Skip to content

Commit

Permalink
Update webhook example
Browse files Browse the repository at this point in the history
  • Loading branch information
@iawia002
iawia002 committed Aug 30, 2023
1 parent 776a8ec commit ec2e904
Show file tree
Hide file tree
Showing 39 changed files with 126 additions and 70 deletions.
0 kubernetes/apis/example/Makefile → kubernetes/Makefile
View file
File renamed without changes.
0 ...tes/apis/example/apis/foo/v1alpha1/doc.go → kubernetes/apis/foo/v1alpha1/doc.go
View file
File renamed without changes.
5 changes: 0 additions & 5 deletions ...s/apis/example/apis/foo/v1alpha1/types.go → kubernetes/apis/foo/v1alpha1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,6 @@ type Foo struct {
Status FooStatus `json:"status,omitempty"`
}

// +kubebuilder:webhook:path=/mutate-foo-example-io-v1alpha1-foo,mutating=true,failurePolicy=fail,sideEffects=None,groups=foo.example.io,resources=foos,verbs=create;update,versions=v1alpha1,name=foo.example.io,admissionReviewVersions=v1
// +kubebuilder:webhook:path=/validate-foo-example-io-v1alpha1-foo,mutating=false,failurePolicy=fail,sideEffects=None,groups=foo.example.io,resources=foos,verbs=create;update,versions=v1alpha1,name=foo.example.io,admissionReviewVersions=v1

// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=fail,sideEffects=None,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io,admissionReviewVersions=v1

// +kubebuilder:validation:Enum=A;B

// FooType ...
Expand Down
3 changes: 3 additions & 0 deletions ...apis/example/apis/foo/v1alpha1/webhook.go → kubernetes/apis/foo/v1alpha1/webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ import (
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// +kubebuilder:webhook:path=/mutate-foo-example-io-v1alpha1-foo,mutating=true,failurePolicy=fail,sideEffects=None,groups=foo.example.io,resources=foos,verbs=create;update,versions=v1alpha1,name=foo.example.io,admissionReviewVersions=v1
// +kubebuilder:webhook:path=/validate-foo-example-io-v1alpha1-foo,mutating=false,failurePolicy=fail,sideEffects=None,groups=foo.example.io,resources=foos,verbs=create;update,versions=v1alpha1,name=foo.example.io,admissionReviewVersions=v1

// SetupWebhookWithManager ...
func (r *Foo) SetupWebhookWithManager(mgr ctrl.Manager) error {
return ctrl.NewWebhookManagedBy(mgr).
Expand Down
0 ...pis/foo/v1alpha1/zz_generated.deepcopy.go → ...pis/foo/v1alpha1/zz_generated.deepcopy.go
View file
File renamed without changes.
0 ...pis/foo/v1alpha1/zz_generated.register.go → ...pis/foo/v1alpha1/zz_generated.register.go
View file
File renamed without changes.
6 changes: 4 additions & 2 deletions kubernetes/controller/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ import (
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
"sigs.k8s.io/controller-runtime/pkg/webhook"

foov1alpha1 "github.com/iawia002/pandora/kubernetes/apis/example/apis/foo/v1alpha1"
foov1alpha1 "github.com/iawia002/pandora/kubernetes/apis/foo/v1alpha1"
controllerruntime "github.com/iawia002/pandora/kubernetes/controller/controller-runtime"
samplecontroller "github.com/iawia002/pandora/kubernetes/controller/sample-controller"
controllerwebhook "github.com/iawia002/pandora/kubernetes/controller/webhook"
Expand Down Expand Up @@ -110,7 +110,9 @@ func run(config *rest.Config) error {
if err = (&foov1alpha1.Foo{}).SetupWebhookWithManager(mgr); err != nil {
return err
}
mgr.GetWebhookServer().Register("/mutate-v1-pod", &webhook.Admission{Handler: &controllerwebhook.PodAnnotator{Client: mgr.GetClient()}})
if err = controllerwebhook.SetupWebhookWithManager(mgr); err != nil {
return err
}

ctx := signals.SetupSignalHandler()
informer.Start(ctx.Done())
Expand Down
78 changes: 57 additions & 21 deletions kubernetes/controller/webhook/pod.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,38 +2,74 @@ package webhook

import (
"context"
"encoding/json"
"net/http"
"fmt"

corev1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
"k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)

// PodAnnotator ...
type PodAnnotator struct {
Client client.Client
decoder *admission.Decoder
func SetupWebhookWithManager(mgr ctrl.Manager) error {

Check failure on line 14 in kubernetes/controller/webhook/pod.go

View workflow job for this annotation

GitHub Actions / Go 1.21 in ubuntu-latest 

exported: exported function SetupWebhookWithManager should have comment or be unexported (revive)
return builder.WebhookManagedBy(mgr).
For(&corev1.Pod{}).
WithDefaulter(&podAnnotator{}).
WithValidator(&podValidator{}).
Complete()
}

// Handle ...
func (a *PodAnnotator) Handle(_ context.Context, req admission.Request) admission.Response {
pod := &corev1.Pod{}
if err := a.decoder.Decode(req, pod); err != nil {
return admission.Errored(http.StatusBadRequest, err)
// +kubebuilder:webhook:path=/mutate--v1-pod,mutating=true,failurePolicy=fail,sideEffects=None,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io,admissionReviewVersions=v1

// podAnnotator annotates Pods
type podAnnotator struct{}

// Default ...
func (a *podAnnotator) Default(_ context.Context, obj runtime.Object) error {
pod, ok := obj.(*corev1.Pod)
if !ok {
return fmt.Errorf("expected a Pod but got a %T", obj)
}

if pod.Annotations == nil {
pod.Annotations = map[string]string{}
}
pod.Annotations["example-mutating-admission-webhook"] = "foo"
return nil
}

// +kubebuilder:webhook:path=/validate--v1-pod,mutating=false,failurePolicy=fail,sideEffects=None,groups="",resources=pods,verbs=create;update,versions=v1,name=vpod.kb.io,admissionReviewVersions=v1

// podValidator validates Pods
type podValidator struct{}

// mutate the fields in pod
// validate admits a pod if a specific annotation exists.
func (v *podValidator) validate(_ context.Context, obj runtime.Object) (admission.Warnings, error) {
pod, ok := obj.(*corev1.Pod)
if !ok {
return nil, fmt.Errorf("expected a Pod but got a %T", obj)
}

marshaledPod, err := json.Marshal(pod)
if err != nil {
return admission.Errored(http.StatusInternalServerError, err)
key := "example-mutating-admission-webhook"
anno, found := pod.Annotations[key]
if !found {
return nil, fmt.Errorf("missing annotation %s", key)
}
if anno != "foo" {
return nil, fmt.Errorf("annotation %s did not have value %q", key, "foo")
}
return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPod)

return nil, nil
}

// InjectDecoder ...
func (a *PodAnnotator) InjectDecoder(d *admission.Decoder) error {
a.decoder = d
return nil
func (v *podValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
return v.validate(ctx, obj)
}

func (v *podValidator) ValidateUpdate(ctx context.Context, _, newObj runtime.Object) (admission.Warnings, error) {
return v.validate(ctx, newObj)
}

func (v *podValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
return v.validate(ctx, obj)
}
0 ...pis/example/crds/foo.example.io_foos.yaml → kubernetes/crds/foo.example.io_foos.yaml
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion .../example/generated/clientset/clientset.go → kubernetes/generated/clientset/clientset.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions ...ted/clientset/fake/clientset_generated.go → ...ted/clientset/fake/clientset_generated.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 ...s/example/generated/clientset/fake/doc.go → kubernetes/generated/clientset/fake/doc.go
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...mple/generated/clientset/fake/register.go → ...etes/generated/clientset/fake/register.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 ...example/generated/clientset/scheme/doc.go → kubernetes/generated/clientset/scheme/doc.go
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...le/generated/clientset/scheme/register.go → ...es/generated/clientset/scheme/register.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 ...rated/clientset/typed/foo/v1alpha1/doc.go → ...rated/clientset/typed/foo/v1alpha1/doc.go
View file
File renamed without changes.
0 .../clientset/typed/foo/v1alpha1/fake/doc.go → .../clientset/typed/foo/v1alpha1/fake/doc.go
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...ntset/typed/foo/v1alpha1/fake/fake_foo.go → ...ntset/typed/foo/v1alpha1/fake/fake_foo.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ...yped/foo/v1alpha1/fake/fake_foo_client.go → ...yped/foo/v1alpha1/fake/fake_foo_client.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions ...rated/clientset/typed/foo/v1alpha1/foo.go → ...rated/clientset/typed/foo/v1alpha1/foo.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions ...lientset/typed/foo/v1alpha1/foo_client.go → ...lientset/typed/foo/v1alpha1/foo_client.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 ...typed/foo/v1alpha1/generated_expansion.go → ...typed/foo/v1alpha1/generated_expansion.go
View file
File renamed without changes.
6 changes: 3 additions & 3 deletions ...is/example/generated/informers/factory.go → kubernetes/generated/informers/factory.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions ...mple/generated/informers/foo/interface.go → ...etes/generated/informers/foo/interface.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions ...e/generated/informers/foo/v1alpha1/foo.go → ...s/generated/informers/foo/v1alpha1/foo.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ...rated/informers/foo/v1alpha1/interface.go → ...rated/informers/foo/v1alpha1/interface.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion ...is/example/generated/informers/generic.go → kubernetes/generated/informers/generic.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion .../internalinterfaces/factory_interfaces.go → .../internalinterfaces/factory_interfaces.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 ...sters/foo/v1alpha1/expansion_generated.go → ...sters/foo/v1alpha1/expansion_generated.go
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...ple/generated/listers/foo/v1alpha1/foo.go → ...tes/generated/listers/foo/v1alpha1/foo.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 13 additions & 13 deletions ...generated/openapi/zz_generated.openapi.go → ...generated/openapi/zz_generated.openapi.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 ...ample/hack/boilerplate/boilerplate.go.txt → ...netes/hack/boilerplate/boilerplate.go.txt
View file
File renamed without changes.
0 kubernetes/apis/example/hack/tools.go → kubernetes/hack/tools.go
View file
File renamed without changes.
0 kubernetes/apis/example/hack/update-all.sh → kubernetes/hack/update-all.sh
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...netes/apis/example/hack/update-codegen.sh → kubernetes/hack/update-codegen.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ GO111MODULE=on go install k8s.io/code-generator/cmd/openapi-gen
# All API group names in the pkg/apis directory that need code generation
PKGS=(foo/v1alpha1)

CLIENT_PATH=github.com/iawia002/pandora/kubernetes/apis/example
CLIENT_PATH=github.com/iawia002/pandora/kubernetes
CLIENT_APIS=${CLIENT_PATH}/apis

ALL_PKGS=""
Expand Down
0 ...rnetes/apis/example/hack/update-crdgen.sh → kubernetes/hack/update-crdgen.sh
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...netes/apis/example/hack/update-webhook.sh → kubernetes/hack/update-webhook.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ set -o pipefail
GO111MODULE=on go install sigs.k8s.io/controller-tools/cmd/controller-gen

echo "Generating Webhook"
controller-gen webhook paths=./apis/... output:dir=./webhook
controller-gen webhook paths="{./apis/..., ./controller/webhook/...}" output:dir=./webhook
Loading

0 comments on commit ec2e904

Please sign in to comment.