From c998108901509d9e20c06d1a717058d07a6fb130 Mon Sep 17 00:00:00 2001 From: prateekpandey14 Date: Mon, 29 Jun 2020 21:33:09 +0530 Subject: [PATCH] refact(webhook): make webhook config failure policy configurable commit enable the webhook validatingwebhookconfiguration failure policy configurable using a env called ADMISSION_WEBHOOK_FAILURE_POLICY. There are 2 types of failure policy which can be configurable are `Fail` and `Ignore`. `Fail` will be the default policy Signed-off-by: prateekpandey14 --- pkg/webhook/configuration.go | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/pkg/webhook/configuration.go b/pkg/webhook/configuration.go index 9de41170a6..3bd2c60385 100644 --- a/pkg/webhook/configuration.go +++ b/pkg/webhook/configuration.go @@ -37,6 +37,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/klog" ) const ( @@ -70,7 +71,9 @@ var ( Ignore = v1beta1.Ignore // Fail means that an error calling the webhook causes the admission to fail. Fail = v1beta1.Fail - + // WebhookFailurePolicye represents failure policy env name to make it configurable + // via ENV + WebhookFailurePolicy = "ADMISSION_WEBHOOK_FAILURE_POLICY" // transformation function lists to upgrade webhook resources transformSecret = []transformSecretFunc{} transformSvc = []transformSvcFunc{} @@ -221,7 +224,7 @@ func createValidatingWebhookConfig( CABundle: signingCert, }, TimeoutSeconds: &five, - FailurePolicy: &Fail, + FailurePolicy: failurePolicy(), } validator := &v1beta1.ValidatingWebhookConfiguration{ @@ -656,3 +659,25 @@ func preUpgrade(openebsNamespace string) error { return nil } + +// failurePolicy returns the admission webhook configuration failurePolicy +// based on the given WebhookFailurePolicy ENV set on admission server +// deployments. +// +// Default failure Policy is `Fail` if not provided. +func failurePolicy() *v1beta1.FailurePolicyType { + var policyType *v1beta1.FailurePolicyType + policy, present := os.LookupEnv(WebhookFailurePolicy) + if !present { + policyType = &Fail + } + + switch strings.ToLower(policy) { + default: + policyType = &Fail + case "no", "false", "ignore": + policyType = &Ignore + } + klog.Infof("Using webhook configuration failure policy as %q", policyType) + return policyType +}