webhook

package

v0.0.0-...-eb3ff73 Latest Latest Go to latest Published: Sep 13, 2025 License: Apache-2.0 Imports: 32 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openlit/openlit

Links

Open Source Insights

Documentation ¶

Overview ¶

OpenLIT Admission Webhook Handler

This is the core admission webhook that implements zero-code instrumentation by intercepting pod creation requests and automatically injecting OpenTelemetry instrumentation into matching pods based on AutoInstrumentation Custom Resources.

Key responsibilities: - Intercepts pod creation through Kubernetes admission controller - Matches pods against AutoInstrumentation selector criteria - Injects init containers with instrumentation packages - Configures environment variables for OpenTelemetry - Handles multiple instrumentation providers (OpenLIT, OpenInference, OpenLLMetry) - Provides comprehensive error handling and observability

The webhook works by: 1. Receiving admission review requests for pod creation 2. Finding matching AutoInstrumentation CRs for the pod's namespace and labels 3. Creating injector configuration from the CR settings 4. Modifying the pod spec to include instrumentation init containers 5. Returning the modified pod specification to Kubernetes

Supports advanced features: - Custom package installation - Provider-specific configurations - Environment variable injection from secrets/configmaps - Namespace-scoped and cluster-wide instrumentation - Skip/ignore patterns for fine-grained control

This is where the "magic" of zero-code instrumentation happens!

Index ¶

type CertificateManager
- func NewCertificateManager(client kubernetes.Interface, namespace, serviceName, secretName string, ...) *CertificateManager
type CircuitBreaker
type CircuitBreakerState
type Handler
- func NewHandler(cfg *config.OperatorConfig, scheme *runtime.Scheme, ...) *Handler
- func (h *Handler) Handle(ctx context.Context, req admission.Request) admission.Response
- func (h *Handler) InjectDecoder(d admission.Decoder) error
type WebhookConfigManager
- func NewWebhookConfigManager(client kubernetes.Interface, ...) *WebhookConfigManager
- func (wc *WebhookConfigManager) CleanupWebhookConfiguration(ctx context.Context) error
- func (wc *WebhookConfigManager) EnsureWebhookConfiguration(ctx context.Context, caCert []byte) error

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CertificateManager ¶

type CertificateManager struct {
	// contains filtered or unexported fields
}

CertificateManager handles TLS certificate generation and management for the webhook

func NewCertificateManager ¶

func NewCertificateManager(client kubernetes.Interface, namespace, serviceName, secretName string, validityDays, refreshThreshold int) *CertificateManager

NewCertificateManager creates a new certificate manager

func (*CertificateManager) EnsureCertificate ¶

func (cm *CertificateManager) EnsureCertificate(ctx context.Context) ([]byte, error)

EnsureCertificate ensures that a valid TLS certificate exists for the webhook Handles multiple operators gracefully with resource ownership and conflict resolution

func (*CertificateManager) GetTLSConfig ¶

func (cm *CertificateManager) GetTLSConfig(ctx context.Context) (*tls.Config, error)

GetTLSConfig returns a TLS config for the webhook server

func (*CertificateManager) StartCertificateRotation ¶

func (cm *CertificateManager) StartCertificateRotation(ctx context.Context)

StartCertificateRotation starts the automatic certificate rotation background process

func (*CertificateManager) StopCertificateRotation ¶

func (cm *CertificateManager) StopCertificateRotation()

StopCertificateRotation stops the automatic certificate rotation background process

type CircuitBreaker ¶

type CircuitBreaker struct {
	// contains filtered or unexported fields
}

CircuitBreaker implements circuit breaker pattern for webhook reliability

type CircuitBreakerState ¶

type CircuitBreakerState int32

CircuitBreakerState represents the state of the circuit breaker

const (
	CircuitBreakerClosed CircuitBreakerState = iota
	CircuitBreakerOpen
	CircuitBreakerHalfOpen
)

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler implements the admission.Handler interface

func NewHandler ¶

func NewHandler(cfg *config.OperatorConfig, scheme *runtime.Scheme, dynamicClient dynamic.Interface) *Handler

NewHandler creates a new webhook handler

func (*Handler) Handle ¶

func (h *Handler) Handle(ctx context.Context, req admission.Request) admission.Response

Handle handles the admission requests for pod injection

func (*Handler) InjectDecoder ¶

func (h *Handler) InjectDecoder(d admission.Decoder) error

InjectDecoder injects the decoder

type WebhookConfigManager ¶

type WebhookConfigManager struct {
	// contains filtered or unexported fields
}

WebhookConfigManager manages the MutatingWebhookConfiguration Following the Velotio approach for automatic webhook registration

func NewWebhookConfigManager ¶

func NewWebhookConfigManager(client kubernetes.Interface, namespace, serviceName, configName, webhookPath string, webhookPort int, failurePolicy, reinvocationPolicy string, logger *observability.StructuredLogger) *WebhookConfigManager

NewWebhookConfigManager creates a new webhook configuration manager

func (*WebhookConfigManager) CleanupWebhookConfiguration ¶

func (wc *WebhookConfigManager) CleanupWebhookConfiguration(ctx context.Context) error

CleanupWebhookConfiguration removes the webhook configuration (for cleanup)

func (*WebhookConfigManager) EnsureWebhookConfiguration ¶

func (wc *WebhookConfigManager) EnsureWebhookConfiguration(ctx context.Context, caCert []byte) error

EnsureWebhookConfiguration creates or updates the MutatingWebhookConfiguration

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL