Home Explore Help
Sign In
tzeneto
/
custom-kube-scheduler
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: a2a212880b
Branches Tags
custom-kube-...
/
kubernetes-v1.15.4
/
test
/
images
/
webhook
/
main.go

main.go 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. /*
    2. 

  2. Copyright 2018 The Kubernetes Authors.
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package main
    18. 

  18. 

  19. import (
    20. 

  20. 	"encoding/json"
    21. 

  21. 	"flag"
    22. 

  22. 	"fmt"
    23. 

  23. 	"io/ioutil"
    24. 

  24. 	"net/http"
    25. 

  25. 

  26. 	"k8s.io/api/admission/v1beta1"
    27. 

  27. 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    28. 

  28. 	"k8s.io/klog"
    29. 

  29. 	// TODO: try this library to see if it generates correct json patch
    30. 

  30. 	// https://github.com/mattbaird/jsonpatch
    31. 

  31. )
    32. 

  32. 

  33. // toAdmissionResponse is a helper function to create an AdmissionResponse
    34. 

  34. // with an embedded error
    35. 

  35. func toAdmissionResponse(err error) *v1beta1.AdmissionResponse {
    36. 

  36. 	return &v1beta1.AdmissionResponse{
    37. 

  37. 		Result: &metav1.Status{
    38. 

  38. 			Message: err.Error(),
    39. 

  39. 		},
    40. 

  40. 	}
    41. 

  41. }
    42. 

  42. 

  43. // admitFunc is the type we use for all of our validators and mutators
    44. 

  44. type admitFunc func(v1beta1.AdmissionReview) *v1beta1.AdmissionResponse
    45. 

  45. 

  46. // serve handles the http portion of a request prior to handing to an admit
    47. 

  47. // function
    48. 

  48. func serve(w http.ResponseWriter, r *http.Request, admit admitFunc) {
    49. 

  49. 	var body []byte
    50. 

  50. 	if r.Body != nil {
    51. 

  51. 		if data, err := ioutil.ReadAll(r.Body); err == nil {
    52. 

  52. 			body = data
    53. 

  53. 		}
    54. 

  54. 	}
    55. 

  55. 

  56. 	// verify the content type is accurate
    57. 

  57. 	contentType := r.Header.Get("Content-Type")
    58. 

  58. 	if contentType != "application/json" {
    59. 

  59. 		klog.Errorf("contentType=%s, expect application/json", contentType)
    60. 

  60. 		return
    61. 

  61. 	}
    62. 

  62. 

  63. 	klog.V(2).Info(fmt.Sprintf("handling request: %s", body))
    64. 

  64. 

  65. 	// The AdmissionReview that was sent to the webhook
    66. 

  66. 	requestedAdmissionReview := v1beta1.AdmissionReview{}
    67. 

  67. 

  68. 	// The AdmissionReview that will be returned
    69. 

  69. 	responseAdmissionReview := v1beta1.AdmissionReview{}
    70. 

  70. 

  71. 	deserializer := codecs.UniversalDeserializer()
    72. 

  72. 	if _, _, err := deserializer.Decode(body, nil, &requestedAdmissionReview); err != nil {
    73. 

  73. 		klog.Error(err)
    74. 

  74. 		responseAdmissionReview.Response = toAdmissionResponse(err)
    75. 

  75. 	} else {
    76. 

  76. 		// pass to admitFunc
    77. 

  77. 		responseAdmissionReview.Response = admit(requestedAdmissionReview)
    78. 

  78. 	}
    79. 

  79. 

  80. 	// Return the same UID
    81. 

  81. 	responseAdmissionReview.Response.UID = requestedAdmissionReview.Request.UID
    82. 

  82. 

  83. 	klog.V(2).Info(fmt.Sprintf("sending response: %v", responseAdmissionReview.Response))
    84. 

  84. 

  85. 	respBytes, err := json.Marshal(responseAdmissionReview)
    86. 

  86. 	if err != nil {
    87. 

  87. 		klog.Error(err)
    88. 

  88. 	}
    89. 

  89. 	if _, err := w.Write(respBytes); err != nil {
    90. 

  90. 		klog.Error(err)
    91. 

  91. 	}
    92. 

  92. }
    93. 

  93. 

  94. func serveAlwaysAllowDelayFiveSeconds(w http.ResponseWriter, r *http.Request) {
    95. 

  95. 	serve(w, r, alwaysAllowDelayFiveSeconds)
    96. 

  96. }
    97. 

  97. 

  98. func serveAlwaysDeny(w http.ResponseWriter, r *http.Request) {
    99. 

  99. 	serve(w, r, alwaysDeny)
    100. 

  100. }
    101. 

  101. 

  102. func serveAddLabel(w http.ResponseWriter, r *http.Request) {
    103. 

  103. 	serve(w, r, addLabel)
    104. 

  104. }
    105. 

  105. 

  106. func servePods(w http.ResponseWriter, r *http.Request) {
    107. 

  107. 	serve(w, r, admitPods)
    108. 

  108. }
    109. 

  109. 

  110. func serveAttachingPods(w http.ResponseWriter, r *http.Request) {
    111. 

  111. 	serve(w, r, denySpecificAttachment)
    112. 

  112. }
    113. 

  113. 

  114. func serveMutatePods(w http.ResponseWriter, r *http.Request) {
    115. 

  115. 	serve(w, r, mutatePods)
    116. 

  116. }
    117. 

  117. 

  118. func serveConfigmaps(w http.ResponseWriter, r *http.Request) {
    119. 

  119. 	serve(w, r, admitConfigMaps)
    120. 

  120. }
    121. 

  121. 

  122. func serveMutateConfigmaps(w http.ResponseWriter, r *http.Request) {
    123. 

  123. 	serve(w, r, mutateConfigmaps)
    124. 

  124. }
    125. 

  125. 

  126. func serveCustomResource(w http.ResponseWriter, r *http.Request) {
    127. 

  127. 	serve(w, r, admitCustomResource)
    128. 

  128. }
    129. 

  129. 

  130. func serveMutateCustomResource(w http.ResponseWriter, r *http.Request) {
    131. 

  131. 	serve(w, r, mutateCustomResource)
    132. 

  132. }
    133. 

  133. 

  134. func serveCRD(w http.ResponseWriter, r *http.Request) {
    135. 

  135. 	serve(w, r, admitCRD)
    136. 

  136. }
    137. 

  137. 

  138. func main() {
    139. 

  139. 	klog.InitFlags(nil)
    140. 

  140. 	var config Config
    141. 

  141. 	config.addFlags()
    142. 

  142. 	flag.Parse()
    143. 

  143. 

  144. 	http.HandleFunc("/always-allow-delay-5s", serveAlwaysAllowDelayFiveSeconds)
    145. 

  145. 	http.HandleFunc("/always-deny", serveAlwaysDeny)
    146. 

  146. 	http.HandleFunc("/add-label", serveAddLabel)
    147. 

  147. 	http.HandleFunc("/pods", servePods)
    148. 

  148. 	http.HandleFunc("/pods/attach", serveAttachingPods)
    149. 

  149. 	http.HandleFunc("/mutating-pods", serveMutatePods)
    150. 

  150. 	http.HandleFunc("/configmaps", serveConfigmaps)
    151. 

  151. 	http.HandleFunc("/mutating-configmaps", serveMutateConfigmaps)
    152. 

  152. 	http.HandleFunc("/custom-resource", serveCustomResource)
    153. 

  153. 	http.HandleFunc("/mutating-custom-resource", serveMutateCustomResource)
    154. 

  154. 	http.HandleFunc("/crd", serveCRD)
    155. 

  155. 	server := &http.Server{
    156. 

  156. 		Addr:      ":443",
    157. 

  157. 		TLSConfig: configTLS(config),
    158. 

  158. 	}
    159. 

  159. 	server.ListenAndServeTLS("", "")
    160. 

  160. }
    161. 

  161.