Skip to content
Permalink
Browse files

fix webhook related scaffolding

  • Loading branch information...
mengqiy committed May 15, 2019
1 parent 9d43848 commit 5365576fcdd2be34ef32392f6077b065c2a82326
@@ -17,11 +17,11 @@ limitations under the License.
package main

import (
"encoding/json"
"fmt"
"log"
"os"
"os/exec"
"log"
"encoding/json"

"github.com/spf13/cobra"
"golang.org/x/tools/go/packages"
@@ -77,7 +77,7 @@ func findCurrentRepo() (string, error) {

// next, check if we've got a package in the current directory
pkgCfg := &packages.Config{
Mode: packages.NeedName, // name gives us path as well
Mode: packages.NeedName, // name gives us path as well
}
pkgs, err := packages.Load(pkgCfg, ".")
if err == nil && len(pkgs) > 0 {
@@ -43,10 +43,11 @@ func newWebhookCmd() *cobra.Command {
Short: "Scaffold a webhook server",
Long: `Scaffold a webhook server if there is no existing server.
Scaffolds webhook handlers based on group, version, kind and other user inputs.
This command is only available for v1 scaffolding project.
`,
Example: ` # Create webhook for CRD of group crew, version v1 and kind FirstMate.
# Set type to be mutating and operations to be create and update.
kubebuilder webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update
kubebuilder alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update
`,
Run: func(cmd *cobra.Command, args []string) {
dieIfNoProject()
@@ -64,13 +64,10 @@ scaffold_test_project() {
$kb init --project-version $version --domain testproject.org --license apache2 --owner "The Kubernetes authors"
$kb create api --group crew --version v1 --kind Captain --controller=true --resource=true --make=false
$kb create api --group crew --version v1 --kind FirstMate --controller=true --resource=true --make=false
$kb alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update --make=false
$kb alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=delete --make=false
# TODO(droot): Adding a second group is a valid test case and kubebuilder is expected to report an error in this case. It
# doesn't do that currently so leaving it commented so that we can enable it later.
# $kb create api --group ship --version v1beta1 --kind Frigate --example=false --controller=true --resource=true --make=false
$kb create api --group core --version v1 --kind Namespace --example=false --controller=true --resource=false --namespaced=false --make=false
$kb alpha webhook --group core --version v1 --kind Namespace --type=mutating --operations=update --make=false
# $kb create api --group policy --version v1beta1 --kind HealthCheckPolicy --example=false --controller=true --resource=true --namespaced=false --make=false
fi
make all test # v2 doesn't test by default
@@ -17,21 +17,21 @@ limitations under the License.
package scaffold

import (
"bufio"
"fmt"
"os"
"os/exec"
"fmt"
"strings"
"bufio"

"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
"sigs.k8s.io/kubebuilder/pkg/scaffold/project"
"sigs.k8s.io/kubebuilder/pkg/scaffold/v1/manager"

"sigs.k8s.io/kubebuilder/cmd/util"
scaffoldv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2"
"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/certmanager"
managerv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2/manager"
"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/webhook"
"sigs.k8s.io/kubebuilder/cmd/util"
)

type ProjectScaffolder interface {
@@ -41,10 +41,10 @@ type ProjectScaffolder interface {
}

type V1Project struct {
Project project.Project
Project project.Project
Boilerplate project.Boilerplate

DepArgs []string
DepArgs []string
DefinitelyEnsure *bool
}

@@ -129,7 +129,7 @@ func (p *V1Project) Scaffold() error {
}

type V2Project struct {
Project project.Project
Project project.Project
Boilerplate project.Boilerplate
}

@@ -39,13 +39,22 @@ func (p *Kustomization) GetInput() (input.Input, error) {
var kustomizationTemplate = `resources:
- certificate.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
- name: CERTIFICATENAME
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
- name: CERTIFICATENAMESPACE
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace
configurations:
- kustomizeconfig.yaml
@@ -62,7 +62,7 @@ spec:
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: XG4=
caBundle: Cg==
service:
namespace: $(NAMESPACE)
name: webhook-service
@@ -69,9 +69,10 @@ bases:
- ../crd
- ../rbac
- ../manager
# - ../webhook
# Comment the next line if you want to disable cert-manager
# - ../certmanager
# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
#- ../webhook
# [CERTMANAGER] Uncomment next line to enable cert-manager
#- ../certmanager
patches:
- manager_image_patch.yaml
@@ -86,9 +87,10 @@ patches:
# manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml
# Uncomment the following patch to enable the CA injection in the admission webhooks.
#- webhookcainjection_patch.yaml
# Uncomment the following patch to enable the webhook for the manager.
# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
#- manager_webhook_patch.yaml
# [CAINJECTION] Uncomment next line to enable the CA injection in the admission webhooks. [CERTMANAGER] needs to be
# enabled to use ca injection
#- webhookcainjection_patch.yaml
`
@@ -98,9 +98,5 @@ spec:
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
terminationGracePeriodSeconds: 10
`
@@ -41,19 +41,4 @@ func (c *Kustomization) GetInput() (input.Input, error) {

var kustomizeManagerTemplate = `resources:
- manager.yaml
# the following config is for teaching kustomize how to do var substitution
# vars:
# - name: NAMESPACE
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
# - name: SERVICENAME
# objref:
# kind: Service
# version: v1
# name: webhook-service
`
@@ -46,12 +46,12 @@ kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME)
`
@@ -40,8 +40,24 @@ func (c *Kustomization) GetInput() (input.Input, error) {
}

var KustomizeWebhookTemplate = `resources:
- webhookmanifests.yaml # disabled till v2 has webhook support
- webhookmanifests.yaml
- service.yaml
configurations:
- kustomizeconfig.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
- name: NAMESPACE
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: SERVICENAME
objref:
kind: Service
version: v1
name: webhook-service
`
@@ -0,0 +1,52 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package webhook

import (
"path/filepath"

"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
)

var _ input.File = &Service{}

// Service scaffolds the Service file in manager folder.
type Service struct {
input.Input
}

// GetInput implements input.File
func (c *Service) GetInput() (input.Input, error) {
if c.Path == "" {
c.Path = filepath.Join("config", "webhook", "service.yaml")
}
c.TemplateBody = ServiceTemplate
c.Input.IfExistsAction = input.Error
return c.Input, nil
}

var ServiceTemplate = `
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: 443
`
@@ -18,6 +18,7 @@ package v2

import (
"path/filepath"

"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
)

@@ -50,22 +51,12 @@ spec:
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/cert
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-secret
---
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: 443
secretName: webhook-server-cert
`

0 comments on commit 5365576

Please sign in to comment.
You can’t perform that action at this time.