forked from flant/shell-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
manager.go
143 lines (121 loc) · 3.24 KB
/
manager.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package admission
import (
"os"
log "github.com/sirupsen/logrus"
klient "github.com/akaitux/kube-client/client"
"github.com/akaitux/shell-operator/pkg/webhook/server"
)
// DefaultConfigurationId is a ConfigurationId for ValidatingWebhookConfiguration/MutatingWebhookConfiguration
// without suffix.
const DefaultConfigurationId = "hooks"
// WebhookManager is a public interface to be used from operator.go.
//
// No dynamic configuration for now. The steps are:
// - Init manager
// - Call AddWebhook for every binding in hooks
// - Start() to run server and create ValidatingWebhookConfiguration/MutatingWebhookConfiguration
type WebhookManager struct {
KubeClient *klient.Client
Settings *WebhookSettings
Namespace string
DefaultConfigurationId string
Server *server.WebhookServer
ValidatingResources map[string]*ValidatingWebhookResource
MutatingResources map[string]*MutatingWebhookResource
Handler *WebhookHandler
}
func NewWebhookManager(kubeClient *klient.Client) *WebhookManager {
return &WebhookManager{
ValidatingResources: make(map[string]*ValidatingWebhookResource),
MutatingResources: make(map[string]*MutatingWebhookResource),
KubeClient: kubeClient,
}
}
func (m *WebhookManager) WithAdmissionEventHandler(handler AdmissionEventHandlerFn) {
if m.Handler == nil {
m.Handler = &WebhookHandler{
Handler: handler,
}
} else {
m.Handler.Handler = handler
}
}
// Init creates dependencies
func (m *WebhookManager) Init() error {
log.Info("Initialize admission webhooks manager. Load certificates.")
if m.DefaultConfigurationId == "" {
m.DefaultConfigurationId = DefaultConfigurationId
}
// settings
caBundleBytes, err := os.ReadFile(m.Settings.CAPath)
if err != nil {
return err
}
m.Settings.CABundle = caBundleBytes
m.Handler = NewWebhookHandler()
m.Server = &server.WebhookServer{
Settings: &m.Settings.Settings,
Namespace: m.Namespace,
Router: m.Handler.Router,
}
return nil
}
func (m *WebhookManager) AddValidatingWebhook(config *ValidatingWebhookConfig) {
confId := config.Metadata.ConfigurationId
if confId == "" {
confId = m.DefaultConfigurationId
}
r, ok := m.ValidatingResources[confId]
if !ok {
r = NewValidatingWebhookResource(
WebhookResourceOptions{
m.KubeClient,
m.Namespace,
m.Settings.ConfigurationName + "-" + confId,
m.Settings.ServiceName,
m.Settings.CABundle,
},
)
m.ValidatingResources[confId] = r
}
r.Set(config)
}
func (m *WebhookManager) AddMutatingWebhook(config *MutatingWebhookConfig) {
confId := config.Metadata.ConfigurationId
if confId == "" {
confId = m.DefaultConfigurationId
}
r, ok := m.MutatingResources[confId]
if !ok {
r = NewMutatingWebhookResource(
WebhookResourceOptions{
m.KubeClient,
m.Namespace,
m.Settings.ConfigurationName + "-" + confId,
m.Settings.ServiceName,
m.Settings.CABundle,
},
)
m.MutatingResources[confId] = r
}
r.Set(config)
}
func (m *WebhookManager) Start() error {
err := m.Server.Start()
if err != nil {
return err
}
for _, r := range m.ValidatingResources {
err = r.Register()
if err != nil {
return err
}
}
for _, r := range m.MutatingResources {
err = r.Register()
if err != nil {
return err
}
}
return nil
}