Version: v1.50.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 5, 2022 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 22 Imported by: 13




View Source
const (
	// WebhookName is the name of the shoot webhook.
	WebhookName = "shoot"
	// KindSystem is used for webhooks which should only apply to the to the kube-system namespace.
	KindSystem = "system"


This section is empty.


func EnsureNetworkPolicy

func EnsureNetworkPolicy(ctx context.Context, c client.Client, namespace, extensionName string, port int) error

EnsureNetworkPolicy ensures that the required network policy that allows the kube-apiserver running in the given namespace to talk to the extension webhook is installed.

func GetNetworkPolicyMeta

func GetNetworkPolicyMeta(namespace, extensionName string) *networkingv1.NetworkPolicy

GetNetworkPolicyMeta returns the network policy object with filled meta data.

func New added in v1.4.0

New creates a new webhook with the shoot as target cluster.

func ReconcileWebhookConfig added in v1.48.0

func ReconcileWebhookConfig(
	ctx context.Context,
	c client.Client,
	namespace string,
	extensionName string,
	managedResourceName string,
	serverPort int,
	shootWebhookConfig *admissionregistrationv1.MutatingWebhookConfiguration,
	cluster *controller.Cluster,
) error

ReconcileWebhookConfig deploys the shoot webhook configuration, i.e., a network policy to allow the kube-apiserver to talk to the extension, and a managed resource that contains the MutatingWebhookConfiguration.

func ReconcileWebhooksForAllNamespaces added in v1.48.0

func ReconcileWebhooksForAllNamespaces(
	ctx context.Context,
	c client.Client,
	extensionName string,
	managedResourceName string,
	shootNamespaceSelector map[string]string,
	port int,
	shootWebhookConfig *admissionregistrationv1.MutatingWebhookConfiguration,
) error

ReconcileWebhooksForAllNamespaces reconciles the shoot webhooks in all shoot namespaces of the given provider type. This is necessary in case the webhook port is changed (otherwise, the network policy would only be updated again as part of the ControlPlane reconciliation which might only happen in the next 24h).


type Args added in v1.4.0

type Args struct {
	// Types is a list of resource types.
	Types []extensionswebhook.Type
	// Mutator is a mutator to be used by the admission handler. It doesn't need the shoot client.
	Mutator extensionswebhook.Mutator
	// MutatorWithShootClient is a mutator to be used by the admission handler. It needs the shoot client.
	MutatorWithShootClient extensionswebhook.MutatorWithShootClient

Args are arguments for creating a webhook targeting a shoot.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL