webhook

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 17, 2018 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateCerts

func CreateCerts(ctx context.Context) (serverKey, serverCert, caCert []byte, err error)

CreateCerts creates and returns a CA certificate and certificate and key for the server. serverKey and serverCert are used by the server to establish trust for clients, CA certificate is used by the client to verify the server authentication chain.

Types

type AdmissionController

type AdmissionController struct {
	// contains filtered or unexported fields
}

AdmissionController implements the external admission webhook for validation of pilot configuration.

func NewAdmissionController

func NewAdmissionController(client kubernetes.Interface, options ControllerOptions, logger *zap.SugaredLogger) (*AdmissionController, error)

NewAdmissionController creates a new instance of the admission webhook controller.

func (*AdmissionController) Run

func (ac *AdmissionController) Run(stop <-chan struct{}) error

Run implements the admission controller run loop.

func (*AdmissionController) ServeHTTP

func (ac *AdmissionController) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP implements the external admission webhook for mutating serving resources.

type ControllerOptions

type ControllerOptions struct {
	// WebhookName is the name of the webhook we create to handle
	// mutations before they get stored in the storage.
	WebhookName string

	// ServiceName is the service name of the webhook.
	ServiceName string

	// ServiceNamespace is the namespace of the webhook service.
	ServiceNamespace string

	// SecretName is the name of k8s secret that contains the webhook
	// server key/cert and corresponding CA cert that signed them. The
	// server key/cert are used to serve the webhook and the CA cert
	// is provided to k8s apiserver during admission controller
	// registration.
	SecretName string

	// Port where the webhook is served. Per k8s admission
	// registration requirements this should be 443 unless there is
	// only a single port for the service.
	Port int

	// RegistrationDelay controls how long admission registration
	// occurs after the webhook is started. This is used to avoid
	// potential races where registration completes and k8s apiserver
	// invokes the webhook before the HTTP server is started.
	RegistrationDelay time.Duration
}

ControllerOptions contains the configuration for the webhook

type GenericCRD

type GenericCRD interface {
	v1alpha1.Defaultable
	v1alpha1.Validatable

	// GetObjectMeta return the object metadata
	GetObjectMeta() metav1.Object
	// GetGeneration returns the current Generation of the object
	GetGeneration() int64
	// SetGeneration sets the Generation of the object
	SetGeneration(int64)
	// GetSpecJSON returns the Spec part of the resource marshalled into JSON
	GetSpecJSON() ([]byte, error)
}

GenericCRD is the interface definition that allows us to perform the generic CRD actions like deciding whether to increment generation and so forth.

type GenericCRDHandler

type GenericCRDHandler struct {
	Factory   runtime.Object
	Defaulter ResourceDefaulter
	Validator ResourceCallback
}

GenericCRDHandler defines the factory object to use for unmarshaling incoming objects

type ResourceCallback

type ResourceCallback func(patches *[]jsonpatch.JsonPatchOperation, old GenericCRD, new GenericCRD) error

ResourceCallback defines a signature for resource specific (Route, Configuration, etc.) handlers that can validate and mutate an object. If non-nil error is returned, object creation is denied. Mutations should be appended to the patches operations.

func Validate

func Validate(ctx context.Context) ResourceCallback

Validate checks whether "new" and "old" implement HasImmutableFields and checks them, it then delegates validation to v1alpha1.Validatable on "new".

type ResourceDefaulter

type ResourceDefaulter func(patches *[]jsonpatch.JsonPatchOperation, crd GenericCRD) error

ResourceDefaulter defines a signature for resource specific (Route, Configuration, etc.) handlers that can set defaults on an object. If non-nil error is returned, object creation is denied. Mutations should be appended to the patches operations.

func SetDefaults

func SetDefaults(ctx context.Context) ResourceDefaulter

SetDefaults simply leverages v1alpha1.Defaultable to set defaults.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL