From 0b86027496d451b6fdf645c82d9084da37570e6a Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Tue, 9 May 2023 12:54:35 +0300 Subject: [PATCH] :book: update webhooks for core types to match controller-runtime v0.15 Signed-off-by: Mikko Ylinen --- .../src/reference/webhook-for-core-types.md | 51 +++++++++++-------- 1 file changed, 29 insertions(+), 22 deletions(-) diff --git a/docs/book/src/reference/webhook-for-core-types.md b/docs/book/src/reference/webhook-for-core-types.md index dd0258a44c9..997e4f7d182 100644 --- a/docs/book/src/reference/webhook-for-core-types.md +++ b/docs/book/src/reference/webhook-for-core-types.md @@ -7,47 +7,54 @@ There is an [example](https://github.com/kubernetes-sigs/controller-runtime/tree in controller-runtime. It is suggested to use kubebuilder to initialize a project, and then you can -follow the steps below to add admission webhooks for core types. +follow the steps below to add admission webhooks for core types. The example shows +how to set up a mutating webhook following the controller-runtime's webhook builder. -## Implement Your Handler +## Implement Your Webhook -You need to have your handler implements the -[admission.Handler](https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/webhook/admission?tab=doc#Handler) +You need to have your webhook to implement the +[admission.CustomDefaulter](https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/webhook/admission?tab=doc#CustomDefaulter) interface. ```go -type podAnnotator struct { - Client client.Client - decoder *admission.Decoder -} +type podAnnotator struct {} -func (a *podAnnotator) Handle(ctx context.Context, req admission.Request) admission.Response { - pod := &corev1.Pod{} - err := a.decoder.Decode(req, pod) - if err != nil { - return admission.Errored(http.StatusBadRequest, err) - } +func (a *podAnnotator) Default(ctx context.Context, obj runtime.Object) error { + log := logf.FromContext(ctx) + pod, ok := obj.(*corev1.Pod) + if !ok { + return fmt.Errorf("expected a Pod but got a %T", obj) + } // mutate the fields in pod + if pod.Annotations == nil { + pod.Annotations = map[string]string{} + } + pod.Annotations["example-mutating-admission-webhook"] = "foo" + + log.Info("Annotated pod") - marshaledPod, err := json.Marshal(pod) - if err != nil { - return admission.Errored(http.StatusInternalServerError, err) - } - return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPod) + return nil } ``` **Note**: in order to have controller-gen generate the webhook configuration for you, you need to add markers. For example, -`// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io` +`// +kubebuilder:webhook:path=/mutate--v1-pod,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io` +(for core types the `path` is of format `/mutate---`). ## Update main.go Now you need to register your handler in the webhook server. ```go -mgr.GetWebhookServer().Register("/mutate-v1-pod", &webhook.Admission{Handler: &podAnnotator{Client: mgr.GetClient()}}) + if err := ctrl.NewWebhookManagedBy(mgr). + For(&corev1.Pod{}). + WithDefaulter(&podAnnotator{}). + Complete(); err != nil { + entryLog.Error(err, "unable to create webhook", "webhook", "Pod") + os.Exit(1) + } ``` You need to ensure the path here match the path in the marker. @@ -74,4 +81,4 @@ Deploying it is just like deploying a webhook server for CRD. You need to You can follow the [tutorial](/cronjob-tutorial/running.md). -[cronjob-tutorial]: /cronjob-tutorial/cronjob-tutorial.md \ No newline at end of file +[cronjob-tutorial]: /cronjob-tutorial/cronjob-tutorial.md