forked from kubeedge/kubeedge
-
Notifications
You must be signed in to change notification settings - Fork 0
/
common.go
106 lines (94 loc) · 3.59 KB
/
common.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package admissioncontroller
import (
"context"
"encoding/json"
"io/ioutil"
"net/http"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
admissionregistrationv1beta1client "k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1"
"k8s.io/klog/v2"
)
func registerValidateWebhook(client admissionregistrationv1beta1client.ValidatingWebhookConfigurationInterface,
webhooks []admissionregistrationv1beta1.ValidatingWebhookConfiguration) error {
for _, hook := range webhooks {
existing, err := client.Get(context.Background(), hook.Name, metav1.GetOptions{})
if err != nil && !apierrors.IsNotFound(err) {
return err
}
if err == nil && existing != nil {
existing.Webhooks = hook.Webhooks
klog.Infof("Updating ValidatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Update(context.Background(), existing, metav1.UpdateOptions{}); err != nil {
return err
}
} else {
klog.Infof("Creating ValidatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Create(context.Background(), &hook, metav1.CreateOptions{}); err != nil {
return err
}
}
}
return nil
}
func registerMutatingWebhook(client admissionregistrationv1beta1client.MutatingWebhookConfigurationInterface,
webhooks []admissionregistrationv1beta1.MutatingWebhookConfiguration) error {
for _, hook := range webhooks {
existing, err := client.Get(context.Background(), hook.Name, metav1.GetOptions{})
if err != nil && !apierrors.IsNotFound(err) {
return err
}
if err == nil && existing != nil {
existing.Webhooks = hook.Webhooks
klog.Infof("Updating MutatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Update(context.Background(), existing, metav1.UpdateOptions{}); err != nil {
return err
}
} else {
klog.Infof("Creating MutatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Create(context.Background(), &hook, metav1.CreateOptions{}); err != nil {
return err
}
}
}
return nil
}
// hookFunc is the type we use for all of our validators and mutators
type hookFunc func(admissionv1beta1.AdmissionReview) *admissionv1beta1.AdmissionResponse
func serve(w http.ResponseWriter, r *http.Request, hook hookFunc) {
var body []byte
if r.Body != nil {
if data, err := ioutil.ReadAll(r.Body); err == nil {
body = data
}
}
// verify the content type is accurate
contentType := r.Header.Get("Content-Type")
if contentType != "application/json" {
klog.Fatalf("contentType=%s, expect application/json", contentType)
return
}
// The AdmissionReview that was sent to the webhook
requestedAdmissionReview := admissionv1beta1.AdmissionReview{}
// The AdmissionReview that will be returned
responseAdmissionReview := admissionv1beta1.AdmissionReview{}
deserializer := codecs.UniversalDeserializer()
if _, _, err := deserializer.Decode(body, nil, &requestedAdmissionReview); err != nil {
klog.Fatalf("decode failed with error: %v", err)
responseAdmissionReview.Response = toAdmissionResponse(err)
} else {
responseAdmissionReview.Response = hook(requestedAdmissionReview)
}
// Return the same UID
responseAdmissionReview.Response.UID = requestedAdmissionReview.Request.UID
klog.V(4).Infof("sending response: %+v", responseAdmissionReview.Response)
respBytes, err := json.Marshal(responseAdmissionReview)
if err != nil {
klog.Fatalf("cannot marshal to a valid response %v", err)
}
if _, err := w.Write(respBytes); err != nil {
klog.Fatalf("cannot write response %v", err)
}
}