-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reorganize admission webhook code #55132
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -21,7 +21,7 @@ import ( | |
|
||
"k8s.io/apimachinery/pkg/api/meta" | ||
"k8s.io/apiserver/pkg/admission" | ||
"k8s.io/apiserver/pkg/admission/plugin/webhook" | ||
webhookconfig "k8s.io/apiserver/pkg/admission/plugin/webhook/config" | ||
"k8s.io/apiserver/pkg/authorization/authorizer" | ||
clientset "k8s.io/client-go/kubernetes" | ||
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" | ||
|
@@ -62,7 +62,7 @@ type WantsQuotaConfiguration interface { | |
// WantsServiceResolver defines a fuction that accepts a ServiceResolver for | ||
// admission plugins that need to make calls to services. | ||
type WantsServiceResolver interface { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am surprised that these "WantsX" interfaces are defined here rather than in the generic layer, but that's a can of worms for some other time. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. They scatter in both directories. $ git grep "type Wants.* interface"
pkg/kubeapiserver/admission/initializer.go:35:type WantsInternalKubeClientSet interface {
pkg/kubeapiserver/admission/initializer.go:41:type WantsInternalKubeInformerFactory interface {
pkg/kubeapiserver/admission/initializer.go:47:type WantsCloudConfig interface {
pkg/kubeapiserver/admission/initializer.go:52:type WantsRESTMapper interface {
pkg/kubeapiserver/admission/initializer.go:57:type WantsQuotaConfiguration interface {
pkg/kubeapiserver/admission/initializer.go:64:type WantsServiceResolver interface {
pkg/kubeapiserver/admission/initializer.go:76:type WantsAuthenticationInfoResolverWrapper interface {
staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go:28:type WantsExternalKubeClientSet interface {
staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go:34:type WantsExternalKubeInformerFactory interface {
staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go:40:type WantsAuthorizer interface {
staging/src/k8s.io/apiserver/pkg/admission/initializer/interfaces.go:46:type WantsScheme interface { There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hm, maybe some of those aren't generic. I think auth info, service resolver, and rest mapper probably are. Don't fix it in this PR :) |
||
SetServiceResolver(webhook.ServiceResolver) | ||
SetServiceResolver(webhookconfig.ServiceResolver) | ||
} | ||
|
||
// ServiceResolver knows how to convert a service reference into an actual | ||
|
@@ -74,7 +74,7 @@ type ServiceResolver interface { | |
// WantsAuthenticationInfoResolverWrapper defines a function that wraps the standard AuthenticationInfoResolver | ||
// to allow the apiserver to control what is returned as auth info | ||
type WantsAuthenticationInfoResolverWrapper interface { | ||
SetAuthenticationInfoResolverWrapper(webhook.AuthenticationInfoResolverWrapper) | ||
SetAuthenticationInfoResolverWrapper(webhookconfig.AuthenticationInfoResolverWrapper) | ||
admission.InitializationValidator | ||
} | ||
|
||
|
@@ -86,8 +86,8 @@ type PluginInitializer struct { | |
cloudConfig []byte | ||
restMapper meta.RESTMapper | ||
quotaConfiguration quota.Configuration | ||
serviceResolver webhook.ServiceResolver | ||
authenticationInfoResolverWrapper webhook.AuthenticationInfoResolverWrapper | ||
serviceResolver webhookconfig.ServiceResolver | ||
authenticationInfoResolverWrapper webhookconfig.AuthenticationInfoResolverWrapper | ||
} | ||
|
||
var _ admission.PluginInitializer = &PluginInitializer{} | ||
|
@@ -101,8 +101,8 @@ func NewPluginInitializer( | |
cloudConfig []byte, | ||
restMapper meta.RESTMapper, | ||
quotaConfiguration quota.Configuration, | ||
authenticationInfoResolverWrapper webhook.AuthenticationInfoResolverWrapper, | ||
serviceResolver webhook.ServiceResolver, | ||
authenticationInfoResolverWrapper webhookconfig.AuthenticationInfoResolverWrapper, | ||
serviceResolver webhookconfig.ServiceResolver, | ||
) *PluginInitializer { | ||
return &PluginInitializer{ | ||
internalClient: internalClient, | ||
|
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test") | ||
|
||
go_library( | ||
name = "go_default_library", | ||
srcs = [ | ||
"authentication.go", | ||
"client.go", | ||
"errors.go", | ||
"kubeconfig.go", | ||
"serviceresolver.go", | ||
], | ||
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/config", | ||
visibility = ["//visibility:public"], | ||
deps = [ | ||
"//vendor/github.com/hashicorp/golang-lru:go_default_library", | ||
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library", | ||
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", | ||
"//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library", | ||
"//vendor/k8s.io/apimachinery/pkg/util/yaml:go_default_library", | ||
"//vendor/k8s.io/client-go/rest:go_default_library", | ||
"//vendor/k8s.io/client-go/tools/clientcmd:go_default_library", | ||
"//vendor/k8s.io/client-go/tools/clientcmd/api:go_default_library", | ||
], | ||
) | ||
|
||
go_test( | ||
name = "go_default_test", | ||
srcs = [ | ||
"authentication_test.go", | ||
"serviceresolver_test.go", | ||
], | ||
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/config", | ||
library = ":go_default_library", | ||
deps = [ | ||
"//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library", | ||
"//vendor/k8s.io/apimachinery/pkg/util/diff:go_default_library", | ||
"//vendor/k8s.io/client-go/rest:go_default_library", | ||
"//vendor/k8s.io/client-go/tools/clientcmd/api:go_default_library", | ||
], | ||
) | ||
|
||
filegroup( | ||
name = "package-srcs", | ||
srcs = glob(["**"]), | ||
tags = ["automanaged"], | ||
visibility = ["//visibility:private"], | ||
) | ||
|
||
filegroup( | ||
name = "all-srcs", | ||
srcs = [":package-srcs"], | ||
tags = ["automanaged"], | ||
visibility = ["//visibility:public"], | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think all of these interface types should go in "k8s.io/apiserver/pkg/admission/options" or something like that. They're available to all admission plugins, not just webhooks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.