karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5960 from XiShanYongYe-Chang/fix-validate-err-ResourceInterpreterWebhookConfiguration 

`karmada-webhook`: Fix panic when validating ResourceInterpreterWebhookConfiguration with unspecified service port
This commit is contained in:
karmada-bot 2024-12-20 17:41:23 +08:00 committed by GitHub
parent 8d89d77110 262fcb328a
commit 93ffe35d06
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/webhook/configuration/validating.go
View File

@ -27,6 +27,7 @@ import (
"k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/apiserver/pkg/util/webhook" "k8s.io/apiserver/pkg/util/webhook"
"k8s.io/klog/v2" "k8s.io/klog/v2"
"k8s.io/utils/ptr"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission" "sigs.k8s.io/controller-runtime/pkg/webhook/admission"
configv1alpha1 "github.com/karmada-io/karmada/pkg/apis/config/v1alpha1" configv1alpha1 "github.com/karmada-io/karmada/pkg/apis/config/v1alpha1"
@ -103,7 +104,19 @@ func validateWebhook(hook *configv1alpha1.ResourceInterpreterWebhook, fldPath *f
case cc.URL != nil: case cc.URL != nil:
allErrors = append(allErrors, webhook.ValidateWebhookURL(fldPath.Child("clientConfig").Child("url"), *cc.URL, true)...) allErrors = append(allErrors, webhook.ValidateWebhookURL(fldPath.Child("clientConfig").Child("url"), *cc.URL, true)...)
case cc.Service != nil: case cc.Service != nil:
allErrors = append(allErrors, webhook.ValidateWebhookService(fldPath.Child("clientConfig").Child("service"), cc.Service.Name, cc.Service.Namespace, cc.Service.Path, *cc.Service.Port)...) // Temporary fix: If the service port is not specified, set a default value of 443.
// This is a workaround to prevent a panic when validating ResourceInterpreterWebhookConfiguration
// with an unspecified service port. Ideally, this logic should be handled by a MutatingWebhook,
// but introducing a MutatingWebhook at this stage would require significant changes and is not
// convenient for cherry-picking to release branches. Therefore, we are temporarily setting the
// default port here. Once a MutatingWebhook is implemented, this logic can be moved there.
//
// Note: The Interpreter framework also sets the same default value (443) when processing Service,
// so the backend will not encounter issues due to missing port information.
if cc.Service.Port == nil {
cc.Service.Port = ptr.To[int32](443)
}
allErrors = append(allErrors, webhook.ValidateWebhookService(fldPath.Child("clientConfig").Child("service"), cc.Service.Namespace, cc.Service.Name, cc.Service.Path, *cc.Service.Port)...)
} }
allErrors = append(allErrors, validateInterpreterContextVersions(hook.InterpreterContextVersions, fldPath.Child("interpreterContextVersions"))...) allErrors = append(allErrors, validateInterpreterContextVersions(hook.InterpreterContextVersions, fldPath.Child("interpreterContextVersions"))...)

14
pkg/webhook/configuration/validating_test.go
View File

@ -271,6 +271,20 @@ func TestValidateWebhook(t *testing.T) {
}, },
expectedError: fmt.Sprintf("must include at least one of %v", strings.Join(acceptedInterpreterContextVersions, ", ")), expectedError: fmt.Sprintf("must include at least one of %v", strings.Join(acceptedInterpreterContextVersions, ", ")),
}, },
{
name: "valid webhook configuration: use Service in ClientConfig but with port unspecified",
hook: &configv1alpha1.ResourceInterpreterWebhook{
Name: "workloads.karmada.io",
ClientConfig: admissionregistrationv1.WebhookClientConfig{
Service: &admissionregistrationv1.ServiceReference{
Namespace: "default",
Name: "svc",
Path: strPtr("/interpreter"),
},
},
InterpreterContextVersions: []string{"v1alpha1"},
},
},
} }
for _, test := range tests { for _, test := range tests {