Make admission webhooks work in custom apiservers.

Created a scheme that only understands admission/v1beta1 and use it to encode/decode admissionReviews. Also made the NegotiationSerializer setup static Kubernetes-commit: 3ab516035d17c2b2798797eb8ee85522ccbc051e
2018-03-09 11:25:34 -08:00 · 2018-03-09 11:25:34 -08:00 · f86f44d94d
parent f5f5413e42
commit f86f44d94d
6 changed files with 8 additions and 15 deletions
--- a/pkg/admission/plugin/webhook/config/BUILD
+++ b/pkg/admission/plugin/webhook/config/BUILD
@ -12,6 +12,7 @@ go_library(
    visibility = ["//visibility:public"],
    deps = [
        "//vendor/github.com/hashicorp/golang-lru:go_default_library",
+        "//vendor/k8s.io/api/admission/v1beta1:go_default_library",
        "//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
--- a/pkg/admission/plugin/webhook/config/client.go
+++ b/pkg/admission/plugin/webhook/config/client.go
@ -24,8 +24,10 @@ import (
 	"net/url"

 	lru "github.com/hashicorp/golang-lru"
+	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	"k8s.io/api/admissionregistration/v1beta1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors"
 	"k8s.io/client-go/rest"
@ -54,8 +56,13 @@ func NewClientManager() (ClientManager, error) {
 	if err != nil {
 		return ClientManager{}, err
 	}
+	admissionScheme := runtime.NewScheme()
+	admissionv1beta1.AddToScheme(admissionScheme)
 	return ClientManager{
 		cache: cache,
+		negotiatedSerializer: serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
+			Serializer: serializer.NewCodecFactory(admissionScheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
+		}),
 	}, nil
 }

@ -79,11 +86,6 @@ func (cm *ClientManager) SetServiceResolver(sr ServiceResolver) {
 	}
 }

-// SetNegotiatedSerializer sets the NegotiatedSerializer.
-func (cm *ClientManager) SetNegotiatedSerializer(n runtime.NegotiatedSerializer) {
-	cm.negotiatedSerializer = n
-}
-
 // Validate checks if ClientManager is properly set up.
 func (cm *ClientManager) Validate() error {
 	var errs []error
--- a/pkg/admission/plugin/webhook/mutating/BUILD
+++ b/pkg/admission/plugin/webhook/mutating/BUILD
@ -15,7 +15,6 @@ go_library(
        "//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
--- a/pkg/admission/plugin/webhook/mutating/admission.go
+++ b/pkg/admission/plugin/webhook/mutating/admission.go
@ -31,7 +31,6 @@ import (
 	"k8s.io/api/admissionregistration/v1beta1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
 	"k8s.io/apimachinery/pkg/runtime/serializer/json"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/admission"
@ -131,9 +130,6 @@ func (a *MutatingWebhook) SetServiceResolver(sr config.ServiceResolver) {
 // SetScheme sets a serializer(NegotiatedSerializer) which is derived from the scheme
 func (a *MutatingWebhook) SetScheme(scheme *runtime.Scheme) {
 	if scheme != nil {
-		a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
-			Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
-		}))
 		a.convertor.Scheme = scheme
 		a.defaulter = scheme
 		a.jsonSerializer = json.NewSerializer(json.DefaultMetaFactory, scheme, scheme, false)
--- a/pkg/admission/plugin/webhook/validating/BUILD
+++ b/pkg/admission/plugin/webhook/validating/BUILD
@ -14,7 +14,6 @@ go_library(
        "//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
-        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/admission/configuration:go_default_library",
--- a/pkg/admission/plugin/webhook/validating/admission.go
+++ b/pkg/admission/plugin/webhook/validating/admission.go
@ -31,7 +31,6 @@ import (
 	"k8s.io/api/admissionregistration/v1beta1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/admission"
 	"k8s.io/apiserver/pkg/admission/configuration"
@ -128,9 +127,6 @@ func (a *ValidatingAdmissionWebhook) SetServiceResolver(sr config.ServiceResolve
 // SetScheme sets a serializer(NegotiatedSerializer) which is derived from the scheme
 func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
 	if scheme != nil {
-		a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
-			Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
-		}))
 		a.convertor.Scheme = scheme
 	}
 }