1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
package admissioncontroller
import (
"context"
"encoding/json"
"io"
"net/http"
admissionv1 "k8s.io/api/admission/v1"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
admissionregistrationv1client "k8s.io/client-go/kubernetes/typed/admissionregistration/v1"
"k8s.io/klog/v2"
"github.com/kubeedge/kubeedge/common/constants"
)
func registerValidateWebhook(client admissionregistrationv1client.ValidatingWebhookConfigurationInterface,
webhooks []admissionregistrationv1.ValidatingWebhookConfiguration) error {
for _, hook := range webhooks {
existing, err := client.Get(context.Background(), hook.Name, metav1.GetOptions{})
if err != nil && !apierrors.IsNotFound(err) {
return err
}
if err == nil && existing != nil {
existing.Webhooks = hook.Webhooks
klog.Infof("Updating ValidatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Update(context.Background(), existing, metav1.UpdateOptions{}); err != nil {
return err
}
} else {
klog.Infof("Creating ValidatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Create(context.Background(), &hook, metav1.CreateOptions{}); err != nil {
return err
}
}
}
return nil
}
func registerMutatingWebhook(client admissionregistrationv1client.MutatingWebhookConfigurationInterface,
webhooks []admissionregistrationv1.MutatingWebhookConfiguration) error {
for _, hook := range webhooks {
existing, err := client.Get(context.Background(), hook.Name, metav1.GetOptions{})
if err != nil && !apierrors.IsNotFound(err) {
return err
}
if err == nil && existing != nil {
existing.Webhooks = hook.Webhooks
klog.Infof("Updating MutatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Update(context.Background(), existing, metav1.UpdateOptions{}); err != nil {
return err
}
} else {
klog.Infof("Creating MutatingWebhookConfiguration: %v", hook.Name)
if _, err := client.Create(context.Background(), &hook, metav1.CreateOptions{}); err != nil {
return err
}
}
}
return nil
}
// hookFunc is the type we use for all of our validators and mutators
type hookFunc func(admissionv1.AdmissionReview) *admissionv1.AdmissionResponse
func serve(w http.ResponseWriter, r *http.Request, hook hookFunc) {
var body []byte
if r.Body != nil {
r.Body = http.MaxBytesReader(w, r.Body, constants.MaxRespBodyLength)
if data, err := io.ReadAll(r.Body); err == nil {
body = data
}
}
// verify the content type is accurate
contentType := r.Header.Get("Content-Type")
if contentType != "application/json" {
klog.Errorf("contentType=%s, expect application/json", contentType)
return
}
// The AdmissionReview that was sent to the webhook
requestedAdmissionReview := admissionv1.AdmissionReview{}
// The AdmissionReview that will be returned
responseAdmissionReview := admissionv1.AdmissionReview{}
responseAdmissionReview.SetGroupVersionKind(admissionv1.SchemeGroupVersion.WithKind("AdmissionReview"))
deserializer := codecs.UniversalDeserializer()
if _, _, err := deserializer.Decode(body, nil, &requestedAdmissionReview); err != nil {
klog.Errorf("decode failed with error: %v", err)
responseAdmissionReview.Response = toAdmissionResponse(err)
} else {
responseAdmissionReview.Response = hook(requestedAdmissionReview)
}
// Return the same UID
responseAdmissionReview.Response.UID = requestedAdmissionReview.Request.UID
klog.V(4).Infof("sending response: %+v", responseAdmissionReview.Response)
respBytes, err := json.Marshal(responseAdmissionReview)
if err != nil {
klog.Errorf("cannot marshal to a valid response %v", err)
return
}
if _, err := w.Write(respBytes); err != nil {
klog.Errorf("cannot write response %v", err)
return
}
}
// toAdmissionResponse is a helper function to create an AdmissionResponse
func toAdmissionResponse(err error) *admissionv1.AdmissionResponse {
return &admissionv1.AdmissionResponse{
Result: &metav1.Status{
Message: err.Error(),
},
}
}
|
