access to client in mutating webhook #1216
Comments
ryandawsonuk
added
the
kind/support
|
If that's what you really want, why not change your func (r *FirstMate) SetupWebhookWithManager(mgr ctrl.Manager) error {
c := ctrl.NewWebhookManagedBy(mgr).
For(r).
Build()
c.client = mgr.GetClient()
r.controller = c
return nil
} |
|
Wouldn't the client then be an attribute on the custom resource (FirstMate in this example case and so be treated as part of the CRD and included in the generated CR definition? |
|
|
|
Maybe something like... var (
firstmatelog = logf.Log.WithName("firstmate-resource")
client Client
)
func (r *FirstMate) SetupWebhookWithManager(mgr ctrl.Manager) error {
client = mgr.getClient()
return ctrl.NewWebhookManagedBy(mgr).
For(r).
Build()
}
var _ webhook.Defaulter = &FirstMate{}
// Default implements webhook.Defaulter so a webhook will be registered for the type
func (r *FirstMate) Default() {
firstmatelog.Info("default", "name", r.Name)
// TODO use client to read other resources
client.Get(...)
// TODO(user): fill in your defaulting logic.
} |
|
Do have in mind the |
|
Yeah that approach works - SeldonIO/seldon-core@0202671#diff-e35f762db386aef706a8b20d09081fb9R99 |
|
If you need to use a client, I'd reccomend using the lower-level webhook machinery in |
|
we really need an FAQ item on this |
|
kubernetes-sigs/controller-runtime#780 - I get an error following the example. |
|
solved this. example in here kubernetes-sigs/controller-runtime#780 (comment) |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
|
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
What is the best way of doing this in 2021? Should we do it with @pires solution or as @DirectXMan12 said, using lower level webhook? or is there any better alternative right now? |
I would suggest using the lower level webhooks ( see https://github.com/kubernetes-sigs/controller-runtime/blob/master/examples/builtins/mutatingwebhook.go ) |
|
I recently ran into this issue. Here's how I solved it (note replace foo with your CR name):
...
if os.Getenv("ENABLE_WEBHOOKS") != "false" {
if err = webhook.SetupFooWebhookWithManager(mgr); err != nil {
setupLog.Error(err, "unable to create webhook", "webhook", "Foo")
os.Exit(1)
}
}
...
package webhook
import (
foov1 "github.com/company/foo/api/v1"
ctrl "sigs.k8s.io/controller-runtime"
)
func SetupFooWebhookWithManager(mgr ctrl.Manager) error {
return ctrl.NewWebhookManagedBy(mgr).
For(&foov1.Foo{}).
WithDefaulter(&Foo{Client: mgr.GetClient()}).
WithValidator(&FooValidator{Client: mgr.GetClient()}).
Complete()
}
package webhook
import (
"context"
foov1 "github.com/company/foo/api/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/validation/field"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
//+kubebuilder:webhook:path=/validate-foo-company-com-v1-foo,mutating=false,failurePolicy=fail,sideEffects=None,groups=foo.company.com,resources=foos,verbs=create;update,versions=v1,name=vfoo.kb.io,admissionReviewVersions=v1
// FooValidator validates Foos
type FooValidator struct {
Client client.Client
}
// ValidateCreate implements webhook.Validator
func (v *FooValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
foo := obj.(*foov1.Foo)
return nil, v.validateFoo(foo)
}
// ValidateUpdate implements webhook.Validator
func (v *FooValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
foo := newObj.(*foov1.Foo)
return nil, v.validateFoo(foo)
}
// ValidateDelete implements webhook.Validator
func (v *FooValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
return nil, nil
}
func (v *FooValidator) validateFoo(foo *foov1.Foo) error {
// TODO: Your validation logic
return nil
}
package webhook
import (
"context"
foov1 "github.com/company/foo/api/v1"
"k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
)
//+kubebuilder:webhook:path=/mutate-foo-company-com-v1-foo,mutating=true,failurePolicy=fail,sideEffects=None,groups=foo.company.com,resources=foo,verbs=create;update,versions=v1,name=mfoo.kb.io,admissionReviewVersions=v1
// FooDefaulter mutates Foos
type FooDefaulter struct {
Client client.Client
}
// Default implements webhook.Defaulter
func (d *FooDefaulter) Default(ctx context.Context, obj runtime.Object) error {
foo := obj.(*foov1.Foo)
// TODO: Your default logic
return nil
} |
I'd like to use the manager's client to reference a configmap when validating my custom resource. But I can't see a way to pass the manager's client through to the webhook code (the Defaulter) when using the
NewWebhookManagedByform:A related question put me on to the .Register form which I think would let me pass down the manager's client to the code that would be triggered by the webhook.
I might end up loading the configmap as an env var (I've read you can do this though can't find an example). But I'm wondering is it intended that the SetupWebhookWithManager doesn't let you use a client inside the webhook code? Or perhaps I'm missing something?
The text was updated successfully, but these errors were encountered: