This repository has been archived by the owner on Oct 9, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 59
/
entrypoint.go
113 lines (92 loc) · 3.59 KB
/
entrypoint.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
package webhook
import (
"context"
"encoding/json"
errors2 "errors"
"fmt"
"os"
"github.com/flyteorg/flytepropeller/pkg/controller/config"
"github.com/flyteorg/flytepropeller/pkg/utils"
config2 "github.com/flyteorg/flytepropeller/pkg/webhook/config"
"github.com/flyteorg/flytestdlib/logger"
"github.com/flyteorg/flytestdlib/promutils"
"k8s.io/apimachinery/pkg/api/errors"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"sigs.k8s.io/controller-runtime/pkg/manager"
)
const (
PodNameEnvVar = "POD_NAME"
PodNamespaceEnvVar = "POD_NAMESPACE"
)
func Run(ctx context.Context, propellerCfg *config.Config, cfg *config2.Config,
defaultNamespace string, scope *promutils.Scope, mgr *manager.Manager) error {
raw, err := json.Marshal(cfg)
if err != nil {
return err
}
fmt.Println(string(raw))
kubeClient, _, err := utils.GetKubeConfig(ctx, propellerCfg)
if err != nil {
return err
}
webhookScope := (*scope).NewSubScope("webhook")
secretsWebhook := NewPodMutator(cfg, webhookScope)
// Creates a MutationConfig to instruct ApiServer to call this service whenever a Pod is being created.
err = createMutationConfig(ctx, kubeClient, secretsWebhook, defaultNamespace)
if err != nil {
return err
}
err = secretsWebhook.Register(ctx, *mgr)
if err != nil {
logger.Fatalf(ctx, "Failed to register webhook with manager. Error: %v", err)
}
logger.Infof(ctx, "Starting controller-runtime manager")
return (*mgr).Start(ctx)
}
func createMutationConfig(ctx context.Context, kubeClient *kubernetes.Clientset, webhookObj *PodMutator, defaultNamespace string) error {
shouldAddOwnerRef := true
podName, found := os.LookupEnv(PodNameEnvVar)
if !found {
shouldAddOwnerRef = false
}
podNamespace, found := os.LookupEnv(PodNamespaceEnvVar)
if !found {
shouldAddOwnerRef = false
podNamespace = defaultNamespace
}
mutateConfig, err := webhookObj.CreateMutationWebhookConfiguration(podNamespace)
if err != nil {
return err
}
if shouldAddOwnerRef {
// Lookup the pod to retrieve its UID
p, err := kubeClient.CoreV1().Pods(podNamespace).Get(ctx, podName, v1.GetOptions{})
if err != nil {
logger.Infof(ctx, "Failed to get Pod [%v/%v]. Error: %v", podNamespace, podName, err)
return fmt.Errorf("failed to get pod. Error: %w", err)
}
mutateConfig.OwnerReferences = p.OwnerReferences
}
logger.Infof(ctx, "Creating MutatingWebhookConfiguration [%v/%v]", mutateConfig.GetNamespace(), mutateConfig.GetName())
_, err = kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(ctx, mutateConfig, v1.CreateOptions{})
var statusErr *errors.StatusError
if err != nil && errors2.As(err, &statusErr) && statusErr.Status().Reason == v1.StatusReasonAlreadyExists {
logger.Infof(ctx, "Failed to create MutatingWebhookConfiguration. Will attempt to update. Error: %v", err)
obj, getErr := kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(ctx, mutateConfig.Name, v1.GetOptions{})
if getErr != nil {
logger.Infof(ctx, "Failed to get MutatingWebhookConfiguration. Error: %v", getErr)
return err
}
obj.Webhooks = mutateConfig.Webhooks
_, err = kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Update(ctx, obj, v1.UpdateOptions{})
if err == nil {
logger.Infof(ctx, "Successfully updated existing mutating webhook config.")
}
return err
} else if err != nil {
logger.Infof(ctx, "Failed to create MutatingWebhookConfiguration [%v/%v]. Error: %v", mutateConfig.GetNamespace(), mutateConfig.GetName(), err)
return fmt.Errorf("failed to create mutatingwebhookconfiguration. Error: %w", err)
}
return nil
}