admission

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

The admission package provides libraries for creating admission webhooks.

Example 
package main

import (
	"fmt"

	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
	"k8s.io/api/admission/v1beta1"

	corev1 "k8s.io/api/core/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func main() {
	resourceType := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}
	admission.HandleFunc("/pod", resourceType, func(review v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
		pod := corev1.Pod{}
		if errResp := admission.Decode(review, &pod, resourceType); errResp != nil {
			return errResp
		}
		// Business logic for admission decision
		if len(pod.Spec.Containers) != 1 {
			return admission.DenyResponse(fmt.Sprintf(
				"pod %s/%s may only have 1 container.", pod.Namespace, pod.Name))
		}
		return admission.AllowResponse()
	})
	admission.ListenAndServeTLS("")
}

Index

Examples

Constants

This section is empty.

Variables

View Source 
var DefaultAdmissionFns = &AdmissionManager{
	SMux: http.DefaultServeMux,
}

DefaultAdmissionFns is the default admission control functions registry

Functions

func AllowResponse 

func AllowResponse() *v1beta1.AdmissionResponse

AllowResponse returns a new response for admitting a request

Example 
package main

import (
	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
)

func main() {
	admission.AllowResponse()
}

func Decode 

func Decode(review v1beta1.AdmissionReview, object runtime.Object,
	resourceType metav1.GroupVersionResource) *v1beta1.AdmissionResponse

Decode reads the Raw data from review and deserializes it into object returning a non-nil reponse if there was an error

Example 
package main

import (
	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
	"k8s.io/api/admission/v1beta1"

	corev1 "k8s.io/api/core/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func main() {
	var review v1beta1.AdmissionReview
	resourceType := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}
	pod := corev1.Pod{}
	if errResp := admission.Decode(review, &pod, resourceType); errResp != nil {
		// Send error resp
	}
}

func DenyResponse 

func DenyResponse(msg string) *v1beta1.AdmissionResponse

DenyResponse returns a new response for denying a request

Example 
package main

import (
	"fmt"
	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
)

func main() {
	admission.DenyResponse(fmt.Sprintf("some deny explanation"))
}

func ErrorResponse 

func ErrorResponse(err error) *v1beta1.AdmissionResponse

ErrorResponse creates a new AdmissionResponse for an error handling the request

Example 
package main

import (
	"fmt"
	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
)

func main() {
	admission.ErrorResponse(fmt.Errorf("some error explanation"))
}

func HandleFunc 

func HandleFunc(path string, gvr metav1.GroupVersionResource, fn AdmissionFunc)

HandleFunc registers fn as an admission control webhook callback for the group,version,resources specified

Example 
package main

import (
	"fmt"

	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
	"k8s.io/api/admission/v1beta1"

	corev1 "k8s.io/api/core/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func main() {
	resourceType := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}
	admission.HandleFunc("/pod", resourceType, func(review v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
		pod := corev1.Pod{}
		if errResp := admission.Decode(review, &pod, resourceType); errResp != nil {
			return errResp
		}
		// Business logic for admission decision
		if len(pod.Spec.Containers) != 1 {
			return admission.DenyResponse(fmt.Sprintf(
				"pod %s/%s may only have 1 container.", pod.Namespace, pod.Name))
		}
		return admission.AllowResponse()
	})
}

func ListenAndServeTLS 

func ListenAndServeTLS(addr string) error

Types

type AdmissionFunc 

type AdmissionFunc func(review v1beta1.AdmissionReview) *v1beta1.AdmissionResponse

AdmissionFunc implements an AdmissionReview operation for a GroupVersionResource

Example 
package main

import (
	"fmt"

	"github.com/kubernetes-sigs/kubebuilder/pkg/internal/admission"
	"k8s.io/api/admission/v1beta1"

	corev1 "k8s.io/api/core/v1"

	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func main() {
	var _ admission.AdmissionFunc = func(review v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
		pod := corev1.Pod{}
		resourceType := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}
		if errResp := admission.Decode(review, &pod, resourceType); errResp != nil {
			return errResp
		}
		// Business logic for admission decision
		if len(pod.Spec.Containers) != 1 {
			return admission.DenyResponse(fmt.Sprintf(
				"pod %s/%s may only have 1 container.", pod.Namespace, pod.Name))
		}
		return admission.AllowResponse()
	}
}

type AdmissionManager 

type AdmissionManager struct {
	Entries map[string]admissionHandler
	SMux    *http.ServeMux
}

AdmissionManager manages admission controllers

func (*AdmissionManager) HandleFunc 

func (e *AdmissionManager) HandleFunc(path string, gvr metav1.GroupVersionResource, fn AdmissionFunc)

HandleFunc registers fn as an admission control webhook callback for the group,version,resources specified

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.