Documentation
¶
Overview ¶
Package webhook contains resources for the ValidatingWebhookConfiguration. Referenced: https://github.com/kubernetes/kubernetes/blob/v1.15.0/test/images/webhook
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidContentType = errors.New("webhook: invalid content type; expected application/json") ErrMissingContentType = errors.New("webhook: missing content-type header") ErrObjectNotFound = errors.New("webhook: request did not include object") ErrUnexpectedResource = errors.New("webhook: expected pod resource") ErrInvalidAdmission = errors.New("webhook: admission request was nil") )
Errors returned when a request or resource expectation fails.
var ( ErrMissingFailure = errors.New("webhook: reached invalid state, no failure reason found") ErrBadRequest = errors.New("webhook: bad request") )
Errors returned when a bad request is received or a failure reason is not provided.
var ECRImageRegex = regexp.MustCompile(`(^[a-zA-Z0-9][a-zA-Z0-9-_]*)\.dkr\.(ecr|ecr-fips)\.([a-z][a-z0-9-_]*)\.amazonaws\.com(\.cn)?.*`)
ECRImageRegex matches ECR images that come from registries in commercial regions, regions in China, GovCloud, and registries using FIPS endpoints. For endpoints, see: https://docs.aws.amazon.com/general/latest/gr/ecr.html
Functions ¶
func BadRequestResponse ¶
func BadRequestResponse(err error) (*v1beta1.AdmissionReview, error)
BadRequestResponse is the response returned to the cluster when a bad request is sent.
func InCriticalNamespace ¶
InCriticalNamespace checks that the request was for a resource that is being deployed into a critical namespace; e.g. kube-system.
func ParseImages ¶
ParseImages returns the container images in the Pod spec that originate from an Amazon ECR repository.
Types ¶
type Request ¶
type Request struct {
Admission *v1beta1.AdmissionRequest
}
Request encapsulates the AdmissionRequest from the AdmissionReview proxied to the Lambda function.
func NewRequestFromEvent ¶
func NewRequestFromEvent(event events.APIGatewayProxyRequest) (*Request, error)
NewRequestFromEvent creates a Request from the APIGatewayProxyRequest.
type Response ¶
type Response struct {
Admission *v1beta1.AdmissionResponse
}
Response encapsulates the AdmissionResponse sent to API Gateway.
func NewResponseFromRequest ¶
NewResponseFromRequest creates a Response from a Request.
func (*Response) FailValidation ¶
FailValidation populates the AdmissionResponse with the failure contents (message and error) and returns the AdmissionReview JSON body response for API Gateway.
func (*Response) PassValidation ¶
func (r *Response) PassValidation() *v1beta1.AdmissionReview
PassValidation populates the AdmissionResponse with the pass contents (message) and returns the AdmissionReview JSON response for API Gateway.
Source Files