update to plurals

richardwxn · richardwxn · commit c93af51861ff · 2019-11-12T16:09:28.000-08:00
diff --git a/cmd/manager/server.go b/cmd/manager/server.go
@@ -15,29 +15,22 @@
 package main
 
 import (
-	"context"
 	"fmt"
 	"os"
 
-	"istio.io/operator/pkg/apis/istio/v1alpha2"
-	controllerruntime "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
-	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
-
-	//"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
-
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
-	_ "k8s.io/client-go/plugin/pkg/client/auth"
-
 	drm "github.com/openshift/cluster-network-operator/pkg/util/k8s"
 	"github.com/spf13/cobra"
+	_ "k8s.io/client-go/plugin/pkg/client/auth"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
 
 	"istio.io/operator/pkg/apis"
 	"istio.io/operator/pkg/controller"
 	"istio.io/operator/pkg/controller/istiocontrolplane"
+	iscpwebhook "istio.io/operator/pkg/webhook/istiocontrolplane"
 	"istio.io/pkg/ctrlz"
 	"istio.io/pkg/log"
 )
@@ -142,30 +135,11 @@ func run() {
 
 	// setup webhooks
 	log.Info("setting up webhook server")
-
-	// Method 1
-	validatingHook := &webhook.Admission{
-		Handler: admission.HandlerFunc(func(ctx context.Context, req webhook.AdmissionRequest) webhook.AdmissionResponse {
-			log.Info("enterring admission handler!")
-			return webhook.Denied("Test only: none shall pass!")
-		}),
-	}
 	crv := mgr.GetWebhookServer()
 	crv.CertDir = "/tmp/k8s-webhook-server/serving-certs"
-	//crv.Port = 8443
-	crv.Register("/validate", validatingHook)
-
-	// method 2
-//crv.Register("/validate-install-istio-io-v1alpha2-istiocontrolplane",
-//	&webhook.Admission{Handler: &iscpwebhook.IscpValidator{}})
-
-	// Method3(implement the validator inside v1alpha2.IstioControlPlane)
-/*	err = controllerruntime.NewWebhookManagedBy(mgr).
-	For(&v1alpha2.IstioControlPlane{}).
-	Complete()
-if err != nil {
-	os.Exit(1)
-}*/
+	crv.Port = 8443
+	crv.Register("/validate-install-istio-io-v1alpha2-istiocontrolplane",
+		&webhook.Admission{Handler: &iscpwebhook.IscpValidator{}})
 
 	log.Info("Starting the Cmd.")
 
diff --git a/deploy/operator.yaml b/deploy/operator.yaml
@@ -33,12 +33,6 @@ spec:
             requests:
               cpu: 50m
               memory: 128Mi
-          securityContext:
-            runAsUser: 0
-            runAsNonRoot: false
-            capabilities:
-              add:
-                - NET_ADMIN
           env:
             - name: WATCH_NAMESPACE
               value: "istio-operator"
diff --git a/deploy/service.yaml b/deploy/service.yaml
@@ -10,7 +10,7 @@ spec:
   ports:
   - port: 443
     name: webhook
-    targetPort: 443
+    targetPort: 8443
   - name: http-metrics
     port: 8383
     targetPort: 8383
diff --git a/deploy/webhook.yaml b/deploy/webhook.yaml
@@ -23,27 +23,4 @@ webhooks:
           - CREATE
           - UPDATE
         resources:
-          - istiocontrolplane
-
----
-
-# Testing only, see if basic resource admission request can go to webserver
-apiVersion: admissionregistration.k8s.io/v1beta1
-kind: ValidatingWebhookConfiguration
-metadata:
-  name: validation-webhook-example-cfg
-  labels:
-    app: admission-webhook-example
-webhooks:
-  - name: required-labels.banzaicloud.com
-    clientConfig:
-      service:
-        name: istio-operator
-        namespace: istio-operator
-        path: "/validate"
-      caBundle: Cg==
-    rules:
-      - operations: [ "CREATE", "UPDATE" ]
-        apiGroups: ["apps", ""]
-        apiVersions: ["v1"]
-        resources: ["deployments","services"]
+          - istiocontrolplanes
diff --git a/pkg/apis/istio/v1alpha2/istiocontrolplane_types.pb.go b/pkg/apis/istio/v1alpha2/istiocontrolplane_types.pb.go
diff --git a/pkg/webhook/istiocontrolplane/iscpwebhook.go b/pkg/webhook/istiocontrolplane/iscpwebhook.go
@@ -16,6 +16,7 @@ package istiocontrolplane
 
 import (
 	"context"
+	"fmt"
 
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -41,8 +42,10 @@ func (a *IscpValidator) Handle(ctx context.Context, req admission.Request) admis
 		return admission.Denied(err.Error())
 	}
 	//TODO: update to full validation including values part after values schema formalized.
-	if errs := validate.CheckIstioControlPlaneSpecExcludeValues(icp.Spec, true); len(errs) != 0 {
-		return admission.Denied(errs.Error())
+	if errs := validate.CheckIstioControlPlaneSpecExcludeValues(icp.Spec, false); len(errs) != 0 {
+		fmt.Printf("proceed with validation err: %v", errs.Error())
+		// TODO: allow the request now until we fully done the validation logic.
+		return admission.Allowed("IstioControlPlane schema validated with err")
 	}
 	return admission.Allowed("IstioControlPlane schema validated")
 }

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ package istiocontrolplane`
`16`	`16`
`17`	`17`	`import (`
`18`	`18`	`"context"`
	`19`	`+ "fmt"`
`19`	`20`
`20`	`21`	`"sigs.k8s.io/controller-runtime/pkg/client"`
`21`	`22`	`"sigs.k8s.io/controller-runtime/pkg/webhook/admission"`
`@@ -41,8 +42,10 @@ func (a *IscpValidator) Handle(ctx context.Context, req admission.Request) admis`
`41`	`42`	`return admission.Denied(err.Error())`
`42`	`43`	`}`
`43`	`44`	`//TODO: update to full validation including values part after values schema formalized.`
`44`		`- if errs := validate.CheckIstioControlPlaneSpecExcludeValues(icp.Spec, true); len(errs) != 0 {`
`45`		`- return admission.Denied(errs.Error())`
	`45`	`+ if errs := validate.CheckIstioControlPlaneSpecExcludeValues(icp.Spec, false); len(errs) != 0 {`
	`46`	`+ fmt.Printf("proceed with validation err: %v", errs.Error())`
	`47`	`+ // TODO: allow the request now until we fully done the validation logic.`
	`48`	`+ return admission.Allowed("IstioControlPlane schema validated with err")`
`46`	`49`	`}`
`47`	`50`	`return admission.Allowed("IstioControlPlane schema validated")`
`48`	`51`	`}`