generated from kubernetes/kubernetes-template-project
-
Notifications
You must be signed in to change notification settings - Fork 103
/
setup.go
88 lines (76 loc) · 2.73 KB
/
setup.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
package validators
import (
"fmt"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/webhook"
cert "github.com/open-policy-agent/cert-controller/pkg/rotator"
"sigs.k8s.io/hierarchical-namespaces/internal/forest"
)
const (
serviceName = "hnc-webhook-service"
vwhName = "hnc-validating-webhook-configuration"
mwhName = "hnc-mutating-webhook-configuration"
caName = "hnc-ca"
caOrganization = "hnc"
secretNamespace = "hnc-system"
secretName = "hnc-webhook-server-cert"
certDir = "/tmp/k8s-webhook-server/serving-certs"
)
// DNSName is <service name>.<namespace>.svc
var dnsName = fmt.Sprintf("%s.%s.svc", serviceName, secretNamespace)
// CreateCertsIfNeeded creates all certs for webhooks. This function is called from main.go.
func CreateCertsIfNeeded(mgr ctrl.Manager, novalidation, internalCert, restartOnSecretRefresh bool) (chan struct{}, error) {
setupFinished := make(chan struct{})
if novalidation || !internalCert {
close(setupFinished)
return setupFinished, nil
}
return setupFinished, cert.AddRotator(mgr, &cert.CertRotator{
SecretKey: types.NamespacedName{
Namespace: secretNamespace,
Name: secretName,
},
CertDir: certDir,
CAName: caName,
CAOrganization: caOrganization,
DNSName: dnsName,
IsReady: setupFinished,
Webhooks: []cert.WebhookInfo{{
Type: cert.Validating,
Name: vwhName,
}, {
Type: cert.Mutating,
Name: mwhName,
}},
RestartOnSecretRefresh: restartOnSecretRefresh,
})
}
// Create creates all validators. This function is called from main.go.
func Create(mgr ctrl.Manager, f *forest.Forest) {
// Create webhook for Hierarchy
mgr.GetWebhookServer().Register(HierarchyServingPath, &webhook.Admission{Handler: &Hierarchy{
Log: ctrl.Log.WithName("validators").WithName("Hierarchy"),
Forest: f,
}})
// Create webhooks for managed objects
mgr.GetWebhookServer().Register(ObjectsServingPath, &webhook.Admission{Handler: &Object{
Log: ctrl.Log.WithName("validators").WithName("Object"),
Forest: f,
}})
// Create webhook for the config
mgr.GetWebhookServer().Register(ConfigServingPath, &webhook.Admission{Handler: &HNCConfig{
Log: ctrl.Log.WithName("validators").WithName("HNCConfig"),
Forest: f,
}})
// Create webhook for the subnamespace anchors.
mgr.GetWebhookServer().Register(AnchorServingPath, &webhook.Admission{Handler: &Anchor{
Log: ctrl.Log.WithName("validators").WithName("Anchor"),
Forest: f,
}})
// Create webhook for the namespaces (core type).
mgr.GetWebhookServer().Register(NamespaceServingPath, &webhook.Admission{Handler: &Namespace{
Log: ctrl.Log.WithName("validators").WithName("Namespace"),
Forest: f,
}})
}