matching `CertFile`.
	KeyFile string

	// WebhookConfigFile is the path to the validatingwebhookconfiguration
	// file that should be used for self-registration.
	WebhookConfigFile string

	// CACertFile is the path to the x509 CA bundle file.
	CACertFile string

	// DeploymentAndServiceNamespace is the namespace in which the validation deployment and service resides.
	DeploymentAndServiceNamespace string

	// Name of the k8s validatingwebhookconfiguration
	WebhookName string

	// DeploymentName is the name of the validation deployment. This, along with
	// DeploymentAndServiceNamespace, is used to set the ownerReference in the
	// validatingwebhookconfiguration. This enables k8s to clean-up the cluster-scoped
	// validatingwebhookconfiguration when the deployment is deleted.
	DeploymentName string

	// ServiceName is the name of the k8s service of the validation webhook. This is
	// used to verify endpoint readiness before registering the validatingwebhookconfiguration.
	ServiceName string

	Clientset clientset.Interface

	// Enable galley validation mode
	EnableValidation bool

	// ManageWebhookConfig determines whether the ValidatingWebhookConfiguration
	// should be watched and updated by the webhook itself. This can be disabled,
	// in which case we simply assume the configuration to be correct. This is
	// helpful if you want to remove ClusterRole permissions from galley.
	// NOTE: setting this to false requires the WebhookConfiguration to be created
	// and updated by something that is external to Galley, e.g. an operator
	ManageWebhookConfig bool

WebhookParameters contains the configuration for the Istio Pilot validation admission controller.

func DefaultArgs

func DefaultArgs() *WebhookParameters

DefaultArgs allocates an WebhookParameters struct initialized with Webhook's default configuration.

func (*WebhookParameters) String

func (p *WebhookParameters) String() string

String produces a stringified version of the arguments for debugging.

func (*WebhookParameters) Validate

func (args *WebhookParameters) Validate() error

Validate tests if the WebhookParameters has valid params.