webhook

package

v1.10.7 Latest Latest Go to latest Published: Jun 12, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/akuity/kargo

Links

Documentation ¶

Index ¶

func IsRequestFromClusterAdmin(req admission.Request) bool
func IsRequestFromKubernetesGarbageCollector(req admission.Request) bool
func ValidateProject(ctx context.Context, kubeClient client.Client, obj client.Object) error
func ValidatePromotionSteps(f *field.Path, steps []kargoapi.PromotionStep) field.ErrorList
type Config
- func ConfigFromEnv() Config
type IsRequestFromKargoControlplaneFn
- func IsRequestFromKargoControlplane(regex *regexp.Regexp) IsRequestFromKargoControlplaneFn

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsRequestFromClusterAdmin ¶ added in v1.10.7

func IsRequestFromClusterAdmin(req admission.Request) bool

IsRequestFromClusterAdmin returns true when the admission request originates from a member of the system:masters group, which maps to cluster-admin privileges and is used for break-glass operations.

func IsRequestFromKubernetesGarbageCollector ¶ added in v1.10.7

func IsRequestFromKubernetesGarbageCollector(req admission.Request) bool

IsRequestFromKubernetesGarbageCollector returns true when the admission request originates from one of the well-known Kubernetes system controllers responsible for garbage collection and namespace teardown.

func ValidateProject ¶

func ValidateProject(
	ctx context.Context,
	kubeClient client.Client,
	obj client.Object,
) error

func ValidatePromotionSteps ¶

func ValidatePromotionSteps(
	f *field.Path,
	steps []kargoapi.PromotionStep,
) field.ErrorList

Types ¶

type Config ¶

type Config struct {
	// KargoNamespace is the namespace in which Kargo is installed.
	KargoNamespace string `envconfig:"KARGO_NAMESPACE" required:"true"`
	// RawControlplaneUserRegex is a regular expression to match the username in
	// admission request to distinguish if the request is coming from controlplane.
	RawControlplaneUserRegex string         `envconfig:"CONTROLPLANE_USER_REGEX"`
	ControlplaneUserRegex    *regexp.Regexp `ignored:"true"`
	// ManagementControllerUsername is the exact username (typically a service
	// account name) of the management controller. This is used where only the
	// management controller (not the API server or other controlplane
	// components) should be permitted to act.
	ManagementControllerUsername string `envconfig:"MANAGEMENT_CONTROLLER_USERNAME"`
}

func ConfigFromEnv ¶

func ConfigFromEnv() Config

type IsRequestFromKargoControlplaneFn ¶

type IsRequestFromKargoControlplaneFn func(admission.Request) bool

func IsRequestFromKargoControlplane ¶

func IsRequestFromKargoControlplane(regex *regexp.Regexp) IsRequestFromKargoControlplaneFn

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
clusterconfig
clusterpromotiontask
external
freight
project
projectconfig
promotion
promotiontask
replicatedresource
stage
warehouse

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL