/
conversion.go
42 lines (36 loc) · 1.59 KB
/
conversion.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package legacyconfigprocessing
import (
"net"
configapi "github.com/openshift/origin/pkg/cmd/server/apis/config"
"github.com/openshift/origin/pkg/service/admission/apis/externalipranger"
"github.com/openshift/origin/pkg/service/admission/apis/restrictedendpoints"
)
func ConvertNetworkConfigToAdmissionConfig(masterConfig *configapi.MasterConfig) error {
if masterConfig.AdmissionConfig.PluginConfig == nil {
masterConfig.AdmissionConfig.PluginConfig = map[string]*configapi.AdmissionPluginConfig{}
}
// convert the networkconfig to admissionconfig
var restricted []string
restricted = append(restricted, masterConfig.NetworkConfig.ServiceNetworkCIDR)
for _, cidr := range masterConfig.NetworkConfig.ClusterNetworks {
restricted = append(restricted, cidr.CIDR)
}
restrictedEndpointConfig := &restrictedendpoints.RestrictedEndpointsAdmissionConfig{
RestrictedCIDRs: restricted,
}
masterConfig.AdmissionConfig.PluginConfig["openshift.io/RestrictedEndpointsAdmission"] = &configapi.AdmissionPluginConfig{
Configuration: restrictedEndpointConfig,
}
allowIngressIP := false
if _, ipNet, err := net.ParseCIDR(masterConfig.NetworkConfig.IngressIPNetworkCIDR); err == nil && !ipNet.IP.IsUnspecified() {
allowIngressIP = true
}
externalIPRangerAdmissionConfig := &externalipranger.ExternalIPRangerAdmissionConfig{
ExternalIPNetworkCIDRs: masterConfig.NetworkConfig.ExternalIPNetworkCIDRs,
AllowIngressIP: allowIngressIP,
}
masterConfig.AdmissionConfig.PluginConfig["ExternalIPRanger"] = &configapi.AdmissionPluginConfig{
Configuration: externalIPRangerAdmissionConfig,
}
return nil
}