Skip to content

Commit

Permalink
Added example resources helping in integrating Webhook to a K8s cluster.
Browse files Browse the repository at this point in the history
  • Loading branch information
@Levovar
Levovar committed May 21, 2019
1 parent 48ee0b3 commit 0195b55
Show file tree
Hide file tree
Showing 7 changed files with 124 additions and 21 deletions.
43 changes: 43 additions & 0 deletions integration/docker/webhook/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
FROM alpine:3.9
MAINTAINER Levente Kale <levente.kale@nokia.com>

ENV GOPATH /go
ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
ENV GOOS=linux

WORKDIR /

RUN mkdir -p $GOPATH/bin \
&& mkdir -p $GOPATH/src

RUN apk add --no-cache libcap iputils

RUN apk add --no-cache --virtual .tools ca-certificates gcc musl-dev go glide git tar curl \
&& mkdir -p $GOPATH/src/github.com/nokia/danm \
&& git clone -b 'webhook' --depth 1 https://github.com/nokia/danm.git $GOPATH/src/github.com/nokia/danm \
&& cd $GOPATH/src/github.com/nokia/danm \
&& glide install --strip-vendor \
&& go get -d github.com/vishvananda/netlink \
&& go get github.com/containernetworking/plugins/pkg/ns \
&& go get github.com/golang/groupcache/lru \
&& rm -rf $GOPATH/src/k8s.io/code-generator \
&& git clone -b 'kubernetes-1.13.4' --depth 1 https://github.com/kubernetes/code-generator.git $GOPATH/src/k8s.io/code-generator \
&& go install k8s.io/code-generator/cmd/deepcopy-gen \
&& go install k8s.io/code-generator/cmd/client-gen \
&& go install k8s.io/code-generator/cmd/lister-gen \
&& go install k8s.io/code-generator/cmd/informer-gen \
&& deepcopy-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 -O zz_generated.deepcopy --bounding-dirs github.com/nokia/danm/crd/apis \
&& client-gen --alsologtostderr --clientset-name versioned --input-base "" --input github.com/nokia/danm/crd/apis/danm/v1 --clientset-path github.com/nokia/danm/crd/client/clientset \
&& lister-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --output-package github.com/nokia/danm/crd/client/listers \
&& informer-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --versioned-clientset-package github.com/nokia/danm/crd/client/clientset/versioned --listers-package github.com/nokia/danm/crd/client/listers --output-package github.com/nokia/danm/crd/client/informers \
&& go install -a -ldflags '-extldflags "-static"' github.com/nokia/danm/cmd/webhook \
&& cp $GOPATH/bin/webhook /usr/local/bin/webhook \
&& rm -rf $GOPATH/src \
&& rm -rf $GOPATH/bin \
&& apk del .tools \
&& rm -rf /var/cache/apk/* \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/* \
&& rm -rf ~/.glide

ENTRYPOINT ["/usr/local/bin/webhook"]
2 changes: 1 addition & 1 deletion integration/manifests/netwatcher/netwatcher_ds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ spec:
hostPID: true
containers:
- name: netwatcher
image: netwatcher:3.0.0
image: netwatcher
securityContext:
capabilities:
add:
Expand Down
3 changes: 2 additions & 1 deletion integration/manifests/svcwatcher/svcwatcher_ds.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ spec:
template:
metadata:
annotations:
# Adapt to your own network environment!
danm.k8s.io/interfaces: |
[
{
Expand All @@ -25,7 +26,7 @@ spec:
"node-role.kubernetes.io/master": ""
containers:
- name: svcwatcher
image: svcwatcher:3.0.0
image: svcwatcher
args:
- "--logtostderr"
tolerations:
Expand Down
76 changes: 76 additions & 0 deletions integration/manifests/webhook/webhook.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: danm-webhook-config
namespace: kube-system
webhooks:
- name: danm-webhook.nokia.k8s.io
clientConfig:
service:
name: danm-webhook-svc
namespace: kube-system
path: "/webhook"
# Configure your pre-generated certificate matching the details of your environment
caBundle: <CA_BUNDLE>
rules:
- operations: ["CREATE","UPDATE"]
apiGroups: ["danm.k8s.io"]
apiVersions: ["v1"]
resources: ["danmnets"]
failurePolicy: Fail
---
apiVersion: v1
kind: Service
metadata:
name: danm-webhook-svc
namespace: kube-system
labels:
danm: webhook
spec:
ports:
- name: webhook
port: 443
targetPort: 8443
selector:
danm: webhook
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: danm-webhook-deployment
namespace: kube-system
labels:
danm: webhook
spec:
selector:
matchLabels:
danm: webhook
template:
metadata:
annotations:
# Adapt to your own network environment!
danm.k8s.io/interfaces: |
[
{
"network":"flannel"
}
]
name: danm-webhook
labels:
danm: webhook
spec:
containers:
- name: danm-webhook
image: danm_webhook
command: [ "/usr/local/bin/webhook", "-tls-cert-bundle=/etc/webhook/certs/danm_webhook.crt", "-tls-private-key-file=/etc/webhook/certs/danm_webhook.key", "bind-port=8443" ]
imagePullPolicy: IfNotPresent
volumeMounts:
- name: webhook-certs
mountPath: /etc/webhook/certs
readOnly: true
# Configure the directory holding the Webhook's server certificates
volumes:
- name: webhook-certs
hostPath:
path: /etc/kubernetes/ssl/
11 changes: 1 addition & 10 deletions pkg/netadmit/netadmit.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package netadmit
import (
"bytes"
"errors"
"fmt"
"log"
"net"
"reflect"
Expand Down Expand Up @@ -35,39 +34,32 @@ type Patch struct {
}

func ValidateNetwork(responseWriter http.ResponseWriter, request *http.Request) {
log.Println("INFO: got a request")
admissionReview, err := DecodeAdmissionReview(request)
if err != nil {
SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err)
return
}
log.Println("INFO: after decode")
manifest, err := getNetworkManifest(admissionReview.Request.Object.Raw)
if err != nil {
SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err)
return
}
log.Println("INFO: after get manifest")
origManifest := *manifest
isManifestValid, err := validateNetworkByType(manifest, request.Method)
if !isManifestValid {
SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err)
return
}
log.Println("INFO: after validate")
err = mutateManifest(manifest)
if err != nil {
SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err)
return
}
log.Println("INFO: after mutate")
responseAdmissionReview := v1beta1.AdmissionReview {
Response: CreateReviewResponseFromPatches(createPatchListFromChanges(origManifest,manifest)),
}
responseAdmissionReview.Response.UID = admissionReview.Request.UID
fmt.Printf("This is the response we gonna send: %+v\n", responseAdmissionReview)
SendAdmissionResponse(responseWriter, responseAdmissionReview)
log.Println("INFO: we have sent a successful answer!")
}

func DecodeAdmissionReview(httpRequest *http.Request) (*v1beta1.AdmissionReview,error) {
Expand Down Expand Up @@ -104,7 +96,7 @@ func SendErroneousAdmissionResponse(responseWriter http.ResponseWriter, uid type
func SendAdmissionResponse(responseWriter http.ResponseWriter, reviewResponse v1beta1.AdmissionReview) {
respBytes, err := json.Marshal(reviewResponse)
if err != nil {
log.Println("ERROR: Failed to send AdmissionRespons for request:" + string(reviewResponse.Response.UID) + " because JSON marshalling failed with error:" + err.Error())
log.Println("ERROR: Failed to send AdmissionResponse for request:" + string(reviewResponse.Response.UID) + " because JSON marshalling failed with error:" + err.Error())
}
responseWriter.Header().Set("Content-Type", "application/json")
_, err = responseWriter.Write(respBytes)
Expand Down Expand Up @@ -213,6 +205,5 @@ func CreateGenericPatchFromChange(attributePaths map[string]string, attribute st
Path: attributePaths[attribute],
Value: value,
}
fmt.Printf("This is a patch we want to send: %+v\n", patch)
return patch
}
7 changes: 0 additions & 7 deletions pkg/netadmit/validators.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@ import (
"log"
"net"
"strconv"
"strings"
"encoding/binary"
"net/http"
danmtypes "github.com/nokia/danm/crd/apis/danm/v1"
"github.com/nokia/danm/pkg/ipam"
)
Expand Down Expand Up @@ -65,11 +63,6 @@ func validateIpFields(cidr string, routes map[string]string) error {
}

func validateAllocationPool(dnet *danmtypes.DanmNet, httpMethod string) error {
log.Println("HTTP method was:" + httpMethod)
log.Println("HTTP method constant is:" + http.MethodPost)
log.Println("Alloc was:" + dnet.Spec.Options.Alloc)
log.Println("Strings compare res:" + strconv.Itoa(strings.Compare(httpMethod,http.MethodPost)))
log.Println("Empty string check:" + strconv.Itoa(len(dnet.Spec.Options.Alloc)))
cidr := dnet.Spec.Options.Cidr
if cidr == "" {
if dnet.Spec.Options.Pool.Start != "" || dnet.Spec.Options.Pool.End != "" {
Expand Down
3 changes: 1 addition & 2 deletions test/utils/utils.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,10 @@ import (
func SetupAllocationPools(nets []danmtypes.DanmNet) error {
for index, dnet := range nets {
if dnet.Spec.Options.Cidr != "" {
bitArray, err := netadmit.CreateAllocationArray(&dnet)
err := netadmit.CreateAllocationArray(&dnet)
if err != nil {
return err
}
dnet.Spec.Options.Alloc = bitArray.Encode()
_, ipnet, err := net.ParseCIDR(dnet.Spec.Options.Cidr)
if err != nil {
return err
Expand Down

0 comments on commit 0195b55

Please sign in to comment.