2019-03-21 16:09:14 +00:00
|
|
|
package config
|
2019-03-21 13:57:30 +00:00
|
|
|
|
2019-11-18 19:41:37 +00:00
|
|
|
import (
|
2021-12-08 13:03:07 +00:00
|
|
|
"fmt"
|
|
|
|
"math"
|
2020-07-01 21:50:49 +00:00
|
|
|
|
2022-04-01 06:59:44 +00:00
|
|
|
osutils "github.com/kyverno/kyverno/pkg/utils/os"
|
2019-11-18 19:41:37 +00:00
|
|
|
rest "k8s.io/client-go/rest"
|
|
|
|
clientcmd "k8s.io/client-go/tools/clientcmd"
|
|
|
|
)
|
2019-05-30 19:28:56 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
// These constants MUST be equal to the corresponding names in service definition in definitions/install.yaml
|
2019-03-21 13:57:30 +00:00
|
|
|
const (
|
2020-01-24 20:05:53 +00:00
|
|
|
//MutatingWebhookConfigurationName default resource mutating webhook configuration name
|
|
|
|
MutatingWebhookConfigurationName = "kyverno-resource-mutating-webhook-cfg"
|
|
|
|
//MutatingWebhookConfigurationDebugName default resource mutating webhook configuration name for debug mode
|
2019-09-04 20:43:12 +00:00
|
|
|
MutatingWebhookConfigurationDebugName = "kyverno-resource-mutating-webhook-cfg-debug"
|
2020-01-24 20:05:53 +00:00
|
|
|
//MutatingWebhookName default resource mutating webhook name
|
2020-11-27 00:07:06 +00:00
|
|
|
MutatingWebhookName = "mutate.kyverno.svc"
|
2019-05-14 14:58:59 +00:00
|
|
|
|
2020-01-15 14:59:02 +00:00
|
|
|
ValidatingWebhookConfigurationName = "kyverno-resource-validating-webhook-cfg"
|
|
|
|
ValidatingWebhookConfigurationDebugName = "kyverno-resource-validating-webhook-cfg-debug"
|
2020-11-27 00:07:06 +00:00
|
|
|
ValidatingWebhookName = "validate.kyverno.svc"
|
2019-03-21 13:57:30 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//VerifyMutatingWebhookConfigurationName default verify mutating webhook configuration name
|
|
|
|
VerifyMutatingWebhookConfigurationName = "kyverno-verify-mutating-webhook-cfg"
|
|
|
|
//VerifyMutatingWebhookConfigurationDebugName default verify mutating webhook configuration name for debug mode
|
2019-10-30 20:39:19 +00:00
|
|
|
VerifyMutatingWebhookConfigurationDebugName = "kyverno-verify-mutating-webhook-cfg-debug"
|
2020-01-24 20:05:53 +00:00
|
|
|
//VerifyMutatingWebhookName default verify mutating webhook name
|
2020-11-27 00:07:06 +00:00
|
|
|
VerifyMutatingWebhookName = "monitor-webhooks.kyverno.svc"
|
2019-10-30 20:39:19 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//PolicyValidatingWebhookConfigurationName default policy validating webhook configuration name
|
|
|
|
PolicyValidatingWebhookConfigurationName = "kyverno-policy-validating-webhook-cfg"
|
|
|
|
//PolicyValidatingWebhookConfigurationDebugName default policy validating webhook configuration name for debug mode
|
2019-08-27 21:59:17 +00:00
|
|
|
PolicyValidatingWebhookConfigurationDebugName = "kyverno-policy-validating-webhook-cfg-debug"
|
2020-01-24 20:05:53 +00:00
|
|
|
//PolicyValidatingWebhookName default policy validating webhook name
|
2020-11-27 00:07:06 +00:00
|
|
|
PolicyValidatingWebhookName = "validate-policy.kyverno.svc"
|
2019-07-03 01:42:07 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//PolicyMutatingWebhookConfigurationName default policy mutating webhook configuration name
|
|
|
|
PolicyMutatingWebhookConfigurationName = "kyverno-policy-mutating-webhook-cfg"
|
|
|
|
//PolicyMutatingWebhookConfigurationDebugName default policy mutating webhook configuration name for debug mode
|
2019-08-27 21:52:56 +00:00
|
|
|
PolicyMutatingWebhookConfigurationDebugName = "kyverno-policy-mutating-webhook-cfg-debug"
|
2020-01-24 20:05:53 +00:00
|
|
|
//PolicyMutatingWebhookName default policy mutating webhook name
|
2020-11-27 00:07:06 +00:00
|
|
|
PolicyMutatingWebhookName = "mutate-policy.kyverno.svc"
|
2019-08-27 21:52:56 +00:00
|
|
|
|
2019-03-25 13:44:53 +00:00
|
|
|
// Due to kubernetes issue, we must use next literal constants instead of deployment TypeMeta fields
|
2019-05-14 14:58:59 +00:00
|
|
|
// Issue: https://github.com/kubernetes/kubernetes/pull/63972
|
|
|
|
// When the issue is closed, we should use TypeMeta struct instead of this constants
|
2020-01-24 20:05:53 +00:00
|
|
|
|
2021-11-03 06:44:32 +00:00
|
|
|
// ClusterRoleAPIVersion define the default clusterrole resource apiVersion
|
|
|
|
ClusterRoleAPIVersion = "rbac.authorization.k8s.io/v1"
|
|
|
|
|
|
|
|
// ClusterRoleKind define the default clusterrole resource kind
|
|
|
|
ClusterRoleKind = "ClusterRole"
|
2022-05-02 10:58:04 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//MutatingWebhookServicePath is the path for mutation webhook
|
|
|
|
MutatingWebhookServicePath = "/mutate"
|
2020-11-27 00:07:06 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//ValidatingWebhookServicePath is the path for validation webhook
|
|
|
|
ValidatingWebhookServicePath = "/validate"
|
2020-11-27 00:07:06 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//PolicyValidatingWebhookServicePath is the path for policy validation webhook(used to validate policy resource)
|
2019-07-03 01:42:07 +00:00
|
|
|
PolicyValidatingWebhookServicePath = "/policyvalidate"
|
2020-11-27 00:07:06 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//PolicyMutatingWebhookServicePath is the path for policy mutation webhook(used to default)
|
|
|
|
PolicyMutatingWebhookServicePath = "/policymutate"
|
2020-11-27 00:07:06 +00:00
|
|
|
|
2020-01-24 20:05:53 +00:00
|
|
|
//VerifyMutatingWebhookServicePath is the path for verify webhook(used to veryfing if admission control is enabled and active)
|
|
|
|
VerifyMutatingWebhookServicePath = "/verifymutate"
|
2020-11-27 00:07:06 +00:00
|
|
|
|
2020-05-27 01:03:32 +00:00
|
|
|
// LivenessServicePath is the path for check liveness health
|
|
|
|
LivenessServicePath = "/health/liveness"
|
2020-11-27 00:07:06 +00:00
|
|
|
|
2020-07-01 21:50:49 +00:00
|
|
|
// ReadinessServicePath is the path for check readness health
|
2020-05-27 01:03:32 +00:00
|
|
|
ReadinessServicePath = "/health/readiness"
|
2019-03-25 13:44:53 +00:00
|
|
|
)
|
2019-05-30 19:28:56 +00:00
|
|
|
|
2022-04-01 06:59:44 +00:00
|
|
|
var (
|
|
|
|
//KyvernoNamespace is the Kyverno namespace
|
|
|
|
KyvernoNamespace = osutils.GetEnvWithFallback("KYVERNO_NAMESPACE", "kyverno")
|
|
|
|
// KyvernoDeploymentName is the Kyverno deployment name
|
|
|
|
KyvernoDeploymentName = osutils.GetEnvWithFallback("KYVERNO_DEPLOYMENT", "kyverno")
|
|
|
|
//KyvernoServiceName is the Kyverno service name
|
|
|
|
KyvernoServiceName = osutils.GetEnvWithFallback("KYVERNO_SVC", "kyverno-svc")
|
|
|
|
)
|
|
|
|
|
2021-12-08 13:03:07 +00:00
|
|
|
//CreateClientConfig creates client config and applies rate limit QPS and burst
|
2022-04-26 19:55:24 +00:00
|
|
|
func CreateClientConfig(kubeconfig string, qps float64, burst int) (*rest.Config, error) {
|
|
|
|
clientConfig, err := createClientConfig(kubeconfig)
|
2021-12-08 13:03:07 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
if qps > math.MaxFloat32 {
|
|
|
|
return nil, fmt.Errorf("client rate limit QPS must not be higher than %e", math.MaxFloat32)
|
|
|
|
}
|
|
|
|
clientConfig.Burst = burst
|
|
|
|
clientConfig.QPS = float32(qps)
|
|
|
|
return clientConfig, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// createClientConfig creates client config
|
2022-04-26 19:55:24 +00:00
|
|
|
func createClientConfig(kubeconfig string) (*rest.Config, error) {
|
2019-11-18 19:41:37 +00:00
|
|
|
if kubeconfig == "" {
|
2022-04-26 19:55:24 +00:00
|
|
|
logger.Info("Using in-cluster configuration")
|
2019-11-18 19:41:37 +00:00
|
|
|
return rest.InClusterConfig()
|
|
|
|
}
|
2022-04-26 19:55:24 +00:00
|
|
|
logger.V(4).Info("Using specified kubeconfig", "kubeconfig", kubeconfig)
|
2019-11-18 19:41:37 +00:00
|
|
|
return clientcmd.BuildConfigFromFlags("", kubeconfig)
|
|
|
|
}
|