enable propagation policy webhook (#152)

Signed-off-by: RainbowMango <renhongcai@huawei.com>
2021-01-30 15:17:51 +08:00 · 2021-01-30 15:17:51 +08:00 · 9624634662
parent d13875b2c3
commit 9624634662
4 changed files with 127 additions and 0 deletions
--- a/artifacts/deploy/webhook-configuration.yaml
+++ b/artifacts/deploy/webhook-configuration.yaml
@ -5,6 +5,20 @@ metadata:
  labels:
    app: mutating-config
 webhooks:
+  - name: propagationpolicy.karmada.io
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.karmada.io"]
+        apiVersions: ["*"]
+        resources: ["propagationpolicies"]
+        scope: "Namespaced"
+    clientConfig:
+      url: https://karmada-webhook.karmada-system.svc:443/mutate-propagationpolicy
+      caBundle: {{caBundle}}
+    failurePolicy: Fail
+    sideEffects: None
+    admissionReviewVersions: ["v1beta1"]
+    timeoutSeconds: 3
  - name: overridepolicy.karmada.io
    rules:
      - operations: ["CREATE", "UPDATE"]
@ -41,3 +55,17 @@ webhooks:
    sideEffects: None
    admissionReviewVersions: ["v1beta1"]
    timeoutSeconds: 3
+  - name: propagationpolicy.karmada.io
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: ["policy.karmada.io"]
+        apiVersions: ["*"]
+        resources: ["propagationpolicies"]
+        scope: "Namespaced"
+    clientConfig:
+      url: https://karmada-webhook.karmada-system.svc:443/validate-propagationpolicy
+      caBundle: {{caBundle}}
+    failurePolicy: Fail
+    sideEffects: None
+    admissionReviewVersions: ["v1beta1"]
+    timeoutSeconds: 3
--- a/cmd/webhook/app/webhook.go
+++ b/cmd/webhook/app/webhook.go
@ -17,6 +17,7 @@ import (
 	"github.com/karmada-io/karmada/pkg/util/gclient"
 	"github.com/karmada-io/karmada/pkg/webhook/cluster"
 	"github.com/karmada-io/karmada/pkg/webhook/overridepolicy"
+	"github.com/karmada-io/karmada/pkg/webhook/propagationpolicy"
 )

 // NewWebhookCommand creates a *cobra.Command object with default parameters
@ -66,6 +67,8 @@ func Run(opts *options.Options, stopChan <-chan struct{}) error {
 	klog.Info("registering webhooks to the webhook server")
 	hookServer := hookManager.GetWebhookServer()
 	hookServer.Register("/validate-cluster", &webhook.Admission{Handler: &cluster.ValidatingAdmission{}})
+	hookServer.Register("/mutate-propagationpolicy", &webhook.Admission{Handler: &propagationpolicy.MutatingAdmission{}})
+	hookServer.Register("/validate-propagationpolicy", &webhook.Admission{Handler: &propagationpolicy.ValidatingAdmission{}})
 	hookServer.Register("/mutate-overridepolicy", &webhook.Admission{Handler: &overridepolicy.MutatingAdmission{}})
 	hookServer.WebhookMux.Handle("/readyz/", http.StripPrefix("/readyz/", &healthz.Handler{}))

--- a/pkg/webhook/propagationpolicy/mutating.go
+++ b/pkg/webhook/propagationpolicy/mutating.go
@ -0,0 +1,53 @@
+package propagationpolicy
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"k8s.io/klog/v2"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	policyv1alpha1 "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1"
+)
+
+// MutatingAdmission mutates API request if necessary.
+type MutatingAdmission struct {
+	decoder *admission.Decoder
+}
+
+// Check if our MutatingAdmission implements necessary interface
+var _ admission.Handler = &MutatingAdmission{}
+var _ admission.DecoderInjector = &MutatingAdmission{}
+
+// Handle yields a response to an AdmissionRequest.
+func (a *MutatingAdmission) Handle(ctx context.Context, req admission.Request) admission.Response {
+	policy := &policyv1alpha1.PropagationPolicy{}
+
+	err := a.decoder.Decode(req, policy)
+	if err != nil {
+		return admission.Errored(http.StatusBadRequest, err)
+	}
+
+	// Set default namespace for all resource selector if not set.
+	for i := range policy.Spec.ResourceSelectors {
+		if len(policy.Spec.ResourceSelectors[i].Namespace) == 0 {
+			klog.Infof("Setting resource selector default namespace for policy: %s/%s", policy.Namespace, policy.Name)
+			policy.Spec.ResourceSelectors[i].Namespace = policy.Namespace
+		}
+	}
+
+	marshaledBytes, err := json.Marshal(policy)
+	if err != nil {
+		return admission.Errored(http.StatusInternalServerError, err)
+	}
+
+	return admission.PatchResponseFromRaw(req.Object.Raw, marshaledBytes)
+}
+
+// InjectDecoder implements admission.DecoderInjector interface.
+// A decoder will be automatically injected.
+func (a *MutatingAdmission) InjectDecoder(d *admission.Decoder) error {
+	a.decoder = d
+	return nil
+}
--- a/pkg/webhook/propagationpolicy/validating.go
+++ b/pkg/webhook/propagationpolicy/validating.go
@ -0,0 +1,43 @@
+package propagationpolicy
+
+import (
+	"context"
+	"net/http"
+
+	"k8s.io/klog/v2"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+
+	policyv1alpha1 "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1"
+)
+
+// ValidatingAdmission validates PropagationPolicy object when creating/updating/deleting.
+type ValidatingAdmission struct {
+	decoder *admission.Decoder
+}
+
+// Check if our ValidatingAdmission implements necessary interface
+var _ admission.Handler = &ValidatingAdmission{}
+var _ admission.DecoderInjector = &ValidatingAdmission{}
+
+// Handle implements admission.Handler interface.
+// It yields a response to an AdmissionRequest.
+func (v *ValidatingAdmission) Handle(ctx context.Context, req admission.Request) admission.Response {
+	policy := &policyv1alpha1.PropagationPolicy{}
+
+	err := v.decoder.Decode(req, policy)
+	if err != nil {
+		return admission.Errored(http.StatusBadRequest, err)
+	}
+	klog.V(2).Infof("Validating PropagationPolicy(%s/%s) for request: %s", policy.Namespace, policy.Name, req.Operation)
+
+	// Currently do nothing
+
+	return admission.Allowed("")
+}
+
+// InjectDecoder implements admission.DecoderInjector interface.
+// A decoder will be automatically injected.
+func (v *ValidatingAdmission) InjectDecoder(d *admission.Decoder) error {
+	v.decoder = d
+	return nil
+}