README

k8s webhook手脚架

  1. 自动签发证书

    • 进入 example/cert/testdata 执行 kubectl apply -f webhook_init.yaml 进行初始化webhook
    • 进入 example/cert 调整参数执行cert.go
    • 进入 example/cert/testdata 执行 kubectl get -f webhook_init.yaml -o yaml 验证是否替换证书和service成功
    • example/cert/rbac.yaml是需要的rbac,用管理员权限可忽略
  2. 普通webhook (借鉴kubebuilder实现)

    • main.go加入方法

       hookServer := mgr.GetWebhookServer()
       webhook.SetupWebhook(hookServer, mgr)
      

Documentation

Overview

    Copyright © 2021 cuisongliu@qq.com

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Copyright © 2021 cuisongliu@qq.com

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Copyright © 2021 cuisongliu@qq.com

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Copyright © 2021 cuisongliu@qq.com

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Copyright 2018 The Kubernetes Authors.

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Copyright © 2021 cuisongliu@qq.com

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Copyright © 2021 cuisongliu@qq.com

    Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0
    

    Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func DefaultingWebhookFor

    func DefaultingWebhookFor(defaulter Defaulter) *admission.Webhook

      DefaultingWebhookFor creates a new Webhook for Defaulting the provided type.

      func GenerateCSR

      func GenerateCSR(cfg CertConfig, key crypto.Signer) (*x509.CertificateRequest, []byte, error)

        GenerateCSR will generate a new *x509.CertificateRequest template to be used by issuers that utilise CSRs to obtain Certificates. The CSR will not be signed, and should be passed to either EncodeCSR or to the x509.CreateCertificateRequest function.

        func JsonConvert

        func JsonConvert(from interface{}, to interface{}) error

        func NewPrivateKey

        func NewPrivateKey(keyType x509.PublicKeyAlgorithm) (crypto.Signer, error)

          NewPrivateKey creates an RSA private key

          func NewSigned

          func NewSigned(cfg CertConfig) (csr, keyPEM []byte, err error)

          func ValidatingWebhookFor

          func ValidatingWebhookFor(validator Validator) *admission.Webhook

            ValidatingWebhookFor creates a new Webhook for validating the provided type.

            Types

            type CertConfig

            type CertConfig struct {
            	CommonName   string
            	Organization []string
            	// AltNames contains the domain names and IP addresses that will be added
            	// to the API Server's x509 certificate SubAltNames field. The values will
            	// be passed directly to the x509.Certificate object.
            	AltNames struct {
            		DNSNames []string
            		IPs      []net.IP
            	}
            }

            type CertWebHook

            type CertWebHook struct {
            	//证书相关
            	Subject []string
            	CertDir string
            	//kubernetes相关资源
            	Namespace   string
            	ServiceName string
            	SecretName  string
            	CsrName     string
            	WebHook     []WebHook
            	// contains filtered or unexported fields
            }

            func (*CertWebHook) Generator

            func (c *CertWebHook) Generator() error

            func (*CertWebHook) Init

            func (c *CertWebHook) Init() error

            type Defaulter

            type Defaulter interface {
            	Default()
            	RuntimeObject
            }

              Defaulter defines functions for setting defaults on resources

              type RuntimeObject

              type RuntimeObject interface {
              	OutRuntimeObject() runtime.Object
              	IntoRuntimeObject(runtime.Object)
              	GetClient() client.Client
              }

                Defaulter defines functions for setting defaults on resources

                type Validator

                type Validator interface {
                	RuntimeObject
                	ValidateCreate() error
                	ValidateUpdate(old runtime.Object) error
                	ValidateDelete() error
                }

                  Validator defines functions for validating an operation

                  type WebHook

                  type WebHook struct {
                  	ValidatingName  string
                  	MutatingName    string
                  	ObjectSelect    map[string]*v1.LabelSelector
                  	NamespaceSelect map[string]*v1.LabelSelector
                  }

                  type WebhookObject

                  type WebhookObject struct {
                  	WK             *webhook.Server
                  	Webhook        RuntimeObject
                  	Obj            runtime.Object
                  	ValidatingPath string
                  	DefaultingPath string
                  	Client         client.Client
                  }

                  func (*WebhookObject) Init

                  func (wko *WebhookObject) Init()

                  Directories

                  Path Synopsis
                  example