add caBundle for conversion webhook
Signed-off-by: Kuromesi <blackfacepan@163.com>
This commit is contained in:
Kuromesi
parent
657c6d8079
commit
553ea198b1
|
|
@ -0,0 +1,26 @@
|
|||
/*
|
||||
Copyright 2019 The Kruise Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package apis
|
||||
|
||||
import (
|
||||
"github.com/openkruise/rollouts/api/v1alpha1"
|
||||
)
|
||||
|
||||
func init() {
|
||||
// Register the types with the Scheme so the components can map objects to GroupVersionKinds and back
|
||||
AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme)
|
||||
}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
/*
|
||||
Copyright 2020 The Kruise Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package apis
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
)
|
||||
|
||||
// AddToSchemes may be used to add all resources defined in the project to a Scheme
|
||||
var AddToSchemes runtime.SchemeBuilder
|
||||
|
||||
// AddToScheme adds all Resources to the Scheme
|
||||
func AddToScheme(s *runtime.Scheme) error {
|
||||
return AddToSchemes.AddToScheme(s)
|
||||
}
|
||||
|
|
@ -29,6 +29,7 @@ import (
|
|||
"sigs.k8s.io/controller-runtime/pkg/manager"
|
||||
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
||||
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
|
||||
"sigs.k8s.io/controller-runtime/pkg/webhook/conversion"
|
||||
)
|
||||
|
||||
type GateFunc func() (enabled bool)
|
||||
|
|
@ -90,7 +91,7 @@ func SetupWithManager(mgr manager.Manager) error {
|
|||
server.Register(path, &webhook.Admission{Handler: handler})
|
||||
klog.V(3).Infof("Registered webhook handler %s", path)
|
||||
}
|
||||
|
||||
server.Register("/convert", &conversion.Webhook{})
|
||||
err := initialize(context.TODO(), mgr.GetConfig())
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ import (
|
|||
|
||||
webhookutil "github.com/openkruise/rollouts/pkg/webhook/util"
|
||||
"github.com/openkruise/rollouts/pkg/webhook/util/configuration"
|
||||
"github.com/openkruise/rollouts/pkg/webhook/util/crd"
|
||||
"github.com/openkruise/rollouts/pkg/webhook/util/generator"
|
||||
"github.com/openkruise/rollouts/pkg/webhook/util/writer"
|
||||
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
|
||||
|
|
@ -266,6 +267,10 @@ func (c *Controller) sync() error {
|
|||
return fmt.Errorf("failed to ensure configuration: %v", err)
|
||||
}
|
||||
|
||||
if err := crd.Ensure(c.crdClient, c.crdLister, certs.CACert); err != nil {
|
||||
return fmt.Errorf("failed to ensure crd: %v", err)
|
||||
}
|
||||
|
||||
onceInit.Do(func() {
|
||||
close(uninit)
|
||||
})
|
||||
|
|
|
|||
|
|
@ -0,0 +1,87 @@
|
|||
/*
|
||||
Copyright 2020 The Kruise Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package crd
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"reflect"
|
||||
|
||||
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
|
||||
apiextensionsclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
|
||||
apiextensionslisters "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
"k8s.io/apimachinery/pkg/labels"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
"k8s.io/apimachinery/pkg/runtime/schema"
|
||||
|
||||
apis "github.com/openkruise/rollouts/api"
|
||||
webhookutil "github.com/openkruise/rollouts/pkg/webhook/util"
|
||||
)
|
||||
|
||||
var (
|
||||
kruiseScheme = runtime.NewScheme()
|
||||
)
|
||||
|
||||
func init() {
|
||||
_ = apis.AddToScheme(kruiseScheme)
|
||||
}
|
||||
|
||||
func Ensure(client apiextensionsclientset.Interface, lister apiextensionslisters.CustomResourceDefinitionLister, caBundle []byte) error {
|
||||
crdList, err := lister.List(labels.Everything())
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to list crds: %v", err)
|
||||
}
|
||||
|
||||
webhookConfig := apiextensionsv1.WebhookClientConfig{
|
||||
CABundle: caBundle,
|
||||
}
|
||||
path := "/convert"
|
||||
if host := webhookutil.GetHost(); len(host) > 0 {
|
||||
url := fmt.Sprintf("https://%s:%d%s", host, webhookutil.GetPort(), path)
|
||||
webhookConfig.URL = &url
|
||||
} else {
|
||||
var port int32 = 443
|
||||
webhookConfig.Service = &apiextensionsv1.ServiceReference{
|
||||
Namespace: webhookutil.GetNamespace(),
|
||||
Name: webhookutil.GetServiceName(),
|
||||
Port: &port,
|
||||
Path: &path,
|
||||
}
|
||||
}
|
||||
|
||||
for _, crd := range crdList {
|
||||
if len(crd.Spec.Versions) == 0 || crd.Spec.Conversion == nil || crd.Spec.Conversion.Strategy != apiextensionsv1.WebhookConverter {
|
||||
continue
|
||||
}
|
||||
if !kruiseScheme.Recognizes(schema.GroupVersionKind{Group: crd.Spec.Group, Version: crd.Spec.Versions[0].Name, Kind: crd.Spec.Names.Kind}) {
|
||||
continue
|
||||
}
|
||||
|
||||
if crd.Spec.Conversion.Webhook == nil || !reflect.DeepEqual(crd.Spec.Conversion.Webhook.ClientConfig, webhookConfig) {
|
||||
newCRD := crd.DeepCopy()
|
||||
newCRD.Spec.Conversion.Webhook = &apiextensionsv1.WebhookConversion{
|
||||
ClientConfig: webhookConfig.DeepCopy(),
|
||||
ConversionReviewVersions: []string{"v1", "v1beta1"},
|
||||
}
|
||||
if _, err := client.ApiextensionsV1().CustomResourceDefinitions().Update(context.TODO(), newCRD, metav1.UpdateOptions{}); err != nil {
|
||||
return fmt.Errorf("failed to update CRD %s: %v", newCRD.Name, err)
|
||||
}
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Loading…
Reference in New Issue