webhooks

package

v1.0.0 Latest Latest Go to latest Published: Dec 5, 2019 License: Apache-2.0 Imports: 36 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/shravanshetty1/kyverno

Documentation ¶

Index ¶

Constants
type ArrayFlags
- func (i *ArrayFlags) Set(value string) error
- func (i *ArrayFlags) String() string
type WebhookServer
- func NewWebhookServer(kyvernoClient *kyvernoclient.Clientset, client *client.Client, ...) (*WebhookServer, error)

Constants ¶

View Source

const (
	Enforce = "enforce" // blocks the request on failure
	Audit   = "audit"   // dont block the request on failure, but report failiures as policy violations
)

Policy Reporting Modes

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ArrayFlags ¶ added in v0.4.0

type ArrayFlags []string

ArrayFlags to store filterkinds

func (*ArrayFlags) Set ¶ added in v0.4.0

func (i *ArrayFlags) Set(value string) error

Set setter for array flags

func (*ArrayFlags) String ¶ added in v0.4.0

func (i *ArrayFlags) String() string

type WebhookServer ¶

type WebhookServer struct {
	// contains filtered or unexported fields
}

WebhookServer contains configured TLS server with MutationWebhook. MutationWebhook gets policies from policyController and takes control of the cluster with kubeclient.

func NewWebhookServer ¶

func NewWebhookServer(
	kyvernoClient *kyvernoclient.Clientset,
	client *client.Client,
	tlsPair *tlsutils.TlsPemPair,
	pInformer kyvernoinformer.ClusterPolicyInformer,
	pvInformer kyvernoinformer.ClusterPolicyViolationInformer,
	namespacepvInformer kyvernoinformer.NamespacedPolicyViolationInformer,
	rbInformer rbacinformer.RoleBindingInformer,
	crbInformer rbacinformer.ClusterRoleBindingInformer,
	eventGen event.Interface,
	webhookRegistrationClient *webhookconfig.WebhookRegistrationClient,
	policyStatus policy.PolicyStatusInterface,
	configHandler config.Interface,
	pMetaStore policystore.LookupInterface,
	pvGenerator policyviolation.GeneratorInterface,
	cleanUp chan<- struct{}) (*WebhookServer, error)

NewWebhookServer creates new instance of WebhookServer accordingly to given configuration Policy Controller and Kubernetes Client should be initialized in configuration

func (*WebhookServer) HandleMutation ¶

func (ws *WebhookServer) HandleMutation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, roles, clusterRoles []string) (bool, []byte, string)

HandleMutation handles mutating webhook admission request

func (*WebhookServer) HandleValidation ¶

func (ws *WebhookServer) HandleValidation(request *v1beta1.AdmissionRequest, policies []kyverno.ClusterPolicy, patchedResource []byte, roles, clusterRoles []string) (bool, string)

handleValidation handles validating webhook admission request If there are no errors in validating rule we apply generation rules patchedResource is the (resource + patches) after applying mutation rules

func (*WebhookServer) RunAsync ¶

func (ws *WebhookServer) RunAsync(stopCh <-chan struct{})

RunAsync TLS server in separate thread and returns control immediately

func (*WebhookServer) Stop ¶

func (ws *WebhookServer) Stop()

Stop TLS server and returns control after the server is shut down

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL