-
Notifications
You must be signed in to change notification settings - Fork 24
/
main.go
122 lines (96 loc) · 3.45 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
/*
Copyright 2022 VMware, Inc.
SPDX-License-Identifier: Apache-2.0
*/
package main
import (
"context"
"k8s.io/apimachinery/pkg/runtime/schema"
"knative.dev/pkg/configmap"
"knative.dev/pkg/controller"
"knative.dev/pkg/injection/sharedmain"
"knative.dev/pkg/logging"
"knative.dev/pkg/metrics"
"knative.dev/pkg/signals"
"knative.dev/pkg/webhook"
"knative.dev/pkg/webhook/certificates"
"knative.dev/pkg/webhook/configmaps"
"knative.dev/pkg/webhook/resourcesemantics"
"knative.dev/pkg/webhook/resourcesemantics/defaulting"
"knative.dev/pkg/webhook/resourcesemantics/validation"
"github.com/vmware-tanzu/sources-for-knative/pkg/apis/sources/v1alpha1"
)
var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{
// List the types to validate
v1alpha1.SchemeGroupVersion.WithKind("HorizonSource"): &v1alpha1.HorizonSource{},
}
var callbacks = map[schema.GroupVersionKind]validation.Callback{}
const admissionWebhookName = "horizon-source-webhook"
// NewDefaultingAdmissionController sets up mutating webhook.
func NewDefaultingAdmissionController(ctx context.Context, cmw configmap.Watcher) *controller.Impl {
return defaulting.NewAdmissionController(ctx,
// Name of the resource webhook.
"defaulting.webhook.horizon.sources.tanzu.vmware.com",
// The path on which to serve the webhook.
"/defaulting",
// The resource to default.
types,
// A function that infuses the context passed to Validate/SetDefaults with custom metadata.
func(ctx context.Context) context.Context {
// Here is where you would infuse the context with state
// (e.g. attach a store with configmap data)
return ctx
},
// Whether to disallow unknown fields.
true,
)
}
// NewValidationAdmissionController sets up validation webhook.
func NewValidationAdmissionController(ctx context.Context, cmw configmap.Watcher) *controller.Impl {
return validation.NewAdmissionController(ctx,
// Name of the resource webhook.
"validation.webhook.horizon.sources.tanzu.vmware.com",
// The path on which to serve the webhook.
"/resource-validation",
// The resources to validate.
types,
// A function that infuses the context passed to Validate/SetDefaults with custom metadata.
func(ctx context.Context) context.Context {
// Here is where you would infuse the context with state
// (e.g. attach a store with configmap data)
return ctx
},
// Whether to disallow unknown fields.
true,
// Extra validating callbacks to be applied to resources.
callbacks,
)
}
// NewConfigValidationController sets up ConfigMap validation webhook.
func NewConfigValidationController(ctx context.Context, cmw configmap.Watcher) *controller.Impl {
return configmaps.NewAdmissionController(ctx,
// Name of the configmap webhook.
"config.webhook.horizon.sources.tanzu.vmware.com",
// The path on which to serve the webhook.
"/config-validation",
// The configmaps to validate.
configmap.Constructors{
logging.ConfigMapName(): logging.NewConfigFromConfigMap,
metrics.ConfigMapName(): metrics.NewObservabilityConfigFromConfigMap,
},
)
}
func main() {
// Set up a signal context with our webhook options
ctx := webhook.WithOptions(signals.NewContext(), webhook.Options{
ServiceName: admissionWebhookName,
Port: 8443,
SecretName: "webhook-certs",
})
sharedmain.WebhookMainWithContext(ctx, admissionWebhookName,
certificates.NewController,
NewDefaultingAdmissionController,
NewValidationAdmissionController,
NewConfigValidationController,
)
}