1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-15 20:20:22 +00:00

chore: make k8s api import aliases consistent (#3950)

* chore: make kyverno api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

* chore: make apimachinery api import aliases consistent

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
Charles-Edouard Brétéché 2022-05-17 16:14:31 +02:00 committed by GitHub
parent b3e227dbaf
commit 666bcb3c15
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 139 additions and 135 deletions

View file

@ -49,3 +49,7 @@ linters-settings:
alias: alias:
- pkg: github.com/kyverno/kyverno/api/(\w+)/(v[\w\d]+) - pkg: github.com/kyverno/kyverno/api/(\w+)/(v[\w\d]+)
alias: $1$2 alias: $1$2
- pkg: k8s.io/apimachinery/pkg/apis/(\w+)/(v[\w\d]+)
alias: $1$2
- pkg: k8s.io/api/(\w+)/(v[\w\d]+)
alias: $1$2

View file

@ -20,7 +20,7 @@ import (
"github.com/kyverno/kyverno/pkg/signal" "github.com/kyverno/kyverno/pkg/signal"
"github.com/kyverno/kyverno/pkg/tls" "github.com/kyverno/kyverno/pkg/tls"
"github.com/kyverno/kyverno/pkg/utils" "github.com/kyverno/kyverno/pkg/utils"
coord "k8s.io/api/coordination/v1" coordinationv1 "k8s.io/api/coordination/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
@ -193,7 +193,7 @@ func acquireLeader(ctx context.Context, kubeClient kubernetes.Interface) error {
os.Exit(0) os.Exit(0)
} }
lease := coord.Lease{ lease := coordinationv1.Lease{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Name: "kyvernopre-lock", Name: "kyvernopre-lock",
}, },

View file

@ -8,7 +8,7 @@ import (
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1" kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
"github.com/kyverno/kyverno/pkg/common" "github.com/kyverno/kyverno/pkg/common"
dclient "github.com/kyverno/kyverno/pkg/dclient" dclient "github.com/kyverno/kyverno/pkg/dclient"
v1 "k8s.io/api/admission/v1" admissionv1 "k8s.io/api/admission/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
) )
@ -22,7 +22,7 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
} }
resource, err := client.GetResource(resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name) resource, err := client.GetResource(resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name)
if err != nil { if err != nil {
if urSpec.Type == kyvernov1beta1.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == v1.Delete { if urSpec.Type == kyvernov1beta1.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == admissionv1.Delete {
log.V(4).Info("trigger resource does not exist for mutateExisting rule", "operation", urSpec.Context.AdmissionRequestInfo.Operation) log.V(4).Info("trigger resource does not exist for mutateExisting rule", "operation", urSpec.Context.AdmissionRequestInfo.Operation)
return nil, nil return nil, nil
} }

View file

@ -12,7 +12,7 @@ import (
dclient "github.com/kyverno/kyverno/pkg/dclient" dclient "github.com/kyverno/kyverno/pkg/dclient"
enginutils "github.com/kyverno/kyverno/pkg/engine/utils" enginutils "github.com/kyverno/kyverno/pkg/engine/utils"
"github.com/pkg/errors" "github.com/pkg/errors"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
listerv1 "k8s.io/client-go/listers/core/v1" listerv1 "k8s.io/client-go/listers/core/v1"
"sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log"
@ -39,7 +39,7 @@ func GetNamespaceSelectorsFromNamespaceLister(kind, namespaceOfResource string,
} }
// GetNamespaceLabels - from namespace obj // GetNamespaceLabels - from namespace obj
func GetNamespaceLabels(namespaceObj *v1.Namespace, logger logr.Logger) map[string]string { func GetNamespaceLabels(namespaceObj *corev1.Namespace, logger logr.Logger) map[string]string {
namespaceObj.Kind = "Namespace" namespaceObj.Kind = "Namespace"
namespaceRaw, err := json.Marshal(namespaceObj) namespaceRaw, err := json.Marshal(namespaceObj)
if err != nil { if err != nil {

View file

@ -8,7 +8,7 @@ import (
wildcard "github.com/kyverno/go-wildcard" wildcard "github.com/kyverno/go-wildcard"
osutils "github.com/kyverno/kyverno/pkg/utils/os" osutils "github.com/kyverno/kyverno/pkg/utils/os"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
@ -121,7 +121,7 @@ type Configuration interface {
// GetWebhooks returns the webhook configs // GetWebhooks returns the webhook configs
GetWebhooks() []WebhookConfig GetWebhooks() []WebhookConfig
// Load loads configuration from a configmap // Load loads configuration from a configmap
Load(cm *v1.ConfigMap) Load(cm *corev1.ConfigMap)
} }
// configuration stores the configuration // configuration stores the configuration
@ -212,7 +212,7 @@ func (cd *configuration) GetWebhooks() []WebhookConfig {
return cd.webhooks return cd.webhooks
} }
func (cd *configuration) Load(cm *v1.ConfigMap) { func (cd *configuration) Load(cm *corev1.ConfigMap) {
reconcilePolicyReport, updateWebhook := true, true reconcilePolicyReport, updateWebhook := true, true
if cm != nil { if cm != nil {
logger.Info("load config", "name", cm.Name, "namespace", cm.Namespace) logger.Info("load config", "name", cm.Name, "namespace", cm.Namespace)
@ -231,7 +231,7 @@ func (cd *configuration) Load(cm *v1.ConfigMap) {
} }
} }
func (cd *configuration) load(cm *v1.ConfigMap) (reconcilePolicyReport, updateWebhook bool) { func (cd *configuration) load(cm *corev1.ConfigMap) (reconcilePolicyReport, updateWebhook bool) {
logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace) logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
if cm.Data == nil { if cm.Data == nil {
logger.V(4).Info("configuration: No data defined in ConfigMap") logger.V(4).Info("configuration: No data defined in ConfigMap")

View file

@ -8,7 +8,7 @@ import (
"github.com/kyverno/kyverno/pkg/common" "github.com/kyverno/kyverno/pkg/common"
"github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/tls" "github.com/kyverno/kyverno/pkg/tls"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
informerv1 "k8s.io/client-go/informers/core/v1" informerv1 "k8s.io/client-go/informers/core/v1"
listersv1 "k8s.io/client-go/listers/core/v1" listersv1 "k8s.io/client-go/listers/core/v1"
"k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/cache"
@ -44,15 +44,15 @@ func NewController(secretInformer informerv1.SecretInformer, certRenewer *tls.Ce
} }
func (m *controller) addSecretFunc(obj interface{}) { func (m *controller) addSecretFunc(obj interface{}) {
secret := obj.(*v1.Secret) secret := obj.(*corev1.Secret)
if secret.GetNamespace() == config.KyvernoNamespace() && secret.GetName() == tls.GenerateTLSPairSecretName() { if secret.GetNamespace() == config.KyvernoNamespace() && secret.GetName() == tls.GenerateTLSPairSecretName() {
m.secretQueue <- true m.secretQueue <- true
} }
} }
func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) { func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
old := oldObj.(*v1.Secret) old := oldObj.(*corev1.Secret)
new := newObj.(*v1.Secret) new := newObj.(*corev1.Secret)
if new.GetNamespace() == config.KyvernoNamespace() && new.GetName() == tls.GenerateTLSPairSecretName() { if new.GetNamespace() == config.KyvernoNamespace() && new.GetName() == tls.GenerateTLSPairSecretName() {
if !reflect.DeepEqual(old.DeepCopy().Data, new.DeepCopy().Data) { if !reflect.DeepEqual(old.DeepCopy().Data, new.DeepCopy().Data) {
m.secretQueue <- true m.secretQueue <- true
@ -66,7 +66,7 @@ func (m *controller) GetTLSPemPair() ([]byte, []byte, error) {
if err != nil { if err != nil {
return nil, nil, err return nil, nil, err
} }
return secret.Data[v1.TLSCertKey], secret.Data[v1.TLSPrivateKeyKey], nil return secret.Data[corev1.TLSCertKey], secret.Data[corev1.TLSPrivateKeyKey], nil
} }
func (m *controller) renewCertificates() error { func (m *controller) renewCertificates() error {
@ -89,7 +89,7 @@ func (m *controller) GetCAPem() ([]byte, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
result := secret.Data[v1.TLSCertKey] result := secret.Data[corev1.TLSCertKey]
if len(result) == 0 { if len(result) == 0 {
result = secret.Data[tls.RootCAKey] result = secret.Data[tls.RootCAKey]
} }

View file

@ -8,7 +8,7 @@ import (
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1" kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1" kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
client "github.com/kyverno/kyverno/pkg/dclient" client "github.com/kyverno/kyverno/pkg/dclient"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
errors "k8s.io/apimachinery/pkg/api/errors" errors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
utilruntime "k8s.io/apimachinery/pkg/util/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -86,7 +86,7 @@ func initRecorder(client client.Interface, eventSource Source, log logr.Logger)
) )
recorder := eventBroadcaster.NewRecorder( recorder := eventBroadcaster.NewRecorder(
scheme.Scheme, scheme.Scheme,
v1.EventSource{ corev1.EventSource{
Component: eventSource.String(), Component: eventSource.String(),
}, },
) )
@ -203,9 +203,9 @@ func (gen *Generator) syncHandler(key Info) error {
} }
// set the event type based on reason // set the event type based on reason
eventType := v1.EventTypeWarning eventType := corev1.EventTypeWarning
if key.Reason == PolicyApplied.String() { if key.Reason == PolicyApplied.String() {
eventType = v1.EventTypeNormal eventType = corev1.EventTypeNormal
} }
// based on the source of event generation, use different event recorders // based on the source of event generation, use different event recorders

View file

@ -12,7 +12,7 @@ import (
client "github.com/kyverno/kyverno/pkg/dclient" client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/pkg/errors" "github.com/pkg/errors"
"gopkg.in/yaml.v3" "gopkg.in/yaml.v3"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
runtimeSchema "k8s.io/apimachinery/pkg/runtime/schema" runtimeSchema "k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
@ -91,7 +91,7 @@ func (c *crdSync) sync() {
Group: "apiextensions.k8s.io", Group: "apiextensions.k8s.io",
Version: "v1", Version: "v1",
Resource: "customresourcedefinitions", Resource: "customresourcedefinitions",
}).List(context.TODO(), v1.ListOptions{}) }).List(context.TODO(), metav1.ListOptions{})
if err != nil { if err != nil {
log.Log.Error(err, "could not fetch crd's from server") log.Log.Error(err, "could not fetch crd's from server")
return return

View file

@ -26,7 +26,7 @@ import (
"github.com/kyverno/kyverno/pkg/metrics" "github.com/kyverno/kyverno/pkg/metrics"
"github.com/kyverno/kyverno/pkg/policyreport" "github.com/kyverno/kyverno/pkg/policyreport"
"github.com/kyverno/kyverno/pkg/utils" "github.com/kyverno/kyverno/pkg/utils"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -126,7 +126,7 @@ func NewPolicyController(
pInformer: pInformer, pInformer: pInformer,
npInformer: npInformer, npInformer: npInformer,
eventGen: eventGen, eventGen: eventGen,
eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "policy_controller"}), eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "policy_controller"}),
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"), queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
configHandler: configHandler, configHandler: configHandler,
prGenerator: prGenerator, prGenerator: prGenerator,

View file

@ -15,7 +15,7 @@ import (
"github.com/kyverno/kyverno/pkg/engine" "github.com/kyverno/kyverno/pkg/engine"
"github.com/kyverno/kyverno/pkg/engine/response" "github.com/kyverno/kyverno/pkg/engine/response"
"github.com/kyverno/kyverno/pkg/version" "github.com/kyverno/kyverno/pkg/version"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/runtime/schema"
@ -165,7 +165,7 @@ func (builder *requestBuilder) buildRCRResult(policy string, resource response.R
result := policyreportv1alpha2.PolicyReportResult{ result := policyreportv1alpha2.PolicyReportResult{
Policy: policy, Policy: policy,
Resources: []v1.ObjectReference{ Resources: []corev1.ObjectReference{
{ {
Kind: resource.Kind, Kind: resource.Kind,
Namespace: resource.Namespace, Namespace: resource.Namespace,

View file

@ -19,7 +19,7 @@ import (
dclient "github.com/kyverno/kyverno/pkg/dclient" dclient "github.com/kyverno/kyverno/pkg/dclient"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"github.com/kyverno/kyverno/pkg/version" "github.com/kyverno/kyverno/pkg/version"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@ -534,7 +534,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
return nil, nil, fmt.Errorf("unable to get namespace %s: %v", namespace, err) return nil, nil, fmt.Errorf("unable to get namespace %s: %v", namespace, err)
} }
// Namespace is deleted, create a fake ns to clean up RCRs // Namespace is deleted, create a fake ns to clean up RCRs
ns = new(v1.Namespace) ns = new(corev1.Namespace)
ns.SetName(namespace) ns.SetName(namespace)
now := metav1.Now() now := metav1.Now()
ns.SetDeletionTimestamp(&now) ns.SetDeletionTimestamp(&now)
@ -554,7 +554,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
return report, aggregatedRequests, nil return report, aggregatedRequests, nil
} }
func mergeRequests(ns, kyvernoNs *v1.Namespace, requestsGeneral interface{}) (*unstructured.Unstructured, interface{}, error) { func mergeRequests(ns, kyvernoNs *corev1.Namespace, requestsGeneral interface{}) (*unstructured.Unstructured, interface{}, error) {
results := []policyreportv1alpha2.PolicyReportResult{} results := []policyreportv1alpha2.PolicyReportResult{}
if requests, ok := requestsGeneral.([]*kyvernov1alpha2.ClusterReportChangeRequest); ok { if requests, ok := requestsGeneral.([]*kyvernov1alpha2.ClusterReportChangeRequest); ok {
@ -615,7 +615,7 @@ func mergeRequests(ns, kyvernoNs *v1.Namespace, requestsGeneral interface{}) (*u
return nil, nil, nil return nil, nil, nil
} }
func setReport(reportUnstructured *unstructured.Unstructured, ns, kyvernoNs *v1.Namespace) { func setReport(reportUnstructured *unstructured.Unstructured, ns, kyvernoNs *corev1.Namespace) {
reportUnstructured.SetAPIVersion(policyreportv1alpha2.SchemeGroupVersion.String()) reportUnstructured.SetAPIVersion(policyreportv1alpha2.SchemeGroupVersion.String())
reportUnstructured.SetLabels(LabelSelector.MatchLabels) reportUnstructured.SetLabels(LabelSelector.MatchLabels)

View file

@ -5,7 +5,7 @@ import (
"github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/config"
"github.com/pkg/errors" "github.com/pkg/errors"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
) )
@ -20,7 +20,7 @@ func ReadRootCASecret(client kubernetes.Interface) ([]byte, error) {
return nil, err return nil, err
} }
// try "tls.crt" // try "tls.crt"
result := stlsca.Data[v1.TLSCertKey] result := stlsca.Data[corev1.TLSCertKey]
// if not there, try old "rootCA.crt" // if not there, try old "rootCA.crt"
if len(result) == 0 { if len(result) == 0 {
result = stlsca.Data[RootCAKey] result = stlsca.Data[RootCAKey]

View file

@ -8,7 +8,7 @@ import (
"github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/config"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
) )
func privateKeyToPem(rsaKey *rsa.PrivateKey) []byte { func privateKeyToPem(rsaKey *rsa.PrivateKey) []byte {
@ -97,7 +97,7 @@ func IsKyvernoInRollingUpdate(deploy *appsv1.Deployment) bool {
return false return false
} }
func IsSecretManagedByKyverno(secret *v1.Secret) bool { func IsSecretManagedByKyverno(secret *corev1.Secret) bool {
if secret != nil { if secret != nil {
labels := secret.GetLabels() labels := secret.GetLabels()
if labels == nil { if labels == nil {

View file

@ -9,7 +9,7 @@ import (
"github.com/kyverno/kyverno/pkg/config" "github.com/kyverno/kyverno/pkg/config"
"github.com/kyverno/kyverno/pkg/tls" "github.com/kyverno/kyverno/pkg/tls"
admregapi "k8s.io/api/admissionregistration/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
appsv1 "k8s.io/api/apps/v1" appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1" corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1" rbacv1 "k8s.io/api/rbac/v1"
@ -22,15 +22,15 @@ const (
) )
var ( var (
noneOnDryRun = admregapi.SideEffectClassNoneOnDryRun noneOnDryRun = admissionregistrationv1.SideEffectClassNoneOnDryRun
never = admregapi.NeverReinvocationPolicy never = admissionregistrationv1.NeverReinvocationPolicy
ifNeeded = admregapi.IfNeededReinvocationPolicy ifNeeded = admissionregistrationv1.IfNeededReinvocationPolicy
policyRule = admregapi.Rule{ policyRule = admissionregistrationv1.Rule{
Resources: []string{"clusterpolicies/*", "policies/*"}, Resources: []string{"clusterpolicies/*", "policies/*"},
APIGroups: []string{"kyverno.io"}, APIGroups: []string{"kyverno.io"},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
} }
verifyRule = admregapi.Rule{ verifyRule = admissionregistrationv1.Rule{
Resources: []string{"leases"}, Resources: []string{"leases"},
APIGroups: []string{"coordination.k8s.io"}, APIGroups: []string{"coordination.k8s.io"},
APIVersions: []string{"v1"}, APIVersions: []string{"v1"},
@ -40,9 +40,9 @@ var (
"app.kubernetes.io/name": kyvernoValue, "app.kubernetes.io/name": kyvernoValue,
}, },
} }
update = []admregapi.OperationType{admregapi.Update} update = []admissionregistrationv1.OperationType{admissionregistrationv1.Update}
createUpdate = []admregapi.OperationType{admregapi.Create, admregapi.Update} createUpdate = []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update}
all = []admregapi.OperationType{admregapi.Create, admregapi.Update, admregapi.Delete, admregapi.Connect} all = []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update, admissionregistrationv1.Delete, admissionregistrationv1.Connect}
) )
func (wrc *Register) readCaData() []byte { func (wrc *Register) readCaData() []byte {
@ -116,18 +116,18 @@ func (wrc *Register) constructOwner() metav1.OwnerReference {
// webhook utils // webhook utils
func generateRules(rule admregapi.Rule, operationTypes []admregapi.OperationType) []admregapi.RuleWithOperations { func generateRules(rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType) []admissionregistrationv1.RuleWithOperations {
if !reflect.DeepEqual(rule, admregapi.Rule{}) { if !reflect.DeepEqual(rule, admissionregistrationv1.Rule{}) {
return []admregapi.RuleWithOperations{{Operations: operationTypes, Rule: rule}} return []admissionregistrationv1.RuleWithOperations{{Operations: operationTypes, Rule: rule}}
} }
return nil return nil
} }
func generateDebugMutatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.MutatingWebhook { func generateDebugMutatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.MutatingWebhook {
return admregapi.MutatingWebhook{ return admissionregistrationv1.MutatingWebhook{
ReinvocationPolicy: &never, ReinvocationPolicy: &never,
Name: name, Name: name,
ClientConfig: admregapi.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &url, URL: &url,
CABundle: caData, CABundle: caData,
}, },
@ -139,10 +139,10 @@ func generateDebugMutatingWebhook(name, url string, caData []byte, timeoutSecond
} }
} }
func generateDebugValidatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.ValidatingWebhook { func generateDebugValidatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.ValidatingWebhook {
return admregapi.ValidatingWebhook{ return admissionregistrationv1.ValidatingWebhook{
Name: name, Name: name,
ClientConfig: admregapi.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
URL: &url, URL: &url,
CABundle: caData, CABundle: caData,
}, },
@ -154,12 +154,12 @@ func generateDebugValidatingWebhook(name, url string, caData []byte, timeoutSeco
} }
} }
func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.MutatingWebhook { func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.MutatingWebhook {
return admregapi.MutatingWebhook{ return admissionregistrationv1.MutatingWebhook{
ReinvocationPolicy: &ifNeeded, ReinvocationPolicy: &ifNeeded,
Name: name, Name: name,
ClientConfig: admregapi.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admregapi.ServiceReference{ Service: &admissionregistrationv1.ServiceReference{
Namespace: config.KyvernoNamespace(), Namespace: config.KyvernoNamespace(),
Name: config.KyvernoServiceName(), Name: config.KyvernoServiceName(),
Path: &servicePath, Path: &servicePath,
@ -174,11 +174,11 @@ func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSec
} }
} }
func generateValidatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.ValidatingWebhook { func generateValidatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.ValidatingWebhook {
return admregapi.ValidatingWebhook{ return admissionregistrationv1.ValidatingWebhook{
Name: name, Name: name,
ClientConfig: admregapi.WebhookClientConfig{ ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admregapi.ServiceReference{ Service: &admissionregistrationv1.ServiceReference{
Namespace: config.KyvernoNamespace(), Namespace: config.KyvernoNamespace(),
Name: config.KyvernoServiceName(), Name: config.KyvernoServiceName(),
Path: &servicePath, Path: &servicePath,
@ -219,42 +219,42 @@ func getPolicyValidatingWebhookConfigName(serverIP string) string {
return config.PolicyValidatingWebhookConfigurationName return config.PolicyValidatingWebhookConfigurationName
} }
func constructPolicyValidatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration { func constructPolicyValidatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
name, path := config.PolicyValidatingWebhookName, config.PolicyValidatingWebhookServicePath name, path := config.PolicyValidatingWebhookName, config.PolicyValidatingWebhookServicePath
return &admregapi.ValidatingWebhookConfiguration{ return &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationName, owner), ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationName, owner),
Webhooks: []admregapi.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
generateValidatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore), generateValidatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
}, },
} }
} }
func constructDebugPolicyValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration { func constructDebugPolicyValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
name, url := config.PolicyValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyValidatingWebhookServicePath) name, url := config.PolicyValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyValidatingWebhookServicePath)
return &admregapi.ValidatingWebhookConfiguration{ return &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationDebugName, owner), ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationDebugName, owner),
Webhooks: []admregapi.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
generateDebugValidatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore), generateDebugValidatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
}, },
} }
} }
func constructPolicyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration { func constructPolicyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
name, path := config.PolicyMutatingWebhookName, config.PolicyMutatingWebhookServicePath name, path := config.PolicyMutatingWebhookName, config.PolicyMutatingWebhookServicePath
return &admregapi.MutatingWebhookConfiguration{ return &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationName, owner), ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationName, owner),
Webhooks: []admregapi.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
generateMutatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore), generateMutatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
}, },
} }
} }
func constructDebugPolicyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration { func constructDebugPolicyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
name, url := config.PolicyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyMutatingWebhookServicePath) name, url := config.PolicyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyMutatingWebhookServicePath)
return &admregapi.MutatingWebhookConfiguration{ return &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationDebugName, owner), ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationDebugName, owner),
Webhooks: []admregapi.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore), generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
}, },
} }
} }
@ -275,69 +275,69 @@ func getResourceValidatingWebhookConfigName(serverIP string) string {
return config.ValidatingWebhookConfigurationName return config.ValidatingWebhookConfigurationName
} }
func defaultResourceWebhookRule(autoUpdate bool) admregapi.Rule { func defaultResourceWebhookRule(autoUpdate bool) admissionregistrationv1.Rule {
if autoUpdate { if autoUpdate {
return admregapi.Rule{} return admissionregistrationv1.Rule{}
} }
return admregapi.Rule{ return admissionregistrationv1.Rule{
APIGroups: []string{"*"}, APIGroups: []string{"*"},
APIVersions: []string{"*"}, APIVersions: []string{"*"},
Resources: []string{"*/*"}, Resources: []string{"*/*"},
} }
} }
func constructDefaultDebugMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration { func constructDefaultDebugMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
name, url := config.MutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.MutatingWebhookServicePath) name, url := config.MutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.MutatingWebhookServicePath)
webhook := &admregapi.MutatingWebhookConfiguration{ webhook := &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationDebugName, owner), ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationDebugName, owner),
Webhooks: []admregapi.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
generateDebugMutatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Ignore), generateDebugMutatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Ignore),
}, },
} }
if autoUpdate { if autoUpdate {
webhook.Webhooks = append(webhook.Webhooks, generateDebugMutatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Fail)) webhook.Webhooks = append(webhook.Webhooks, generateDebugMutatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Fail))
} }
return webhook return webhook
} }
func constructDefaultMutatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration { func constructDefaultMutatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
name, path := config.MutatingWebhookName, config.MutatingWebhookServicePath name, path := config.MutatingWebhookName, config.MutatingWebhookServicePath
webhook := &admregapi.MutatingWebhookConfiguration{ webhook := &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationName, owner), ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationName, owner),
Webhooks: []admregapi.MutatingWebhook{ Webhooks: []admissionregistrationv1.MutatingWebhook{
generateMutatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Ignore), generateMutatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Ignore),
}, },
} }
if autoUpdate { if autoUpdate {
webhook.Webhooks = append(webhook.Webhooks, generateMutatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Fail)) webhook.Webhooks = append(webhook.Webhooks, generateMutatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Fail))
} }
return webhook return webhook
} }
func constructDefaultDebugValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration { func constructDefaultDebugValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
name, url := config.ValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.ValidatingWebhookServicePath) name, url := config.ValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.ValidatingWebhookServicePath)
webhook := &admregapi.ValidatingWebhookConfiguration{ webhook := &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationDebugName, owner), ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationDebugName, owner),
Webhooks: []admregapi.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
generateDebugValidatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Ignore), generateDebugValidatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Ignore),
}, },
} }
if autoUpdate { if autoUpdate {
webhook.Webhooks = append(webhook.Webhooks, generateDebugValidatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Fail)) webhook.Webhooks = append(webhook.Webhooks, generateDebugValidatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Fail))
} }
return webhook return webhook
} }
func constructDefaultValidatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration { func constructDefaultValidatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
name, path := config.ValidatingWebhookName, config.ValidatingWebhookServicePath name, path := config.ValidatingWebhookName, config.ValidatingWebhookServicePath
webhook := &admregapi.ValidatingWebhookConfiguration{ webhook := &admissionregistrationv1.ValidatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationName, owner), ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationName, owner),
Webhooks: []admregapi.ValidatingWebhook{ Webhooks: []admissionregistrationv1.ValidatingWebhook{
generateValidatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Ignore), generateValidatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Ignore),
}, },
} }
if autoUpdate { if autoUpdate {
webhook.Webhooks = append(webhook.Webhooks, generateValidatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Fail)) webhook.Webhooks = append(webhook.Webhooks, generateValidatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Fail))
} }
return webhook return webhook
} }
@ -351,22 +351,22 @@ func getVerifyMutatingWebhookConfigName(serverIP string) string {
return config.VerifyMutatingWebhookConfigurationName return config.VerifyMutatingWebhookConfigurationName
} }
func constructVerifyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration { func constructVerifyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
name, path := config.VerifyMutatingWebhookName, config.VerifyMutatingWebhookServicePath name, path := config.VerifyMutatingWebhookName, config.VerifyMutatingWebhookServicePath
webhook := generateMutatingWebhook(name, path, caData, timeoutSeconds, verifyRule, update, admregapi.Ignore) webhook := generateMutatingWebhook(name, path, caData, timeoutSeconds, verifyRule, update, admissionregistrationv1.Ignore)
webhook.ObjectSelector = vertifyObjectSelector webhook.ObjectSelector = vertifyObjectSelector
return &admregapi.MutatingWebhookConfiguration{ return &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationName, owner), ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationName, owner),
Webhooks: []admregapi.MutatingWebhook{webhook}, Webhooks: []admissionregistrationv1.MutatingWebhook{webhook},
} }
} }
func constructDebugVerifyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration { func constructDebugVerifyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
name, url := config.VerifyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.VerifyMutatingWebhookServicePath) name, url := config.VerifyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.VerifyMutatingWebhookServicePath)
webhook := generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, verifyRule, update, admregapi.Ignore) webhook := generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, verifyRule, update, admissionregistrationv1.Ignore)
webhook.ObjectSelector = vertifyObjectSelector webhook.ObjectSelector = vertifyObjectSelector
return &admregapi.MutatingWebhookConfiguration{ return &admissionregistrationv1.MutatingWebhookConfiguration{
ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationDebugName, owner), ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationDebugName, owner),
Webhooks: []admregapi.MutatingWebhook{webhook}, Webhooks: []admissionregistrationv1.MutatingWebhook{webhook},
} }
} }

View file

@ -19,7 +19,7 @@ import (
"github.com/kyverno/kyverno/pkg/utils" "github.com/kyverno/kyverno/pkg/utils"
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube" kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
"github.com/pkg/errors" "github.com/pkg/errors"
admregapi "k8s.io/api/admissionregistration/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/labels"
@ -216,14 +216,14 @@ func (m *webhookConfigManager) deletePolicy(obj interface{}) {
func (m *webhookConfigManager) deleteMutatingWebhook(obj interface{}) { func (m *webhookConfigManager) deleteMutatingWebhook(obj interface{}) {
m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...") m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...")
webhook, ok := obj.(*admregapi.MutatingWebhookConfiguration) webhook, ok := obj.(*admissionregistrationv1.MutatingWebhookConfiguration)
if !ok { if !ok {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown) tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok { if !ok {
m.log.Info("Couldn't get object from tombstone", "obj", obj) m.log.Info("Couldn't get object from tombstone", "obj", obj)
return return
} }
webhook, ok = tombstone.Obj.(*admregapi.MutatingWebhookConfiguration) webhook, ok = tombstone.Obj.(*admissionregistrationv1.MutatingWebhookConfiguration)
if !ok { if !ok {
m.log.Info("tombstone contained object that is not a MutatingWebhookConfiguration", "obj", obj) m.log.Info("tombstone contained object that is not a MutatingWebhookConfiguration", "obj", obj)
return return
@ -236,14 +236,14 @@ func (m *webhookConfigManager) deleteMutatingWebhook(obj interface{}) {
func (m *webhookConfigManager) deleteValidatingWebhook(obj interface{}) { func (m *webhookConfigManager) deleteValidatingWebhook(obj interface{}) {
m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...") m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...")
webhook, ok := obj.(*admregapi.ValidatingWebhookConfiguration) webhook, ok := obj.(*admissionregistrationv1.ValidatingWebhookConfiguration)
if !ok { if !ok {
tombstone, ok := obj.(cache.DeletedFinalStateUnknown) tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
if !ok { if !ok {
m.log.Info("Couldn't get object from tombstone", "obj", obj) m.log.Info("Couldn't get object from tombstone", "obj", obj)
return return
} }
webhook, ok = tombstone.Obj.(*admregapi.ValidatingWebhookConfiguration) webhook, ok = tombstone.Obj.(*admissionregistrationv1.ValidatingWebhookConfiguration)
if !ok { if !ok {
m.log.Info("tombstone contained object that is not a ValidatingWebhookConfiguration", "obj", obj) m.log.Info("tombstone contained object that is not a ValidatingWebhookConfiguration", "obj", obj)
return return
@ -480,11 +480,11 @@ func (m *webhookConfigManager) updateMutatingWebhookConfiguration(webhookName st
for i := range resourceWebhook.Webhooks { for i := range resourceWebhook.Webhooks {
newWebhook := webhooksMap[webhookKey(kindMutating, string(*resourceWebhook.Webhooks[i].FailurePolicy))] newWebhook := webhooksMap[webhookKey(kindMutating, string(*resourceWebhook.Webhooks[i].FailurePolicy))]
if newWebhook == nil || newWebhook.isEmpty() { if newWebhook == nil || newWebhook.isEmpty() {
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{} resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{}
} else { } else {
resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{ resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{
newWebhook.buildRuleWithOperations(admregapi.Create, admregapi.Update, admregapi.Delete), newWebhook.buildRuleWithOperations(admissionregistrationv1.Create, admissionregistrationv1.Update, admissionregistrationv1.Delete),
} }
} }
} }
@ -507,11 +507,11 @@ func (m *webhookConfigManager) updateValidatingWebhookConfiguration(webhookName
for i := range resourceWebhook.Webhooks { for i := range resourceWebhook.Webhooks {
newWebhook := webhooksMap[webhookKey(kindValidating, string(*resourceWebhook.Webhooks[i].FailurePolicy))] newWebhook := webhooksMap[webhookKey(kindValidating, string(*resourceWebhook.Webhooks[i].FailurePolicy))]
if newWebhook == nil || newWebhook.isEmpty() { if newWebhook == nil || newWebhook.isEmpty() {
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{} resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{}
} else { } else {
resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{ resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{
newWebhook.buildRuleWithOperations(admregapi.Create, admregapi.Update, admregapi.Delete, admregapi.Connect), newWebhook.buildRuleWithOperations(admissionregistrationv1.Create, admissionregistrationv1.Update, admissionregistrationv1.Delete, admissionregistrationv1.Connect),
} }
} }
} }
@ -572,9 +572,9 @@ type webhook struct {
resources sets.String resources sets.String
} }
func (wh *webhook) buildRuleWithOperations(ops ...admregapi.OperationType) admregapi.RuleWithOperations { func (wh *webhook) buildRuleWithOperations(ops ...admissionregistrationv1.OperationType) admissionregistrationv1.RuleWithOperations {
return admregapi.RuleWithOperations{ return admissionregistrationv1.RuleWithOperations{
Rule: admregapi.Rule{ Rule: admissionregistrationv1.Rule{
APIGroups: wh.groups.List(), APIGroups: wh.groups.List(),
APIVersions: wh.versions.List(), APIVersions: wh.versions.List(),
Resources: wh.resources.List(), Resources: wh.resources.List(),

View file

@ -16,7 +16,7 @@ import (
client "github.com/kyverno/kyverno/pkg/dclient" client "github.com/kyverno/kyverno/pkg/dclient"
"github.com/kyverno/kyverno/pkg/utils" "github.com/kyverno/kyverno/pkg/utils"
"github.com/pkg/errors" "github.com/pkg/errors"
admregapi "k8s.io/api/admissionregistration/v1" admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
errorsapi "k8s.io/apimachinery/pkg/api/errors" errorsapi "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
adminformers "k8s.io/client-go/informers/admissionregistration/v1" adminformers "k8s.io/client-go/informers/admissionregistration/v1"
@ -268,7 +268,7 @@ func (wrc *Register) ValidateWebhookConfigurations(namespace, name string) error
return json.Unmarshal([]byte(webhooks), &webhookCfgs) return json.Unmarshal([]byte(webhooks), &webhookCfgs)
} }
func (wrc *Register) createMutatingWebhookConfiguration(config *admregapi.MutatingWebhookConfiguration) error { func (wrc *Register) createMutatingWebhookConfiguration(config *admissionregistrationv1.MutatingWebhookConfiguration) error {
logger := wrc.log.WithValues("kind", kindMutating, "name", config.Name) logger := wrc.log.WithValues("kind", kindMutating, "name", config.Name)
if _, err := wrc.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil { if _, err := wrc.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil {
if errorsapi.IsAlreadyExists(err) { if errorsapi.IsAlreadyExists(err) {
@ -282,7 +282,7 @@ func (wrc *Register) createMutatingWebhookConfiguration(config *admregapi.Mutati
return nil return nil
} }
func (wrc *Register) createValidatingWebhookConfiguration(config *admregapi.ValidatingWebhookConfiguration) error { func (wrc *Register) createValidatingWebhookConfiguration(config *admissionregistrationv1.ValidatingWebhookConfiguration) error {
logger := wrc.log.WithValues("kind", kindValidating, "name", config.Name) logger := wrc.log.WithValues("kind", kindValidating, "name", config.Name)
if _, err := wrc.kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil { if _, err := wrc.kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil {
if errorsapi.IsAlreadyExists(err) { if errorsapi.IsAlreadyExists(err) {
@ -298,7 +298,7 @@ func (wrc *Register) createValidatingWebhookConfiguration(config *admregapi.Vali
func (wrc *Register) createResourceMutatingWebhookConfiguration(caData []byte) error { func (wrc *Register) createResourceMutatingWebhookConfiguration(caData []byte) error {
owner := wrc.constructOwner() owner := wrc.constructOwner()
var config *admregapi.MutatingWebhookConfiguration var config *admissionregistrationv1.MutatingWebhookConfiguration
if wrc.serverIP != "" { if wrc.serverIP != "" {
config = constructDefaultDebugMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner) config = constructDefaultDebugMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner)
} else { } else {
@ -309,7 +309,7 @@ func (wrc *Register) createResourceMutatingWebhookConfiguration(caData []byte) e
func (wrc *Register) createResourceValidatingWebhookConfiguration(caData []byte) error { func (wrc *Register) createResourceValidatingWebhookConfiguration(caData []byte) error {
owner := wrc.constructOwner() owner := wrc.constructOwner()
var config *admregapi.ValidatingWebhookConfiguration var config *admissionregistrationv1.ValidatingWebhookConfiguration
if wrc.serverIP != "" { if wrc.serverIP != "" {
config = constructDefaultDebugValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner) config = constructDefaultDebugValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner)
} else { } else {
@ -320,7 +320,7 @@ func (wrc *Register) createResourceValidatingWebhookConfiguration(caData []byte)
func (wrc *Register) createPolicyValidatingWebhookConfiguration(caData []byte) error { func (wrc *Register) createPolicyValidatingWebhookConfiguration(caData []byte) error {
owner := wrc.constructOwner() owner := wrc.constructOwner()
var config *admregapi.ValidatingWebhookConfiguration var config *admissionregistrationv1.ValidatingWebhookConfiguration
if wrc.serverIP != "" { if wrc.serverIP != "" {
config = constructDebugPolicyValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner) config = constructDebugPolicyValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
} else { } else {
@ -331,7 +331,7 @@ func (wrc *Register) createPolicyValidatingWebhookConfiguration(caData []byte) e
func (wrc *Register) createPolicyMutatingWebhookConfiguration(caData []byte) error { func (wrc *Register) createPolicyMutatingWebhookConfiguration(caData []byte) error {
owner := wrc.constructOwner() owner := wrc.constructOwner()
var config *admregapi.MutatingWebhookConfiguration var config *admissionregistrationv1.MutatingWebhookConfiguration
if wrc.serverIP != "" { if wrc.serverIP != "" {
config = constructDebugPolicyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner) config = constructDebugPolicyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
} else { } else {
@ -342,7 +342,7 @@ func (wrc *Register) createPolicyMutatingWebhookConfiguration(caData []byte) err
func (wrc *Register) createVerifyMutatingWebhookConfiguration(caData []byte) error { func (wrc *Register) createVerifyMutatingWebhookConfiguration(caData []byte) error {
owner := wrc.constructOwner() owner := wrc.constructOwner()
var config *admregapi.MutatingWebhookConfiguration var config *admissionregistrationv1.MutatingWebhookConfiguration
if wrc.serverIP != "" { if wrc.serverIP != "" {
config = constructDebugVerifyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner) config = constructDebugVerifyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
} else { } else {
@ -429,19 +429,19 @@ func (wrc *Register) updateResourceMutatingWebhookConfiguration(webhookCfg confi
// updateMutatingWebhookConfiguration updates an existing MutatingWebhookConfiguration with the rules provided by // updateMutatingWebhookConfiguration updates an existing MutatingWebhookConfiguration with the rules provided by
// the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved. // the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved.
func (wrc *Register) updateMutatingWebhookConfiguration(targetConfig *admregapi.MutatingWebhookConfiguration) error { func (wrc *Register) updateMutatingWebhookConfiguration(targetConfig *admissionregistrationv1.MutatingWebhookConfiguration) error {
// Fetch the existing webhook. // Fetch the existing webhook.
currentConfiguration, err := wrc.mwcLister.Get(targetConfig.Name) currentConfiguration, err := wrc.mwcLister.Get(targetConfig.Name)
if err != nil { if err != nil {
return fmt.Errorf("failed to get %s %s: %v", kindMutating, targetConfig.Name, err) return fmt.Errorf("failed to get %s %s: %v", kindMutating, targetConfig.Name, err)
} }
// Create a map of the target webhooks. // Create a map of the target webhooks.
targetWebhooksMap := make(map[string]admregapi.MutatingWebhook) targetWebhooksMap := make(map[string]admissionregistrationv1.MutatingWebhook)
for _, w := range targetConfig.Webhooks { for _, w := range targetConfig.Webhooks {
targetWebhooksMap[w.Name] = w targetWebhooksMap[w.Name] = w
} }
// Update the webhooks. // Update the webhooks.
newWebhooks := make([]admregapi.MutatingWebhook, 0) newWebhooks := make([]admissionregistrationv1.MutatingWebhook, 0)
for _, w := range currentConfiguration.Webhooks { for _, w := range currentConfiguration.Webhooks {
target, exist := targetWebhooksMap[w.Name] target, exist := targetWebhooksMap[w.Name]
if !exist { if !exist {
@ -473,19 +473,19 @@ func (wrc *Register) updateMutatingWebhookConfiguration(targetConfig *admregapi.
// updateValidatingWebhookConfiguration updates an existing ValidatingWebhookConfiguration with the rules provided by // updateValidatingWebhookConfiguration updates an existing ValidatingWebhookConfiguration with the rules provided by
// the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved. // the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved.
func (wrc *Register) updateValidatingWebhookConfiguration(targetConfig *admregapi.ValidatingWebhookConfiguration) error { func (wrc *Register) updateValidatingWebhookConfiguration(targetConfig *admissionregistrationv1.ValidatingWebhookConfiguration) error {
// Fetch the existing webhook. // Fetch the existing webhook.
currentConfiguration, err := wrc.vwcLister.Get(targetConfig.Name) currentConfiguration, err := wrc.vwcLister.Get(targetConfig.Name)
if err != nil { if err != nil {
return fmt.Errorf("failed to get %s %s: %v", kindValidating, targetConfig.Name, err) return fmt.Errorf("failed to get %s %s: %v", kindValidating, targetConfig.Name, err)
} }
// Create a map of the target webhooks. // Create a map of the target webhooks.
targetWebhooksMap := make(map[string]admregapi.ValidatingWebhook) targetWebhooksMap := make(map[string]admissionregistrationv1.ValidatingWebhook)
for _, w := range targetConfig.Webhooks { for _, w := range targetConfig.Webhooks {
targetWebhooksMap[w.Name] = w targetWebhooksMap[w.Name] = w
} }
// Update the webhooks. // Update the webhooks.
newWebhooks := make([]admregapi.ValidatingWebhook, 0) newWebhooks := make([]admissionregistrationv1.ValidatingWebhook, 0)
for _, w := range currentConfiguration.Webhooks { for _, w := range currentConfiguration.Webhooks {
target, exist := targetWebhooksMap[w.Name] target, exist := targetWebhooksMap[w.Name]
if !exist { if !exist {