Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AdmissionFunc ¶
type AdmissionFunc func(logger hclog.Logger, request *v1beta1.AdmissionRequest) ([]PatchOperation, error)
AdmissionFunc is a callback for admission controller logic. Given an AdmissionRequest, it returns the sequence of patch operations to be applied before the object is admitted to Kubernetes, or the error that should be shown when the operation is rejected.
type Controller ¶
type Controller struct { Logger hclog.Logger Scheme *runtime.Scheme Deserializer runtime.Decoder NamespaceAllowedFunc NamespaceAllowedFunc AdmissionFunc AdmissionFunc }
Controller is a scaffold for a validating or mutating webhook. It is relatively lightweight but manages handling deserializing of admission requests and request/response validation.
func NewController ¶
func NewController(config *ControllerConfig) *Controller
func (*Controller) HTTPHandlerFunc ¶
func (c *Controller) HTTPHandlerFunc() http.Handler
type ControllerConfig ¶
type ControllerConfig struct { // See NamespaceAllowedFunc for documentation on the behaviour. If this function // is nil, we will exclude kube-system and kube-public. NamespaceAllowedFunc NamespaceAllowedFunc Logger hclog.Logger Scheme *runtime.Scheme Deserializer runtime.Decoder AdmissionFunc AdmissionFunc }
type NamespaceAllowedFunc ¶
NamespaceAllowedFunc is called at the start of every admission request. If the function returns true then the request will be allowed. This allows you to easily ignore your own namespace, or kube system namespaces.
type PatchOperation ¶
type PatchOperation struct { Op string `json:"op"` Path string `json:"path"` Value interface{} `json:"value,omitempty"` }
PatchOperation is a JSON patch operation, see https://tools.ietf.org/html/rfc6902