Merge pull request #321 from nirmata/312_cleanup

remove validation webhook configurations for resources
2025-03-06 07:57:07 +00:00 · 2019-08-28 11:13:51 -07:00 · 2019-08-28 11:13:51 -07:00 · ad9b697ea0
commit ad9b697ea0
parent d14e07cedc d71ad7004c
2 changed files with 3 additions and 94 deletions
--- a/pkg/webhookconfig/registration.go
+++ b/pkg/webhookconfig/registration.go
@ -81,6 +81,9 @@ func (wrc *WebhookRegistrationClient) RemovePolicyWebhookConfigurations(cleanUp
 	close(cleanUp)
 }

+//CreateResourceMutatingWebhookConfiguration create a Mutatingwebhookconfiguration resource for all resource type
+// used to forward request to kyverno webhooks to apply policeis
+// Mutationg webhook is be used for Mutating & Validating purpose
 func (wrc *WebhookRegistrationClient) CreateResourceMutatingWebhookConfiguration() error {
 	var caData []byte
 	var config *admregapi.MutatingWebhookConfiguration
@ -109,33 +112,6 @@ func (wrc *WebhookRegistrationClient) CreateResourceMutatingWebhookConfiguration
 	return nil
 }

-func (wrc *WebhookRegistrationClient) CreateResourceValidatingWebhookConfiguration() error {
-	var caData []byte
-	var config *admregapi.ValidatingWebhookConfiguration
-
-	// read CA data from
-	// 1) secret(config)
-	// 2) kubeconfig
-	if caData = wrc.readCaData(); caData == nil {
-		return errors.New("Unable to extract CA data from configuration")
-	}
-	// if serverIP is specified we assume its debug mode
-	if wrc.serverIP != "" {
-		// debug mode
-		// clientConfig - URL
-		config = wrc.contructDebugValidatingWebhookConfig(caData)
-	} else {
-		// clientConfig - service
-		config = wrc.constructValidatingWebhookConfig(caData)
-	}
-	if _, err := wrc.registrationClient.ValidatingWebhookConfigurations().Create(config); err != nil {
-		return err
-	}
-
-	wrc.ValidationRegistered.Set()
-	return nil
-}
-
 //registerPolicyValidatingWebhookConfiguration create a Validating webhook configuration for Policy CRD
 func (wrc *WebhookRegistrationClient) createPolicyValidatingWebhookConfiguration() error {
 	var caData []byte
@ -208,7 +184,6 @@ func (wrc *WebhookRegistrationClient) removeWebhookConfigurations() {
 	}()
 	// mutating and validating webhook configuration for Kubernetes resources
 	wrc.RemoveResourceMutatingWebhookConfiguration()
-	wrc.removeResourceValidatingWebhookConfiguration()

 	// mutating and validating webhook configurtion for Policy CRD resource
 	wrc.removePolicyWebhookConfigurations()
@ -260,19 +235,3 @@ func (wrc *WebhookRegistrationClient) RemoveResourceMutatingWebhookConfiguration
 		wrc.MutationRegistered.UnSet()
 	}
 }
-
-// removeResourceValidatingWebhookConfiguration removes validating webhook configuration on all resources
-func (wrc *WebhookRegistrationClient) removeResourceValidatingWebhookConfiguration() {
-	var configName string
-	if wrc.serverIP != "" {
-		configName = config.ValidatingWebhookConfigurationDebug
-	} else {
-		configName = config.ValidatingWebhookConfigurationName
-	}
-
-	err := wrc.registrationClient.ValidatingWebhookConfigurations().Delete(configName, &v1.DeleteOptions{})
-	if err != nil && !errorsapi.IsNotFound(err) {
-		glog.Error(err)
-	}
-	wrc.ValidationRegistered.UnSet()
-}
--- a/pkg/webhookconfig/resource.go
+++ b/pkg/webhookconfig/resource.go
@ -58,53 +58,3 @@ func (wrc *WebhookRegistrationClient) constructMutatingWebhookConfig(caData []by
 		},
 	}
 }
-
-func (wrc *WebhookRegistrationClient) constructValidatingWebhookConfig(caData []byte) *admregapi.ValidatingWebhookConfiguration {
-	return &admregapi.ValidatingWebhookConfiguration{
-		ObjectMeta: v1.ObjectMeta{
-			Name:   config.ValidatingWebhookConfigurationName,
-			Labels: config.KubePolicyAppLabels,
-			OwnerReferences: []v1.OwnerReference{
-				wrc.constructOwner(),
-			},
-		},
-		Webhooks: []admregapi.Webhook{
-			generateWebhook(
-				config.ValidatingWebhookName,
-				config.ValidatingWebhookServicePath,
-				caData,
-				true,
-				wrc.timeoutSeconds,
-				"*/*",
-				"*",
-				"*",
-				[]admregapi.OperationType{admregapi.Create},
-			),
-		},
-	}
-}
-
-func (wrc *WebhookRegistrationClient) contructDebugValidatingWebhookConfig(caData []byte) *admregapi.ValidatingWebhookConfiguration {
-	url := fmt.Sprintf("https://%s%s", wrc.serverIP, config.ValidatingWebhookServicePath)
-	glog.V(3).Infof("Debug ValidatingWebhookConfig is registered with url %s\n", url)
-
-	return &admregapi.ValidatingWebhookConfiguration{
-		ObjectMeta: v1.ObjectMeta{
-			Name:   config.ValidatingWebhookConfigurationDebug,
-			Labels: config.KubePolicyAppLabels,
-		},
-		Webhooks: []admregapi.Webhook{
-			generateDebugWebhook(
-				config.ValidatingWebhookName,
-				url,
-				caData,
-				true,
-				wrc.timeoutSeconds,
-				"*/*",
-				"*",
-				"*",
-				[]admregapi.OperationType{admregapi.Create},
-			),
-		},
-	}
-}