mirror of
https://github.com/kyverno/kyverno.git
synced 2025-03-15 12:17:56 +00:00
chore: make k8s api import aliases consistent (#3950)
* chore: make kyverno api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com> * chore: make apimachinery api import aliases consistent Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>
This commit is contained in:
parent
b3e227dbaf
commit
666bcb3c15
16 changed files with 139 additions and 135 deletions
|
@ -49,3 +49,7 @@ linters-settings:
|
||||||
alias:
|
alias:
|
||||||
- pkg: github.com/kyverno/kyverno/api/(\w+)/(v[\w\d]+)
|
- pkg: github.com/kyverno/kyverno/api/(\w+)/(v[\w\d]+)
|
||||||
alias: $1$2
|
alias: $1$2
|
||||||
|
- pkg: k8s.io/apimachinery/pkg/apis/(\w+)/(v[\w\d]+)
|
||||||
|
alias: $1$2
|
||||||
|
- pkg: k8s.io/api/(\w+)/(v[\w\d]+)
|
||||||
|
alias: $1$2
|
||||||
|
|
|
@ -20,7 +20,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/signal"
|
"github.com/kyverno/kyverno/pkg/signal"
|
||||||
"github.com/kyverno/kyverno/pkg/tls"
|
"github.com/kyverno/kyverno/pkg/tls"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
coord "k8s.io/api/coordination/v1"
|
coordinationv1 "k8s.io/api/coordination/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/errors"
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/labels"
|
"k8s.io/apimachinery/pkg/labels"
|
||||||
|
@ -193,7 +193,7 @@ func acquireLeader(ctx context.Context, kubeClient kubernetes.Interface) error {
|
||||||
os.Exit(0)
|
os.Exit(0)
|
||||||
}
|
}
|
||||||
|
|
||||||
lease := coord.Lease{
|
lease := coordinationv1.Lease{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: "kyvernopre-lock",
|
Name: "kyvernopre-lock",
|
||||||
},
|
},
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
kyvernov1beta1 "github.com/kyverno/kyverno/api/kyverno/v1beta1"
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
"github.com/kyverno/kyverno/pkg/common"
|
||||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
v1 "k8s.io/api/admission/v1"
|
admissionv1 "k8s.io/api/admission/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/errors"
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
)
|
)
|
||||||
|
@ -22,7 +22,7 @@ func GetResource(client dclient.Interface, urSpec kyvernov1beta1.UpdateRequestSp
|
||||||
}
|
}
|
||||||
resource, err := client.GetResource(resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name)
|
resource, err := client.GetResource(resourceSpec.APIVersion, resourceSpec.Kind, resourceSpec.Namespace, resourceSpec.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if urSpec.Type == kyvernov1beta1.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == v1.Delete {
|
if urSpec.Type == kyvernov1beta1.Mutate && errors.IsNotFound(err) && urSpec.Context.AdmissionRequestInfo.Operation == admissionv1.Delete {
|
||||||
log.V(4).Info("trigger resource does not exist for mutateExisting rule", "operation", urSpec.Context.AdmissionRequestInfo.Operation)
|
log.V(4).Info("trigger resource does not exist for mutateExisting rule", "operation", urSpec.Context.AdmissionRequestInfo.Operation)
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
enginutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
enginutils "github.com/kyverno/kyverno/pkg/engine/utils"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
listerv1 "k8s.io/client-go/listers/core/v1"
|
listerv1 "k8s.io/client-go/listers/core/v1"
|
||||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||||
|
@ -39,7 +39,7 @@ func GetNamespaceSelectorsFromNamespaceLister(kind, namespaceOfResource string,
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetNamespaceLabels - from namespace obj
|
// GetNamespaceLabels - from namespace obj
|
||||||
func GetNamespaceLabels(namespaceObj *v1.Namespace, logger logr.Logger) map[string]string {
|
func GetNamespaceLabels(namespaceObj *corev1.Namespace, logger logr.Logger) map[string]string {
|
||||||
namespaceObj.Kind = "Namespace"
|
namespaceObj.Kind = "Namespace"
|
||||||
namespaceRaw, err := json.Marshal(namespaceObj)
|
namespaceRaw, err := json.Marshal(namespaceObj)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
|
|
||||||
wildcard "github.com/kyverno/go-wildcard"
|
wildcard "github.com/kyverno/go-wildcard"
|
||||||
osutils "github.com/kyverno/kyverno/pkg/utils/os"
|
osutils "github.com/kyverno/kyverno/pkg/utils/os"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/errors"
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
|
@ -121,7 +121,7 @@ type Configuration interface {
|
||||||
// GetWebhooks returns the webhook configs
|
// GetWebhooks returns the webhook configs
|
||||||
GetWebhooks() []WebhookConfig
|
GetWebhooks() []WebhookConfig
|
||||||
// Load loads configuration from a configmap
|
// Load loads configuration from a configmap
|
||||||
Load(cm *v1.ConfigMap)
|
Load(cm *corev1.ConfigMap)
|
||||||
}
|
}
|
||||||
|
|
||||||
// configuration stores the configuration
|
// configuration stores the configuration
|
||||||
|
@ -212,7 +212,7 @@ func (cd *configuration) GetWebhooks() []WebhookConfig {
|
||||||
return cd.webhooks
|
return cd.webhooks
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cd *configuration) Load(cm *v1.ConfigMap) {
|
func (cd *configuration) Load(cm *corev1.ConfigMap) {
|
||||||
reconcilePolicyReport, updateWebhook := true, true
|
reconcilePolicyReport, updateWebhook := true, true
|
||||||
if cm != nil {
|
if cm != nil {
|
||||||
logger.Info("load config", "name", cm.Name, "namespace", cm.Namespace)
|
logger.Info("load config", "name", cm.Name, "namespace", cm.Namespace)
|
||||||
|
@ -231,7 +231,7 @@ func (cd *configuration) Load(cm *v1.ConfigMap) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (cd *configuration) load(cm *v1.ConfigMap) (reconcilePolicyReport, updateWebhook bool) {
|
func (cd *configuration) load(cm *corev1.ConfigMap) (reconcilePolicyReport, updateWebhook bool) {
|
||||||
logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
|
logger := logger.WithValues("name", cm.Name, "namespace", cm.Namespace)
|
||||||
if cm.Data == nil {
|
if cm.Data == nil {
|
||||||
logger.V(4).Info("configuration: No data defined in ConfigMap")
|
logger.V(4).Info("configuration: No data defined in ConfigMap")
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/common"
|
"github.com/kyverno/kyverno/pkg/common"
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
"github.com/kyverno/kyverno/pkg/tls"
|
"github.com/kyverno/kyverno/pkg/tls"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
informerv1 "k8s.io/client-go/informers/core/v1"
|
informerv1 "k8s.io/client-go/informers/core/v1"
|
||||||
listersv1 "k8s.io/client-go/listers/core/v1"
|
listersv1 "k8s.io/client-go/listers/core/v1"
|
||||||
"k8s.io/client-go/tools/cache"
|
"k8s.io/client-go/tools/cache"
|
||||||
|
@ -44,15 +44,15 @@ func NewController(secretInformer informerv1.SecretInformer, certRenewer *tls.Ce
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *controller) addSecretFunc(obj interface{}) {
|
func (m *controller) addSecretFunc(obj interface{}) {
|
||||||
secret := obj.(*v1.Secret)
|
secret := obj.(*corev1.Secret)
|
||||||
if secret.GetNamespace() == config.KyvernoNamespace() && secret.GetName() == tls.GenerateTLSPairSecretName() {
|
if secret.GetNamespace() == config.KyvernoNamespace() && secret.GetName() == tls.GenerateTLSPairSecretName() {
|
||||||
m.secretQueue <- true
|
m.secretQueue <- true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
|
func (m *controller) updateSecretFunc(oldObj interface{}, newObj interface{}) {
|
||||||
old := oldObj.(*v1.Secret)
|
old := oldObj.(*corev1.Secret)
|
||||||
new := newObj.(*v1.Secret)
|
new := newObj.(*corev1.Secret)
|
||||||
if new.GetNamespace() == config.KyvernoNamespace() && new.GetName() == tls.GenerateTLSPairSecretName() {
|
if new.GetNamespace() == config.KyvernoNamespace() && new.GetName() == tls.GenerateTLSPairSecretName() {
|
||||||
if !reflect.DeepEqual(old.DeepCopy().Data, new.DeepCopy().Data) {
|
if !reflect.DeepEqual(old.DeepCopy().Data, new.DeepCopy().Data) {
|
||||||
m.secretQueue <- true
|
m.secretQueue <- true
|
||||||
|
@ -66,7 +66,7 @@ func (m *controller) GetTLSPemPair() ([]byte, []byte, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, err
|
return nil, nil, err
|
||||||
}
|
}
|
||||||
return secret.Data[v1.TLSCertKey], secret.Data[v1.TLSPrivateKeyKey], nil
|
return secret.Data[corev1.TLSCertKey], secret.Data[corev1.TLSPrivateKeyKey], nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *controller) renewCertificates() error {
|
func (m *controller) renewCertificates() error {
|
||||||
|
@ -89,7 +89,7 @@ func (m *controller) GetCAPem() ([]byte, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
result := secret.Data[v1.TLSCertKey]
|
result := secret.Data[corev1.TLSCertKey]
|
||||||
if len(result) == 0 {
|
if len(result) == 0 {
|
||||||
result = secret.Data[tls.RootCAKey]
|
result = secret.Data[tls.RootCAKey]
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
|
||||||
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
|
||||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
errors "k8s.io/apimachinery/pkg/api/errors"
|
errors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
"k8s.io/apimachinery/pkg/runtime"
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||||
|
@ -86,7 +86,7 @@ func initRecorder(client client.Interface, eventSource Source, log logr.Logger)
|
||||||
)
|
)
|
||||||
recorder := eventBroadcaster.NewRecorder(
|
recorder := eventBroadcaster.NewRecorder(
|
||||||
scheme.Scheme,
|
scheme.Scheme,
|
||||||
v1.EventSource{
|
corev1.EventSource{
|
||||||
Component: eventSource.String(),
|
Component: eventSource.String(),
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
@ -203,9 +203,9 @@ func (gen *Generator) syncHandler(key Info) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// set the event type based on reason
|
// set the event type based on reason
|
||||||
eventType := v1.EventTypeWarning
|
eventType := corev1.EventTypeWarning
|
||||||
if key.Reason == PolicyApplied.String() {
|
if key.Reason == PolicyApplied.String() {
|
||||||
eventType = v1.EventTypeNormal
|
eventType = corev1.EventTypeNormal
|
||||||
}
|
}
|
||||||
|
|
||||||
// based on the source of event generation, use different event recorders
|
// based on the source of event generation, use different event recorders
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
"gopkg.in/yaml.v3"
|
"gopkg.in/yaml.v3"
|
||||||
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
runtimeSchema "k8s.io/apimachinery/pkg/runtime/schema"
|
runtimeSchema "k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
"k8s.io/apimachinery/pkg/util/wait"
|
"k8s.io/apimachinery/pkg/util/wait"
|
||||||
|
@ -91,7 +91,7 @@ func (c *crdSync) sync() {
|
||||||
Group: "apiextensions.k8s.io",
|
Group: "apiextensions.k8s.io",
|
||||||
Version: "v1",
|
Version: "v1",
|
||||||
Resource: "customresourcedefinitions",
|
Resource: "customresourcedefinitions",
|
||||||
}).List(context.TODO(), v1.ListOptions{})
|
}).List(context.TODO(), metav1.ListOptions{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Log.Error(err, "could not fetch crd's from server")
|
log.Log.Error(err, "could not fetch crd's from server")
|
||||||
return
|
return
|
||||||
|
|
|
@ -26,7 +26,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/metrics"
|
"github.com/kyverno/kyverno/pkg/metrics"
|
||||||
"github.com/kyverno/kyverno/pkg/policyreport"
|
"github.com/kyverno/kyverno/pkg/policyreport"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
"k8s.io/apimachinery/pkg/api/errors"
|
"k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
|
@ -126,7 +126,7 @@ func NewPolicyController(
|
||||||
pInformer: pInformer,
|
pInformer: pInformer,
|
||||||
npInformer: npInformer,
|
npInformer: npInformer,
|
||||||
eventGen: eventGen,
|
eventGen: eventGen,
|
||||||
eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, v1.EventSource{Component: "policy_controller"}),
|
eventRecorder: eventBroadcaster.NewRecorder(scheme.Scheme, corev1.EventSource{Component: "policy_controller"}),
|
||||||
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
|
queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "policy"),
|
||||||
configHandler: configHandler,
|
configHandler: configHandler,
|
||||||
prGenerator: prGenerator,
|
prGenerator: prGenerator,
|
||||||
|
|
|
@ -15,7 +15,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/engine"
|
"github.com/kyverno/kyverno/pkg/engine"
|
||||||
"github.com/kyverno/kyverno/pkg/engine/response"
|
"github.com/kyverno/kyverno/pkg/engine/response"
|
||||||
"github.com/kyverno/kyverno/pkg/version"
|
"github.com/kyverno/kyverno/pkg/version"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||||
|
@ -165,7 +165,7 @@ func (builder *requestBuilder) buildRCRResult(policy string, resource response.R
|
||||||
|
|
||||||
result := policyreportv1alpha2.PolicyReportResult{
|
result := policyreportv1alpha2.PolicyReportResult{
|
||||||
Policy: policy,
|
Policy: policy,
|
||||||
Resources: []v1.ObjectReference{
|
Resources: []corev1.ObjectReference{
|
||||||
{
|
{
|
||||||
Kind: resource.Kind,
|
Kind: resource.Kind,
|
||||||
Namespace: resource.Namespace,
|
Namespace: resource.Namespace,
|
||||||
|
|
|
@ -19,7 +19,7 @@ import (
|
||||||
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
dclient "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"github.com/kyverno/kyverno/pkg/version"
|
"github.com/kyverno/kyverno/pkg/version"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
|
||||||
|
@ -534,7 +534,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
|
||||||
return nil, nil, fmt.Errorf("unable to get namespace %s: %v", namespace, err)
|
return nil, nil, fmt.Errorf("unable to get namespace %s: %v", namespace, err)
|
||||||
}
|
}
|
||||||
// Namespace is deleted, create a fake ns to clean up RCRs
|
// Namespace is deleted, create a fake ns to clean up RCRs
|
||||||
ns = new(v1.Namespace)
|
ns = new(corev1.Namespace)
|
||||||
ns.SetName(namespace)
|
ns.SetName(namespace)
|
||||||
now := metav1.Now()
|
now := metav1.Now()
|
||||||
ns.SetDeletionTimestamp(&now)
|
ns.SetDeletionTimestamp(&now)
|
||||||
|
@ -554,7 +554,7 @@ func (g *ReportGenerator) aggregateReports(namespace string) (
|
||||||
return report, aggregatedRequests, nil
|
return report, aggregatedRequests, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func mergeRequests(ns, kyvernoNs *v1.Namespace, requestsGeneral interface{}) (*unstructured.Unstructured, interface{}, error) {
|
func mergeRequests(ns, kyvernoNs *corev1.Namespace, requestsGeneral interface{}) (*unstructured.Unstructured, interface{}, error) {
|
||||||
results := []policyreportv1alpha2.PolicyReportResult{}
|
results := []policyreportv1alpha2.PolicyReportResult{}
|
||||||
|
|
||||||
if requests, ok := requestsGeneral.([]*kyvernov1alpha2.ClusterReportChangeRequest); ok {
|
if requests, ok := requestsGeneral.([]*kyvernov1alpha2.ClusterReportChangeRequest); ok {
|
||||||
|
@ -615,7 +615,7 @@ func mergeRequests(ns, kyvernoNs *v1.Namespace, requestsGeneral interface{}) (*u
|
||||||
return nil, nil, nil
|
return nil, nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func setReport(reportUnstructured *unstructured.Unstructured, ns, kyvernoNs *v1.Namespace) {
|
func setReport(reportUnstructured *unstructured.Unstructured, ns, kyvernoNs *corev1.Namespace) {
|
||||||
reportUnstructured.SetAPIVersion(policyreportv1alpha2.SchemeGroupVersion.String())
|
reportUnstructured.SetAPIVersion(policyreportv1alpha2.SchemeGroupVersion.String())
|
||||||
reportUnstructured.SetLabels(LabelSelector.MatchLabels)
|
reportUnstructured.SetLabels(LabelSelector.MatchLabels)
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
|
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/client-go/kubernetes"
|
"k8s.io/client-go/kubernetes"
|
||||||
)
|
)
|
||||||
|
@ -20,7 +20,7 @@ func ReadRootCASecret(client kubernetes.Interface) ([]byte, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
// try "tls.crt"
|
// try "tls.crt"
|
||||||
result := stlsca.Data[v1.TLSCertKey]
|
result := stlsca.Data[corev1.TLSCertKey]
|
||||||
// if not there, try old "rootCA.crt"
|
// if not there, try old "rootCA.crt"
|
||||||
if len(result) == 0 {
|
if len(result) == 0 {
|
||||||
result = stlsca.Data[RootCAKey]
|
result = stlsca.Data[RootCAKey]
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
|
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
appsv1 "k8s.io/api/apps/v1"
|
appsv1 "k8s.io/api/apps/v1"
|
||||||
v1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
)
|
)
|
||||||
|
|
||||||
func privateKeyToPem(rsaKey *rsa.PrivateKey) []byte {
|
func privateKeyToPem(rsaKey *rsa.PrivateKey) []byte {
|
||||||
|
@ -97,7 +97,7 @@ func IsKyvernoInRollingUpdate(deploy *appsv1.Deployment) bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
func IsSecretManagedByKyverno(secret *v1.Secret) bool {
|
func IsSecretManagedByKyverno(secret *corev1.Secret) bool {
|
||||||
if secret != nil {
|
if secret != nil {
|
||||||
labels := secret.GetLabels()
|
labels := secret.GetLabels()
|
||||||
if labels == nil {
|
if labels == nil {
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
|
|
||||||
"github.com/kyverno/kyverno/pkg/config"
|
"github.com/kyverno/kyverno/pkg/config"
|
||||||
"github.com/kyverno/kyverno/pkg/tls"
|
"github.com/kyverno/kyverno/pkg/tls"
|
||||||
admregapi "k8s.io/api/admissionregistration/v1"
|
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||||
appsv1 "k8s.io/api/apps/v1"
|
appsv1 "k8s.io/api/apps/v1"
|
||||||
corev1 "k8s.io/api/core/v1"
|
corev1 "k8s.io/api/core/v1"
|
||||||
rbacv1 "k8s.io/api/rbac/v1"
|
rbacv1 "k8s.io/api/rbac/v1"
|
||||||
|
@ -22,15 +22,15 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
noneOnDryRun = admregapi.SideEffectClassNoneOnDryRun
|
noneOnDryRun = admissionregistrationv1.SideEffectClassNoneOnDryRun
|
||||||
never = admregapi.NeverReinvocationPolicy
|
never = admissionregistrationv1.NeverReinvocationPolicy
|
||||||
ifNeeded = admregapi.IfNeededReinvocationPolicy
|
ifNeeded = admissionregistrationv1.IfNeededReinvocationPolicy
|
||||||
policyRule = admregapi.Rule{
|
policyRule = admissionregistrationv1.Rule{
|
||||||
Resources: []string{"clusterpolicies/*", "policies/*"},
|
Resources: []string{"clusterpolicies/*", "policies/*"},
|
||||||
APIGroups: []string{"kyverno.io"},
|
APIGroups: []string{"kyverno.io"},
|
||||||
APIVersions: []string{"v1"},
|
APIVersions: []string{"v1"},
|
||||||
}
|
}
|
||||||
verifyRule = admregapi.Rule{
|
verifyRule = admissionregistrationv1.Rule{
|
||||||
Resources: []string{"leases"},
|
Resources: []string{"leases"},
|
||||||
APIGroups: []string{"coordination.k8s.io"},
|
APIGroups: []string{"coordination.k8s.io"},
|
||||||
APIVersions: []string{"v1"},
|
APIVersions: []string{"v1"},
|
||||||
|
@ -40,9 +40,9 @@ var (
|
||||||
"app.kubernetes.io/name": kyvernoValue,
|
"app.kubernetes.io/name": kyvernoValue,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
update = []admregapi.OperationType{admregapi.Update}
|
update = []admissionregistrationv1.OperationType{admissionregistrationv1.Update}
|
||||||
createUpdate = []admregapi.OperationType{admregapi.Create, admregapi.Update}
|
createUpdate = []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update}
|
||||||
all = []admregapi.OperationType{admregapi.Create, admregapi.Update, admregapi.Delete, admregapi.Connect}
|
all = []admissionregistrationv1.OperationType{admissionregistrationv1.Create, admissionregistrationv1.Update, admissionregistrationv1.Delete, admissionregistrationv1.Connect}
|
||||||
)
|
)
|
||||||
|
|
||||||
func (wrc *Register) readCaData() []byte {
|
func (wrc *Register) readCaData() []byte {
|
||||||
|
@ -116,18 +116,18 @@ func (wrc *Register) constructOwner() metav1.OwnerReference {
|
||||||
|
|
||||||
// webhook utils
|
// webhook utils
|
||||||
|
|
||||||
func generateRules(rule admregapi.Rule, operationTypes []admregapi.OperationType) []admregapi.RuleWithOperations {
|
func generateRules(rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType) []admissionregistrationv1.RuleWithOperations {
|
||||||
if !reflect.DeepEqual(rule, admregapi.Rule{}) {
|
if !reflect.DeepEqual(rule, admissionregistrationv1.Rule{}) {
|
||||||
return []admregapi.RuleWithOperations{{Operations: operationTypes, Rule: rule}}
|
return []admissionregistrationv1.RuleWithOperations{{Operations: operationTypes, Rule: rule}}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateDebugMutatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.MutatingWebhook {
|
func generateDebugMutatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.MutatingWebhook {
|
||||||
return admregapi.MutatingWebhook{
|
return admissionregistrationv1.MutatingWebhook{
|
||||||
ReinvocationPolicy: &never,
|
ReinvocationPolicy: &never,
|
||||||
Name: name,
|
Name: name,
|
||||||
ClientConfig: admregapi.WebhookClientConfig{
|
ClientConfig: admissionregistrationv1.WebhookClientConfig{
|
||||||
URL: &url,
|
URL: &url,
|
||||||
CABundle: caData,
|
CABundle: caData,
|
||||||
},
|
},
|
||||||
|
@ -139,10 +139,10 @@ func generateDebugMutatingWebhook(name, url string, caData []byte, timeoutSecond
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateDebugValidatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.ValidatingWebhook {
|
func generateDebugValidatingWebhook(name, url string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.ValidatingWebhook {
|
||||||
return admregapi.ValidatingWebhook{
|
return admissionregistrationv1.ValidatingWebhook{
|
||||||
Name: name,
|
Name: name,
|
||||||
ClientConfig: admregapi.WebhookClientConfig{
|
ClientConfig: admissionregistrationv1.WebhookClientConfig{
|
||||||
URL: &url,
|
URL: &url,
|
||||||
CABundle: caData,
|
CABundle: caData,
|
||||||
},
|
},
|
||||||
|
@ -154,12 +154,12 @@ func generateDebugValidatingWebhook(name, url string, caData []byte, timeoutSeco
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.MutatingWebhook {
|
func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.MutatingWebhook {
|
||||||
return admregapi.MutatingWebhook{
|
return admissionregistrationv1.MutatingWebhook{
|
||||||
ReinvocationPolicy: &ifNeeded,
|
ReinvocationPolicy: &ifNeeded,
|
||||||
Name: name,
|
Name: name,
|
||||||
ClientConfig: admregapi.WebhookClientConfig{
|
ClientConfig: admissionregistrationv1.WebhookClientConfig{
|
||||||
Service: &admregapi.ServiceReference{
|
Service: &admissionregistrationv1.ServiceReference{
|
||||||
Namespace: config.KyvernoNamespace(),
|
Namespace: config.KyvernoNamespace(),
|
||||||
Name: config.KyvernoServiceName(),
|
Name: config.KyvernoServiceName(),
|
||||||
Path: &servicePath,
|
Path: &servicePath,
|
||||||
|
@ -174,11 +174,11 @@ func generateMutatingWebhook(name, servicePath string, caData []byte, timeoutSec
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func generateValidatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admregapi.Rule, operationTypes []admregapi.OperationType, failurePolicy admregapi.FailurePolicyType) admregapi.ValidatingWebhook {
|
func generateValidatingWebhook(name, servicePath string, caData []byte, timeoutSeconds int32, rule admissionregistrationv1.Rule, operationTypes []admissionregistrationv1.OperationType, failurePolicy admissionregistrationv1.FailurePolicyType) admissionregistrationv1.ValidatingWebhook {
|
||||||
return admregapi.ValidatingWebhook{
|
return admissionregistrationv1.ValidatingWebhook{
|
||||||
Name: name,
|
Name: name,
|
||||||
ClientConfig: admregapi.WebhookClientConfig{
|
ClientConfig: admissionregistrationv1.WebhookClientConfig{
|
||||||
Service: &admregapi.ServiceReference{
|
Service: &admissionregistrationv1.ServiceReference{
|
||||||
Namespace: config.KyvernoNamespace(),
|
Namespace: config.KyvernoNamespace(),
|
||||||
Name: config.KyvernoServiceName(),
|
Name: config.KyvernoServiceName(),
|
||||||
Path: &servicePath,
|
Path: &servicePath,
|
||||||
|
@ -219,42 +219,42 @@ func getPolicyValidatingWebhookConfigName(serverIP string) string {
|
||||||
return config.PolicyValidatingWebhookConfigurationName
|
return config.PolicyValidatingWebhookConfigurationName
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructPolicyValidatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration {
|
func constructPolicyValidatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
|
||||||
name, path := config.PolicyValidatingWebhookName, config.PolicyValidatingWebhookServicePath
|
name, path := config.PolicyValidatingWebhookName, config.PolicyValidatingWebhookServicePath
|
||||||
return &admregapi.ValidatingWebhookConfiguration{
|
return &admissionregistrationv1.ValidatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationName, owner),
|
ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationName, owner),
|
||||||
Webhooks: []admregapi.ValidatingWebhook{
|
Webhooks: []admissionregistrationv1.ValidatingWebhook{
|
||||||
generateValidatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore),
|
generateValidatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDebugPolicyValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration {
|
func constructDebugPolicyValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
|
||||||
name, url := config.PolicyValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyValidatingWebhookServicePath)
|
name, url := config.PolicyValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyValidatingWebhookServicePath)
|
||||||
return &admregapi.ValidatingWebhookConfiguration{
|
return &admissionregistrationv1.ValidatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationDebugName, owner),
|
ObjectMeta: generateObjectMeta(config.PolicyValidatingWebhookConfigurationDebugName, owner),
|
||||||
Webhooks: []admregapi.ValidatingWebhook{
|
Webhooks: []admissionregistrationv1.ValidatingWebhook{
|
||||||
generateDebugValidatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore),
|
generateDebugValidatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructPolicyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration {
|
func constructPolicyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
|
||||||
name, path := config.PolicyMutatingWebhookName, config.PolicyMutatingWebhookServicePath
|
name, path := config.PolicyMutatingWebhookName, config.PolicyMutatingWebhookServicePath
|
||||||
return &admregapi.MutatingWebhookConfiguration{
|
return &admissionregistrationv1.MutatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationName, owner),
|
ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationName, owner),
|
||||||
Webhooks: []admregapi.MutatingWebhook{
|
Webhooks: []admissionregistrationv1.MutatingWebhook{
|
||||||
generateMutatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore),
|
generateMutatingWebhook(name, path, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDebugPolicyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration {
|
func constructDebugPolicyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
|
||||||
name, url := config.PolicyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyMutatingWebhookServicePath)
|
name, url := config.PolicyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.PolicyMutatingWebhookServicePath)
|
||||||
return &admregapi.MutatingWebhookConfiguration{
|
return &admissionregistrationv1.MutatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationDebugName, owner),
|
ObjectMeta: generateObjectMeta(config.PolicyMutatingWebhookConfigurationDebugName, owner),
|
||||||
Webhooks: []admregapi.MutatingWebhook{
|
Webhooks: []admissionregistrationv1.MutatingWebhook{
|
||||||
generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admregapi.Ignore),
|
generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, policyRule, createUpdate, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -275,69 +275,69 @@ func getResourceValidatingWebhookConfigName(serverIP string) string {
|
||||||
return config.ValidatingWebhookConfigurationName
|
return config.ValidatingWebhookConfigurationName
|
||||||
}
|
}
|
||||||
|
|
||||||
func defaultResourceWebhookRule(autoUpdate bool) admregapi.Rule {
|
func defaultResourceWebhookRule(autoUpdate bool) admissionregistrationv1.Rule {
|
||||||
if autoUpdate {
|
if autoUpdate {
|
||||||
return admregapi.Rule{}
|
return admissionregistrationv1.Rule{}
|
||||||
}
|
}
|
||||||
return admregapi.Rule{
|
return admissionregistrationv1.Rule{
|
||||||
APIGroups: []string{"*"},
|
APIGroups: []string{"*"},
|
||||||
APIVersions: []string{"*"},
|
APIVersions: []string{"*"},
|
||||||
Resources: []string{"*/*"},
|
Resources: []string{"*/*"},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDefaultDebugMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration {
|
func constructDefaultDebugMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
|
||||||
name, url := config.MutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.MutatingWebhookServicePath)
|
name, url := config.MutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.MutatingWebhookServicePath)
|
||||||
webhook := &admregapi.MutatingWebhookConfiguration{
|
webhook := &admissionregistrationv1.MutatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationDebugName, owner),
|
ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationDebugName, owner),
|
||||||
Webhooks: []admregapi.MutatingWebhook{
|
Webhooks: []admissionregistrationv1.MutatingWebhook{
|
||||||
generateDebugMutatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Ignore),
|
generateDebugMutatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
if autoUpdate {
|
if autoUpdate {
|
||||||
webhook.Webhooks = append(webhook.Webhooks, generateDebugMutatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Fail))
|
webhook.Webhooks = append(webhook.Webhooks, generateDebugMutatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Fail))
|
||||||
}
|
}
|
||||||
return webhook
|
return webhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDefaultMutatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration {
|
func constructDefaultMutatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
|
||||||
name, path := config.MutatingWebhookName, config.MutatingWebhookServicePath
|
name, path := config.MutatingWebhookName, config.MutatingWebhookServicePath
|
||||||
webhook := &admregapi.MutatingWebhookConfiguration{
|
webhook := &admissionregistrationv1.MutatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationName, owner),
|
ObjectMeta: generateObjectMeta(config.MutatingWebhookConfigurationName, owner),
|
||||||
Webhooks: []admregapi.MutatingWebhook{
|
Webhooks: []admissionregistrationv1.MutatingWebhook{
|
||||||
generateMutatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Ignore),
|
generateMutatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
if autoUpdate {
|
if autoUpdate {
|
||||||
webhook.Webhooks = append(webhook.Webhooks, generateMutatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admregapi.Fail))
|
webhook.Webhooks = append(webhook.Webhooks, generateMutatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), createUpdate, admissionregistrationv1.Fail))
|
||||||
}
|
}
|
||||||
return webhook
|
return webhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDefaultDebugValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration {
|
func constructDefaultDebugValidatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
|
||||||
name, url := config.ValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.ValidatingWebhookServicePath)
|
name, url := config.ValidatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.ValidatingWebhookServicePath)
|
||||||
webhook := &admregapi.ValidatingWebhookConfiguration{
|
webhook := &admissionregistrationv1.ValidatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationDebugName, owner),
|
ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationDebugName, owner),
|
||||||
Webhooks: []admregapi.ValidatingWebhook{
|
Webhooks: []admissionregistrationv1.ValidatingWebhook{
|
||||||
generateDebugValidatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Ignore),
|
generateDebugValidatingWebhook(name+"-ignore", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
if autoUpdate {
|
if autoUpdate {
|
||||||
webhook.Webhooks = append(webhook.Webhooks, generateDebugValidatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Fail))
|
webhook.Webhooks = append(webhook.Webhooks, generateDebugValidatingWebhook(name+"-fail", url, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Fail))
|
||||||
}
|
}
|
||||||
return webhook
|
return webhook
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDefaultValidatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admregapi.ValidatingWebhookConfiguration {
|
func constructDefaultValidatingWebhookConfig(caData []byte, timeoutSeconds int32, autoUpdate bool, owner metav1.OwnerReference) *admissionregistrationv1.ValidatingWebhookConfiguration {
|
||||||
name, path := config.ValidatingWebhookName, config.ValidatingWebhookServicePath
|
name, path := config.ValidatingWebhookName, config.ValidatingWebhookServicePath
|
||||||
webhook := &admregapi.ValidatingWebhookConfiguration{
|
webhook := &admissionregistrationv1.ValidatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationName, owner),
|
ObjectMeta: generateObjectMeta(config.ValidatingWebhookConfigurationName, owner),
|
||||||
Webhooks: []admregapi.ValidatingWebhook{
|
Webhooks: []admissionregistrationv1.ValidatingWebhook{
|
||||||
generateValidatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Ignore),
|
generateValidatingWebhook(name+"-ignore", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Ignore),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
if autoUpdate {
|
if autoUpdate {
|
||||||
webhook.Webhooks = append(webhook.Webhooks, generateValidatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admregapi.Fail))
|
webhook.Webhooks = append(webhook.Webhooks, generateValidatingWebhook(name+"-fail", path, caData, timeoutSeconds, defaultResourceWebhookRule(autoUpdate), all, admissionregistrationv1.Fail))
|
||||||
}
|
}
|
||||||
return webhook
|
return webhook
|
||||||
}
|
}
|
||||||
|
@ -351,22 +351,22 @@ func getVerifyMutatingWebhookConfigName(serverIP string) string {
|
||||||
return config.VerifyMutatingWebhookConfigurationName
|
return config.VerifyMutatingWebhookConfigurationName
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructVerifyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration {
|
func constructVerifyMutatingWebhookConfig(caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
|
||||||
name, path := config.VerifyMutatingWebhookName, config.VerifyMutatingWebhookServicePath
|
name, path := config.VerifyMutatingWebhookName, config.VerifyMutatingWebhookServicePath
|
||||||
webhook := generateMutatingWebhook(name, path, caData, timeoutSeconds, verifyRule, update, admregapi.Ignore)
|
webhook := generateMutatingWebhook(name, path, caData, timeoutSeconds, verifyRule, update, admissionregistrationv1.Ignore)
|
||||||
webhook.ObjectSelector = vertifyObjectSelector
|
webhook.ObjectSelector = vertifyObjectSelector
|
||||||
return &admregapi.MutatingWebhookConfiguration{
|
return &admissionregistrationv1.MutatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationName, owner),
|
ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationName, owner),
|
||||||
Webhooks: []admregapi.MutatingWebhook{webhook},
|
Webhooks: []admissionregistrationv1.MutatingWebhook{webhook},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func constructDebugVerifyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admregapi.MutatingWebhookConfiguration {
|
func constructDebugVerifyMutatingWebhookConfig(serverIP string, caData []byte, timeoutSeconds int32, owner metav1.OwnerReference) *admissionregistrationv1.MutatingWebhookConfiguration {
|
||||||
name, url := config.VerifyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.VerifyMutatingWebhookServicePath)
|
name, url := config.VerifyMutatingWebhookName, fmt.Sprintf("https://%s%s", serverIP, config.VerifyMutatingWebhookServicePath)
|
||||||
webhook := generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, verifyRule, update, admregapi.Ignore)
|
webhook := generateDebugMutatingWebhook(name, url, caData, timeoutSeconds, verifyRule, update, admissionregistrationv1.Ignore)
|
||||||
webhook.ObjectSelector = vertifyObjectSelector
|
webhook.ObjectSelector = vertifyObjectSelector
|
||||||
return &admregapi.MutatingWebhookConfiguration{
|
return &admissionregistrationv1.MutatingWebhookConfiguration{
|
||||||
ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationDebugName, owner),
|
ObjectMeta: generateObjectMeta(config.VerifyMutatingWebhookConfigurationDebugName, owner),
|
||||||
Webhooks: []admregapi.MutatingWebhook{webhook},
|
Webhooks: []admissionregistrationv1.MutatingWebhook{webhook},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,7 @@ import (
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
admregapi "k8s.io/api/admissionregistration/v1"
|
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||||
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
apierrors "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
"k8s.io/apimachinery/pkg/labels"
|
"k8s.io/apimachinery/pkg/labels"
|
||||||
|
@ -216,14 +216,14 @@ func (m *webhookConfigManager) deletePolicy(obj interface{}) {
|
||||||
|
|
||||||
func (m *webhookConfigManager) deleteMutatingWebhook(obj interface{}) {
|
func (m *webhookConfigManager) deleteMutatingWebhook(obj interface{}) {
|
||||||
m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...")
|
m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...")
|
||||||
webhook, ok := obj.(*admregapi.MutatingWebhookConfiguration)
|
webhook, ok := obj.(*admissionregistrationv1.MutatingWebhookConfiguration)
|
||||||
if !ok {
|
if !ok {
|
||||||
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
|
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
|
||||||
if !ok {
|
if !ok {
|
||||||
m.log.Info("Couldn't get object from tombstone", "obj", obj)
|
m.log.Info("Couldn't get object from tombstone", "obj", obj)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
webhook, ok = tombstone.Obj.(*admregapi.MutatingWebhookConfiguration)
|
webhook, ok = tombstone.Obj.(*admissionregistrationv1.MutatingWebhookConfiguration)
|
||||||
if !ok {
|
if !ok {
|
||||||
m.log.Info("tombstone contained object that is not a MutatingWebhookConfiguration", "obj", obj)
|
m.log.Info("tombstone contained object that is not a MutatingWebhookConfiguration", "obj", obj)
|
||||||
return
|
return
|
||||||
|
@ -236,14 +236,14 @@ func (m *webhookConfigManager) deleteMutatingWebhook(obj interface{}) {
|
||||||
|
|
||||||
func (m *webhookConfigManager) deleteValidatingWebhook(obj interface{}) {
|
func (m *webhookConfigManager) deleteValidatingWebhook(obj interface{}) {
|
||||||
m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...")
|
m.log.WithName("deleteMutatingWebhook").Info("resource webhook configuration was deleted, recreating...")
|
||||||
webhook, ok := obj.(*admregapi.ValidatingWebhookConfiguration)
|
webhook, ok := obj.(*admissionregistrationv1.ValidatingWebhookConfiguration)
|
||||||
if !ok {
|
if !ok {
|
||||||
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
|
tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
|
||||||
if !ok {
|
if !ok {
|
||||||
m.log.Info("Couldn't get object from tombstone", "obj", obj)
|
m.log.Info("Couldn't get object from tombstone", "obj", obj)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
webhook, ok = tombstone.Obj.(*admregapi.ValidatingWebhookConfiguration)
|
webhook, ok = tombstone.Obj.(*admissionregistrationv1.ValidatingWebhookConfiguration)
|
||||||
if !ok {
|
if !ok {
|
||||||
m.log.Info("tombstone contained object that is not a ValidatingWebhookConfiguration", "obj", obj)
|
m.log.Info("tombstone contained object that is not a ValidatingWebhookConfiguration", "obj", obj)
|
||||||
return
|
return
|
||||||
|
@ -480,11 +480,11 @@ func (m *webhookConfigManager) updateMutatingWebhookConfiguration(webhookName st
|
||||||
for i := range resourceWebhook.Webhooks {
|
for i := range resourceWebhook.Webhooks {
|
||||||
newWebhook := webhooksMap[webhookKey(kindMutating, string(*resourceWebhook.Webhooks[i].FailurePolicy))]
|
newWebhook := webhooksMap[webhookKey(kindMutating, string(*resourceWebhook.Webhooks[i].FailurePolicy))]
|
||||||
if newWebhook == nil || newWebhook.isEmpty() {
|
if newWebhook == nil || newWebhook.isEmpty() {
|
||||||
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{}
|
resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{}
|
||||||
} else {
|
} else {
|
||||||
resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout
|
resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout
|
||||||
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{
|
resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{
|
||||||
newWebhook.buildRuleWithOperations(admregapi.Create, admregapi.Update, admregapi.Delete),
|
newWebhook.buildRuleWithOperations(admissionregistrationv1.Create, admissionregistrationv1.Update, admissionregistrationv1.Delete),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -507,11 +507,11 @@ func (m *webhookConfigManager) updateValidatingWebhookConfiguration(webhookName
|
||||||
for i := range resourceWebhook.Webhooks {
|
for i := range resourceWebhook.Webhooks {
|
||||||
newWebhook := webhooksMap[webhookKey(kindValidating, string(*resourceWebhook.Webhooks[i].FailurePolicy))]
|
newWebhook := webhooksMap[webhookKey(kindValidating, string(*resourceWebhook.Webhooks[i].FailurePolicy))]
|
||||||
if newWebhook == nil || newWebhook.isEmpty() {
|
if newWebhook == nil || newWebhook.isEmpty() {
|
||||||
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{}
|
resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{}
|
||||||
} else {
|
} else {
|
||||||
resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout
|
resourceWebhook.Webhooks[i].TimeoutSeconds = &newWebhook.maxWebhookTimeout
|
||||||
resourceWebhook.Webhooks[i].Rules = []admregapi.RuleWithOperations{
|
resourceWebhook.Webhooks[i].Rules = []admissionregistrationv1.RuleWithOperations{
|
||||||
newWebhook.buildRuleWithOperations(admregapi.Create, admregapi.Update, admregapi.Delete, admregapi.Connect),
|
newWebhook.buildRuleWithOperations(admissionregistrationv1.Create, admissionregistrationv1.Update, admissionregistrationv1.Delete, admissionregistrationv1.Connect),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -572,9 +572,9 @@ type webhook struct {
|
||||||
resources sets.String
|
resources sets.String
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wh *webhook) buildRuleWithOperations(ops ...admregapi.OperationType) admregapi.RuleWithOperations {
|
func (wh *webhook) buildRuleWithOperations(ops ...admissionregistrationv1.OperationType) admissionregistrationv1.RuleWithOperations {
|
||||||
return admregapi.RuleWithOperations{
|
return admissionregistrationv1.RuleWithOperations{
|
||||||
Rule: admregapi.Rule{
|
Rule: admissionregistrationv1.Rule{
|
||||||
APIGroups: wh.groups.List(),
|
APIGroups: wh.groups.List(),
|
||||||
APIVersions: wh.versions.List(),
|
APIVersions: wh.versions.List(),
|
||||||
Resources: wh.resources.List(),
|
Resources: wh.resources.List(),
|
||||||
|
|
|
@ -16,7 +16,7 @@ import (
|
||||||
client "github.com/kyverno/kyverno/pkg/dclient"
|
client "github.com/kyverno/kyverno/pkg/dclient"
|
||||||
"github.com/kyverno/kyverno/pkg/utils"
|
"github.com/kyverno/kyverno/pkg/utils"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
admregapi "k8s.io/api/admissionregistration/v1"
|
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||||
errorsapi "k8s.io/apimachinery/pkg/api/errors"
|
errorsapi "k8s.io/apimachinery/pkg/api/errors"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
adminformers "k8s.io/client-go/informers/admissionregistration/v1"
|
adminformers "k8s.io/client-go/informers/admissionregistration/v1"
|
||||||
|
@ -268,7 +268,7 @@ func (wrc *Register) ValidateWebhookConfigurations(namespace, name string) error
|
||||||
return json.Unmarshal([]byte(webhooks), &webhookCfgs)
|
return json.Unmarshal([]byte(webhooks), &webhookCfgs)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wrc *Register) createMutatingWebhookConfiguration(config *admregapi.MutatingWebhookConfiguration) error {
|
func (wrc *Register) createMutatingWebhookConfiguration(config *admissionregistrationv1.MutatingWebhookConfiguration) error {
|
||||||
logger := wrc.log.WithValues("kind", kindMutating, "name", config.Name)
|
logger := wrc.log.WithValues("kind", kindMutating, "name", config.Name)
|
||||||
if _, err := wrc.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil {
|
if _, err := wrc.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil {
|
||||||
if errorsapi.IsAlreadyExists(err) {
|
if errorsapi.IsAlreadyExists(err) {
|
||||||
|
@ -282,7 +282,7 @@ func (wrc *Register) createMutatingWebhookConfiguration(config *admregapi.Mutati
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (wrc *Register) createValidatingWebhookConfiguration(config *admregapi.ValidatingWebhookConfiguration) error {
|
func (wrc *Register) createValidatingWebhookConfiguration(config *admissionregistrationv1.ValidatingWebhookConfiguration) error {
|
||||||
logger := wrc.log.WithValues("kind", kindValidating, "name", config.Name)
|
logger := wrc.log.WithValues("kind", kindValidating, "name", config.Name)
|
||||||
if _, err := wrc.kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil {
|
if _, err := wrc.kubeClient.AdmissionregistrationV1().ValidatingWebhookConfigurations().Create(context.TODO(), config, metav1.CreateOptions{}); err != nil {
|
||||||
if errorsapi.IsAlreadyExists(err) {
|
if errorsapi.IsAlreadyExists(err) {
|
||||||
|
@ -298,7 +298,7 @@ func (wrc *Register) createValidatingWebhookConfiguration(config *admregapi.Vali
|
||||||
|
|
||||||
func (wrc *Register) createResourceMutatingWebhookConfiguration(caData []byte) error {
|
func (wrc *Register) createResourceMutatingWebhookConfiguration(caData []byte) error {
|
||||||
owner := wrc.constructOwner()
|
owner := wrc.constructOwner()
|
||||||
var config *admregapi.MutatingWebhookConfiguration
|
var config *admissionregistrationv1.MutatingWebhookConfiguration
|
||||||
if wrc.serverIP != "" {
|
if wrc.serverIP != "" {
|
||||||
config = constructDefaultDebugMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner)
|
config = constructDefaultDebugMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner)
|
||||||
} else {
|
} else {
|
||||||
|
@ -309,7 +309,7 @@ func (wrc *Register) createResourceMutatingWebhookConfiguration(caData []byte) e
|
||||||
|
|
||||||
func (wrc *Register) createResourceValidatingWebhookConfiguration(caData []byte) error {
|
func (wrc *Register) createResourceValidatingWebhookConfiguration(caData []byte) error {
|
||||||
owner := wrc.constructOwner()
|
owner := wrc.constructOwner()
|
||||||
var config *admregapi.ValidatingWebhookConfiguration
|
var config *admissionregistrationv1.ValidatingWebhookConfiguration
|
||||||
if wrc.serverIP != "" {
|
if wrc.serverIP != "" {
|
||||||
config = constructDefaultDebugValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner)
|
config = constructDefaultDebugValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, wrc.autoUpdateWebhooks, owner)
|
||||||
} else {
|
} else {
|
||||||
|
@ -320,7 +320,7 @@ func (wrc *Register) createResourceValidatingWebhookConfiguration(caData []byte)
|
||||||
|
|
||||||
func (wrc *Register) createPolicyValidatingWebhookConfiguration(caData []byte) error {
|
func (wrc *Register) createPolicyValidatingWebhookConfiguration(caData []byte) error {
|
||||||
owner := wrc.constructOwner()
|
owner := wrc.constructOwner()
|
||||||
var config *admregapi.ValidatingWebhookConfiguration
|
var config *admissionregistrationv1.ValidatingWebhookConfiguration
|
||||||
if wrc.serverIP != "" {
|
if wrc.serverIP != "" {
|
||||||
config = constructDebugPolicyValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
|
config = constructDebugPolicyValidatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
|
||||||
} else {
|
} else {
|
||||||
|
@ -331,7 +331,7 @@ func (wrc *Register) createPolicyValidatingWebhookConfiguration(caData []byte) e
|
||||||
|
|
||||||
func (wrc *Register) createPolicyMutatingWebhookConfiguration(caData []byte) error {
|
func (wrc *Register) createPolicyMutatingWebhookConfiguration(caData []byte) error {
|
||||||
owner := wrc.constructOwner()
|
owner := wrc.constructOwner()
|
||||||
var config *admregapi.MutatingWebhookConfiguration
|
var config *admissionregistrationv1.MutatingWebhookConfiguration
|
||||||
if wrc.serverIP != "" {
|
if wrc.serverIP != "" {
|
||||||
config = constructDebugPolicyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
|
config = constructDebugPolicyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
|
||||||
} else {
|
} else {
|
||||||
|
@ -342,7 +342,7 @@ func (wrc *Register) createPolicyMutatingWebhookConfiguration(caData []byte) err
|
||||||
|
|
||||||
func (wrc *Register) createVerifyMutatingWebhookConfiguration(caData []byte) error {
|
func (wrc *Register) createVerifyMutatingWebhookConfiguration(caData []byte) error {
|
||||||
owner := wrc.constructOwner()
|
owner := wrc.constructOwner()
|
||||||
var config *admregapi.MutatingWebhookConfiguration
|
var config *admissionregistrationv1.MutatingWebhookConfiguration
|
||||||
if wrc.serverIP != "" {
|
if wrc.serverIP != "" {
|
||||||
config = constructDebugVerifyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
|
config = constructDebugVerifyMutatingWebhookConfig(wrc.serverIP, caData, wrc.timeoutSeconds, owner)
|
||||||
} else {
|
} else {
|
||||||
|
@ -429,19 +429,19 @@ func (wrc *Register) updateResourceMutatingWebhookConfiguration(webhookCfg confi
|
||||||
|
|
||||||
// updateMutatingWebhookConfiguration updates an existing MutatingWebhookConfiguration with the rules provided by
|
// updateMutatingWebhookConfiguration updates an existing MutatingWebhookConfiguration with the rules provided by
|
||||||
// the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved.
|
// the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved.
|
||||||
func (wrc *Register) updateMutatingWebhookConfiguration(targetConfig *admregapi.MutatingWebhookConfiguration) error {
|
func (wrc *Register) updateMutatingWebhookConfiguration(targetConfig *admissionregistrationv1.MutatingWebhookConfiguration) error {
|
||||||
// Fetch the existing webhook.
|
// Fetch the existing webhook.
|
||||||
currentConfiguration, err := wrc.mwcLister.Get(targetConfig.Name)
|
currentConfiguration, err := wrc.mwcLister.Get(targetConfig.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get %s %s: %v", kindMutating, targetConfig.Name, err)
|
return fmt.Errorf("failed to get %s %s: %v", kindMutating, targetConfig.Name, err)
|
||||||
}
|
}
|
||||||
// Create a map of the target webhooks.
|
// Create a map of the target webhooks.
|
||||||
targetWebhooksMap := make(map[string]admregapi.MutatingWebhook)
|
targetWebhooksMap := make(map[string]admissionregistrationv1.MutatingWebhook)
|
||||||
for _, w := range targetConfig.Webhooks {
|
for _, w := range targetConfig.Webhooks {
|
||||||
targetWebhooksMap[w.Name] = w
|
targetWebhooksMap[w.Name] = w
|
||||||
}
|
}
|
||||||
// Update the webhooks.
|
// Update the webhooks.
|
||||||
newWebhooks := make([]admregapi.MutatingWebhook, 0)
|
newWebhooks := make([]admissionregistrationv1.MutatingWebhook, 0)
|
||||||
for _, w := range currentConfiguration.Webhooks {
|
for _, w := range currentConfiguration.Webhooks {
|
||||||
target, exist := targetWebhooksMap[w.Name]
|
target, exist := targetWebhooksMap[w.Name]
|
||||||
if !exist {
|
if !exist {
|
||||||
|
@ -473,19 +473,19 @@ func (wrc *Register) updateMutatingWebhookConfiguration(targetConfig *admregapi.
|
||||||
|
|
||||||
// updateValidatingWebhookConfiguration updates an existing ValidatingWebhookConfiguration with the rules provided by
|
// updateValidatingWebhookConfiguration updates an existing ValidatingWebhookConfiguration with the rules provided by
|
||||||
// the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved.
|
// the targetConfig. If the targetConfig doesn't provide any rules, the existing rules will be preserved.
|
||||||
func (wrc *Register) updateValidatingWebhookConfiguration(targetConfig *admregapi.ValidatingWebhookConfiguration) error {
|
func (wrc *Register) updateValidatingWebhookConfiguration(targetConfig *admissionregistrationv1.ValidatingWebhookConfiguration) error {
|
||||||
// Fetch the existing webhook.
|
// Fetch the existing webhook.
|
||||||
currentConfiguration, err := wrc.vwcLister.Get(targetConfig.Name)
|
currentConfiguration, err := wrc.vwcLister.Get(targetConfig.Name)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed to get %s %s: %v", kindValidating, targetConfig.Name, err)
|
return fmt.Errorf("failed to get %s %s: %v", kindValidating, targetConfig.Name, err)
|
||||||
}
|
}
|
||||||
// Create a map of the target webhooks.
|
// Create a map of the target webhooks.
|
||||||
targetWebhooksMap := make(map[string]admregapi.ValidatingWebhook)
|
targetWebhooksMap := make(map[string]admissionregistrationv1.ValidatingWebhook)
|
||||||
for _, w := range targetConfig.Webhooks {
|
for _, w := range targetConfig.Webhooks {
|
||||||
targetWebhooksMap[w.Name] = w
|
targetWebhooksMap[w.Name] = w
|
||||||
}
|
}
|
||||||
// Update the webhooks.
|
// Update the webhooks.
|
||||||
newWebhooks := make([]admregapi.ValidatingWebhook, 0)
|
newWebhooks := make([]admissionregistrationv1.ValidatingWebhook, 0)
|
||||||
for _, w := range currentConfiguration.Webhooks {
|
for _, w := range currentConfiguration.Webhooks {
|
||||||
target, exist := targetWebhooksMap[w.Name]
|
target, exist := targetWebhooksMap[w.Name]
|
||||||
if !exist {
|
if !exist {
|
||||||
|
|
Loading…
Add table
Reference in a new issue