From 8939c58ebf47550ce18b18b40a05c6c4b73e7eb5 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Fri, 10 Jun 2022 21:36:23 +0700 Subject: [PATCH 01/14] support ReplicaSet Signed-off-by: anastasia.malysheva --- main.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/main.go b/main.go index c92f4af..29e7e57 100644 --- a/main.go +++ b/main.go @@ -125,6 +125,11 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p metaPtr = &statefulSet.Spec.Template.ObjectMeta podSpec = &statefulSet.Spec.Template.Spec target = &statefulSet + case "ReplicaSet": + var replicaSet appsv1.ReplicaSet + metaPtr = &replicaSet.Spec.Template.ObjectMeta + podSpec = &replicaSet.Spec.Template.Spec + target = &replicaSet default: return "", nil, nil } From c9ef8c52d69edcf5569da775185f76b278d7b415 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Wed, 15 Jun 2022 13:18:09 +0700 Subject: [PATCH 02/14] remove redundant switch Signed-off-by: anastasia.malysheva --- main.go | 26 ++------------------------ 1 file changed, 2 insertions(+), 24 deletions(-) diff --git a/main.go b/main.go index 29e7e57..b0c0292 100644 --- a/main.go +++ b/main.go @@ -36,7 +36,6 @@ import ( "go.uber.org/zap" "gomodules.xyz/jsonpatch/v2" admissionv1 "k8s.io/api/admission/v1" - appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -103,34 +102,13 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p var metaPtr *v1.ObjectMeta var target interface{} p = "/spec/template" - switch in.Kind.Kind { - case "Deployment": - var deployment appsv1.Deployment - metaPtr = &deployment.Spec.Template.ObjectMeta - podSpec = &deployment.Spec.Template.Spec - target = &deployment - case "Pod": + if in.Kind.Kind == "Pod" { var pod corev1.Pod p = "" metaPtr = &pod.ObjectMeta podSpec = &pod.Spec target = &pod - case "DaemonSet": - var daemonSet appsv1.DaemonSet - metaPtr = &daemonSet.Spec.Template.ObjectMeta - podSpec = &daemonSet.Spec.Template.Spec - target = &daemonSet - case "StatefulSet": - var statefulSet appsv1.StatefulSet - metaPtr = &statefulSet.Spec.Template.ObjectMeta - podSpec = &statefulSet.Spec.Template.Spec - target = &statefulSet - case "ReplicaSet": - var replicaSet appsv1.ReplicaSet - metaPtr = &replicaSet.Spec.Template.ObjectMeta - podSpec = &replicaSet.Spec.Template.Spec - target = &replicaSet - default: + } else { return "", nil, nil } From 2f22dcaf5f95bb03c3222b5b3c6c75561d475e2a Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Thu, 16 Jun 2022 14:58:00 +0700 Subject: [PATCH 03/14] return switch back and update, update rules for selfRegister Signed-off-by: anastasia.malysheva --- internal/k8s/selfregister.go | 26 +++++++++++++++++++++++++- main.go | 24 ++++++++++++++++++++++-- 2 files changed, 47 insertions(+), 3 deletions(-) diff --git a/internal/k8s/selfregister.go b/internal/k8s/selfregister.go index bb61a3e..72b6528 100644 --- a/internal/k8s/selfregister.go +++ b/internal/k8s/selfregister.go @@ -98,11 +98,35 @@ func (a *AdmissionWebhookRegisterClient) Register(ctx context.Context, c *config { Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update}, Rule: admissionv1.Rule{ - APIGroups: []string{"extensions"}, + APIGroups: []string{"apps"}, APIVersions: []string{"v1"}, Resources: []string{"deployments"}, }, }, + { + Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update}, + Rule: admissionv1.Rule{ + APIGroups: []string{"apps"}, + APIVersions: []string{"v1"}, + Resources: []string{"statefulsets"}, + }, + }, + { + Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update}, + Rule: admissionv1.Rule{ + APIGroups: []string{"apps"}, + APIVersions: []string{"v1"}, + Resources: []string{"daemonsets"}, + }, + }, + { + Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update}, + Rule: admissionv1.Rule{ + APIGroups: []string{"apps"}, + APIVersions: []string{"v1"}, + Resources: []string{"replicasets"}, + }, + }, }, SideEffects: &sideEffects, AdmissionReviewVersions: []string{"v1"}, diff --git a/main.go b/main.go index b0c0292..ef7d5f1 100644 --- a/main.go +++ b/main.go @@ -36,6 +36,7 @@ import ( "go.uber.org/zap" "gomodules.xyz/jsonpatch/v2" admissionv1 "k8s.io/api/admission/v1" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -102,13 +103,32 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p var metaPtr *v1.ObjectMeta var target interface{} p = "/spec/template" - if in.Kind.Kind == "Pod" { + + switch in.Kind.Kind { + case "Deployment": + return "", nil, nil + case "Pod": var pod corev1.Pod p = "" metaPtr = &pod.ObjectMeta podSpec = &pod.Spec target = &pod - } else { + case "DaemonSet": + var daemonSet appsv1.DaemonSet + metaPtr = &daemonSet.ObjectMeta + podSpec = &daemonSet.Spec.Template.Spec + target = &daemonSet + case "StatefulSet": + var statefulSet appsv1.StatefulSet + metaPtr = &statefulSet.ObjectMeta + podSpec = &statefulSet.Spec.Template.Spec + target = &statefulSet + case "ReplicaSet": + var replicaSet appsv1.StatefulSet + metaPtr = &replicaSet.ObjectMeta + podSpec = &replicaSet.Spec.Template.Spec + target = &replicaSet + default: return "", nil, nil } From 0c5016d50e4ab1d1b809771bd54c253433b2c1bd Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Thu, 16 Jun 2022 22:57:59 +0700 Subject: [PATCH 04/14] Fix processing of deployment resources Signed-off-by: anastasia.malysheva --- main.go | 60 ++++++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 51 insertions(+), 9 deletions(-) diff --git a/main.go b/main.go index ef7d5f1..8127508 100644 --- a/main.go +++ b/main.go @@ -56,6 +56,12 @@ type admissionWebhookServer struct { logger *zap.SugaredLogger } +const ( + deploymentKind string = "Deployment" + podKind string = "Pod" + replicaSetKind string = "ReplicaSet" +) + func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse { var resp = &admissionv1.AdmissionResponse{ UID: in.UID, @@ -100,34 +106,43 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p string, meta *v1.ObjectMeta, spec *corev1.PodSpec) { var podSpec *corev1.PodSpec + var podMetaPtr *v1.ObjectMeta var metaPtr *v1.ObjectMeta var target interface{} p = "/spec/template" switch in.Kind.Kind { - case "Deployment": - return "", nil, nil - case "Pod": + case deploymentKind: + var deployment appsv1.Deployment + metaPtr = &deployment.ObjectMeta + podMetaPtr = &deployment.Spec.Template.ObjectMeta + podSpec = &deployment.Spec.Template.Spec + target = &deployment + case podKind: var pod corev1.Pod p = "" - metaPtr = &pod.ObjectMeta + podMetaPtr = &pod.ObjectMeta podSpec = &pod.Spec target = &pod case "DaemonSet": var daemonSet appsv1.DaemonSet metaPtr = &daemonSet.ObjectMeta + podMetaPtr = &daemonSet.Spec.Template.ObjectMeta podSpec = &daemonSet.Spec.Template.Spec target = &daemonSet case "StatefulSet": var statefulSet appsv1.StatefulSet metaPtr = &statefulSet.ObjectMeta + podMetaPtr = &statefulSet.Spec.Template.ObjectMeta podSpec = &statefulSet.Spec.Template.Spec target = &statefulSet - case "ReplicaSet": - var replicaSet appsv1.StatefulSet + case replicaSetKind: + var replicaSet appsv1.ReplicaSet metaPtr = &replicaSet.ObjectMeta + podMetaPtr = &replicaSet.Spec.Template.ObjectMeta podSpec = &replicaSet.Spec.Template.Spec target = &replicaSet + default: return "", nil, nil } @@ -136,10 +151,37 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p return "", nil, nil } p = path.Join("/", p) - if metaPtr.Labels == nil { - metaPtr.Labels = make(map[string]string) + if podMetaPtr.Labels == nil { + podMetaPtr.Labels = make(map[string]string) + } + // Annotations shouldn't be applied second time. + if isReplicaOwnedByDeployment(in.Kind.Kind, metaPtr) { + return "", nil, nil + } + updatePodAnnotations(in.Kind.Kind, metaPtr, podMetaPtr) + + return p, podMetaPtr, podSpec +} + +func isReplicaOwnedByDeployment(kind string, metaPtr *v1.ObjectMeta) bool { + if kind == replicaSetKind { + for _, o := range metaPtr.OwnerReferences { + if o.Kind == deploymentKind { + return true + } + } + } + return false +} + +func updatePodAnnotations(kind string, metaPtr, podMetaPtr *v1.ObjectMeta) { + if kind != podKind && metaPtr.Annotations != nil { + if podMetaPtr.Annotations == nil { + podMetaPtr.Annotations = metaPtr.Annotations + } + err := errors.New("can't register a sink factory for empty string") + panic(err.Error()) } - return p, metaPtr, podSpec } func (s *admissionWebhookServer) createVolumesPatch(p string, volumes []corev1.Volume) jsonpatch.JsonPatchOperation { From ce2d6a3a3dd177ded36dad47c465ed60f336fd58 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Thu, 16 Jun 2022 23:01:17 +0700 Subject: [PATCH 05/14] add import Signed-off-by: anastasia.malysheva --- main.go | 1 + 1 file changed, 1 insertion(+) diff --git a/main.go b/main.go index 8127508..6e27655 100644 --- a/main.go +++ b/main.go @@ -20,6 +20,7 @@ import ( "context" "crypto/tls" "encoding/json" + "errors" "io/ioutil" "net/http" "net/url" From 9c8733a3bcee9157060bf2545bb5366d76441a7c Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Thu, 16 Jun 2022 23:12:06 +0700 Subject: [PATCH 06/14] add import Signed-off-by: anastasia.malysheva --- internal/imports/imports_linux.go | 1 + 1 file changed, 1 insertion(+) diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go index a3a6f3b..9fdf036 100644 --- a/internal/imports/imports_linux.go +++ b/internal/imports/imports_linux.go @@ -10,6 +10,7 @@ import ( _ "crypto/x509/pkix" _ "encoding/json" _ "encoding/pem" + _ "errors" _ "fmt" _ "github.com/kelseyhightower/envconfig" _ "github.com/labstack/echo/v4" From 3131c88f87d53046a5ba38c72dd8cb71e9dcf206 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Thu, 7 Jul 2022 21:45:35 +0700 Subject: [PATCH 07/14] check tracing disable Signed-off-by: anastasia.malysheva --- main.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/main.go b/main.go index 6e27655..5fa16b0 100644 --- a/main.go +++ b/main.go @@ -68,14 +68,14 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis UID: in.UID, } - s.logger.Infof("Incoming request: %+v", in) - defer s.logger.Infof("Outgoing response: %+v", resp) + s.logger.Infof("Incoming request: kind, %+v, Name %+v, Namespace %+v", in.Kind, in.Name, in.Namespace) + // defer s.logger.Infof("Outgoing response: %+v", resp) if in.Operation != admissionv1.Create { resp.Allowed = true return resp } - + s.logger.Infof("Unmarshall in of kind %s", in.Kind.Kind) p, metaPtr, spec := s.unmarshal(in) if spec == nil { resp.Allowed = true @@ -84,6 +84,7 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis annotation := metaPtr.Annotations[s.config.Annotation] if annotation != "" { + s.logger.Infof("%v annotation is present ", s.config.Annotation) bytes, err := json.Marshal([]jsonpatch.JsonPatchOperation{ s.createInitContainerPatch(p, annotation, spec.InitContainers), s.createContainerPatch(p, annotation, spec.Containers), @@ -91,6 +92,7 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis s.createLabelPatch(p, metaPtr.Labels), }) if err != nil { + s.logger.Info("Some error happened") resp.Result = &v1.Status{ Status: err.Error(), } @@ -102,6 +104,7 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis } resp.Allowed = true + s.logger.Infof("Response") return resp } From ddf76f5525c7d519759b62caddf6a2e7d962f4ac Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Mon, 11 Jul 2022 19:38:52 +0700 Subject: [PATCH 08/14] Merge method back in one Signed-off-by: anastasia.malysheva --- main.go | 35 ++++++++++++----------------------- 1 file changed, 12 insertions(+), 23 deletions(-) diff --git a/main.go b/main.go index 5fa16b0..5543e53 100644 --- a/main.go +++ b/main.go @@ -20,7 +20,6 @@ import ( "context" "crypto/tls" "encoding/json" - "errors" "io/ioutil" "net/http" "net/url" @@ -69,7 +68,7 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis } s.logger.Infof("Incoming request: kind, %+v, Name %+v, Namespace %+v", in.Kind, in.Name, in.Namespace) - // defer s.logger.Infof("Outgoing response: %+v", resp) + defer s.logger.Infof("Outgoing response: %+v", resp) if in.Operation != admissionv1.Create { resp.Allowed = true @@ -146,7 +145,6 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p podMetaPtr = &replicaSet.Spec.Template.ObjectMeta podSpec = &replicaSet.Spec.Template.Spec target = &replicaSet - default: return "", nil, nil } @@ -159,33 +157,24 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p podMetaPtr.Labels = make(map[string]string) } // Annotations shouldn't be applied second time. - if isReplicaOwnedByDeployment(in.Kind.Kind, metaPtr) { - return "", nil, nil - } - updatePodAnnotations(in.Kind.Kind, metaPtr, podMetaPtr) - - return p, podMetaPtr, podSpec -} - -func isReplicaOwnedByDeployment(kind string, metaPtr *v1.ObjectMeta) bool { - if kind == replicaSetKind { + if in.Kind.Kind == replicaSetKind { for _, o := range metaPtr.OwnerReferences { if o.Kind == deploymentKind { - return true + return "", nil, nil } } } - return false -} -func updatePodAnnotations(kind string, metaPtr, podMetaPtr *v1.ObjectMeta) { - if kind != podKind && metaPtr.Annotations != nil { - if podMetaPtr.Annotations == nil { - podMetaPtr.Annotations = metaPtr.Annotations + func() { + if in.Kind.Kind != podKind && metaPtr.Annotations != nil { + if podMetaPtr.Annotations == nil { + podMetaPtr.Annotations = metaPtr.Annotations + } + s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") } - err := errors.New("can't register a sink factory for empty string") - panic(err.Error()) - } + }() + + return p, podMetaPtr, podSpec } func (s *admissionWebhookServer) createVolumesPatch(p string, volumes []corev1.Volume) jsonpatch.JsonPatchOperation { From 2dccc6218bd0773f1b42800fb04b5fc79ce92f6d Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Mon, 11 Jul 2022 19:44:01 +0700 Subject: [PATCH 09/14] import fix Signed-off-by: anastasia.malysheva --- internal/imports/imports_linux.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/imports/imports_linux.go b/internal/imports/imports_linux.go index 9fdf036..a3a6f3b 100644 --- a/internal/imports/imports_linux.go +++ b/internal/imports/imports_linux.go @@ -10,7 +10,6 @@ import ( _ "crypto/x509/pkix" _ "encoding/json" _ "encoding/pem" - _ "errors" _ "fmt" _ "github.com/kelseyhightower/envconfig" _ "github.com/labstack/echo/v4" From 951d0e480cad7df239cf422bfab24b9e1ea2d18a Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Tue, 12 Jul 2022 11:30:36 +0700 Subject: [PATCH 10/14] remove redundant logs. Signed-off-by: anastasia.malysheva --- main.go | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/main.go b/main.go index 5543e53..2ede9c6 100644 --- a/main.go +++ b/main.go @@ -67,14 +67,14 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis UID: in.UID, } - s.logger.Infof("Incoming request: kind, %+v, Name %+v, Namespace %+v", in.Kind, in.Name, in.Namespace) + s.logger.Infof("Incoming request: %+v", in) defer s.logger.Infof("Outgoing response: %+v", resp) if in.Operation != admissionv1.Create { resp.Allowed = true return resp } - s.logger.Infof("Unmarshall in of kind %s", in.Kind.Kind) + p, metaPtr, spec := s.unmarshal(in) if spec == nil { resp.Allowed = true @@ -83,7 +83,6 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis annotation := metaPtr.Annotations[s.config.Annotation] if annotation != "" { - s.logger.Infof("%v annotation is present ", s.config.Annotation) bytes, err := json.Marshal([]jsonpatch.JsonPatchOperation{ s.createInitContainerPatch(p, annotation, spec.InitContainers), s.createContainerPatch(p, annotation, spec.Containers), @@ -91,7 +90,6 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis s.createLabelPatch(p, metaPtr.Labels), }) if err != nil { - s.logger.Info("Some error happened") resp.Result = &v1.Status{ Status: err.Error(), } @@ -103,7 +101,6 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis } resp.Allowed = true - s.logger.Infof("Response") return resp } @@ -113,7 +110,6 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p var metaPtr *v1.ObjectMeta var target interface{} p = "/spec/template" - switch in.Kind.Kind { case deploymentKind: var deployment appsv1.Deployment From ead94836239c9e7a0b7bd538bbf1ae4575cb6f52 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Tue, 12 Jul 2022 20:27:56 +0700 Subject: [PATCH 11/14] fixes after comments Signed-off-by: anastasia.malysheva --- main.go | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/main.go b/main.go index 2ede9c6..6bc347b 100644 --- a/main.go +++ b/main.go @@ -106,8 +106,7 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p string, meta *v1.ObjectMeta, spec *corev1.PodSpec) { var podSpec *corev1.PodSpec - var podMetaPtr *v1.ObjectMeta - var metaPtr *v1.ObjectMeta + var metaPtr, podMetaPtr *v1.ObjectMeta var target interface{} p = "/spec/template" switch in.Kind.Kind { @@ -148,7 +147,6 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p if err := json.Unmarshal(in.Object.Raw, target); err != nil { return "", nil, nil } - p = path.Join("/", p) if podMetaPtr.Labels == nil { podMetaPtr.Labels = make(map[string]string) } @@ -161,16 +159,14 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p } } - func() { - if in.Kind.Kind != podKind && metaPtr.Annotations != nil { - if podMetaPtr.Annotations == nil { - podMetaPtr.Annotations = metaPtr.Annotations - } - s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") + if in.Kind.Kind != podKind && metaPtr.Annotations != nil { + if podMetaPtr.Annotations == nil { + podMetaPtr.Annotations = metaPtr.Annotations } - }() + s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") + } - return p, podMetaPtr, podSpec + return path.Join("/", p), podMetaPtr, podSpec } func (s *admissionWebhookServer) createVolumesPatch(p string, volumes []corev1.Volume) jsonpatch.JsonPatchOperation { From d7709e45840e8d29255ae1c70a44ad8fcdba9869 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Wed, 13 Jul 2022 12:47:42 +0700 Subject: [PATCH 12/14] fixes after comments Signed-off-by: anastasia.malysheva --- main.go | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/main.go b/main.go index 6bc347b..021de51 100644 --- a/main.go +++ b/main.go @@ -140,10 +140,18 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p podMetaPtr = &replicaSet.Spec.Template.ObjectMeta podSpec = &replicaSet.Spec.Template.Spec target = &replicaSet + defer func() { + s.logger.Info("Replicaset Defer method") + for _, o := range metaPtr.OwnerReferences { + if o.Kind == deploymentKind { + p, meta, spec = "", nil, nil + } + } + }() + default: return "", nil, nil } - if err := json.Unmarshal(in.Object.Raw, target); err != nil { return "", nil, nil } @@ -151,19 +159,12 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p podMetaPtr.Labels = make(map[string]string) } // Annotations shouldn't be applied second time. - if in.Kind.Kind == replicaSetKind { - for _, o := range metaPtr.OwnerReferences { - if o.Kind == deploymentKind { - return "", nil, nil - } - } - } - if in.Kind.Kind != podKind && metaPtr.Annotations != nil { if podMetaPtr.Annotations == nil { podMetaPtr.Annotations = metaPtr.Annotations + } else { + s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") } - s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") } return path.Join("/", p), podMetaPtr, podSpec From d3b2f29ceb9efc842e4ae3c7edeb22d961f39dc0 Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Mon, 18 Jul 2022 20:56:54 +0700 Subject: [PATCH 13/14] fixes after comments Signed-off-by: anastasia.malysheva --- main.go | 47 +++++++++++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/main.go b/main.go index 021de51..2ad7214 100644 --- a/main.go +++ b/main.go @@ -75,19 +75,25 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis return resp } - p, metaPtr, spec := s.unmarshal(in) + metaPtr, podMetaPtr, spec := s.unmarshal(in) + p := "" + if in.Kind.Kind != podKind { + p = "/spec/template" + } + p = path.Join("/", p) + podMetaPtr = s.postProcessPodMeta(podMetaPtr, metaPtr, in.Kind.Kind) if spec == nil { resp.Allowed = true return resp } - annotation := metaPtr.Annotations[s.config.Annotation] + annotation := podMetaPtr.Annotations[s.config.Annotation] if annotation != "" { bytes, err := json.Marshal([]jsonpatch.JsonPatchOperation{ s.createInitContainerPatch(p, annotation, spec.InitContainers), s.createContainerPatch(p, annotation, spec.Containers), s.createVolumesPatch(p, spec.Volumes), - s.createLabelPatch(p, metaPtr.Labels), + s.createLabelPatch(p, podMetaPtr.Labels), }) if err != nil { resp.Result = &v1.Status{ @@ -104,11 +110,8 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis return resp } -func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p string, meta *v1.ObjectMeta, spec *corev1.PodSpec) { - var podSpec *corev1.PodSpec - var metaPtr, podMetaPtr *v1.ObjectMeta +func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (metaPtr, podMetaPtr *v1.ObjectMeta, podSpec *corev1.PodSpec) { var target interface{} - p = "/spec/template" switch in.Kind.Kind { case deploymentKind: var deployment appsv1.Deployment @@ -118,7 +121,6 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p target = &deployment case podKind: var pod corev1.Pod - p = "" podMetaPtr = &pod.ObjectMeta podSpec = &pod.Spec target = &pod @@ -140,34 +142,35 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p podMetaPtr = &replicaSet.Spec.Template.ObjectMeta podSpec = &replicaSet.Spec.Template.Spec target = &replicaSet - defer func() { - s.logger.Info("Replicaset Defer method") - for _, o := range metaPtr.OwnerReferences { - if o.Kind == deploymentKind { - p, meta, spec = "", nil, nil - } - } - }() - default: - return "", nil, nil + return nil, nil, nil } if err := json.Unmarshal(in.Object.Raw, target); err != nil { - return "", nil, nil + return nil, nil, nil } + return metaPtr, podMetaPtr, podSpec +} + +func (s *admissionWebhookServer) postProcessPodMeta(podMetaPtr, metaPtr *v1.ObjectMeta, kind string) *v1.ObjectMeta { if podMetaPtr.Labels == nil { podMetaPtr.Labels = make(map[string]string) } // Annotations shouldn't be applied second time. - if in.Kind.Kind != podKind && metaPtr.Annotations != nil { + if kind != podKind && metaPtr.Annotations != nil { if podMetaPtr.Annotations == nil { podMetaPtr.Annotations = metaPtr.Annotations } else { s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") } } - - return path.Join("/", p), podMetaPtr, podSpec + if kind == replicaSetKind { + for _, o := range metaPtr.OwnerReferences { + if o.Kind == deploymentKind { + return nil + } + } + } + return podMetaPtr } func (s *admissionWebhookServer) createVolumesPatch(p string, volumes []corev1.Volume) jsonpatch.JsonPatchOperation { From c5c4f45aba3b96f9772948c561cdbec46e8b62bf Mon Sep 17 00:00:00 2001 From: "anastasia.malysheva" Date: Tue, 19 Jul 2022 10:19:31 +0700 Subject: [PATCH 14/14] fixes after comments Signed-off-by: anastasia.malysheva --- .golangci.yml | 2 +- main.go | 34 +++++++++++++++------------------- 2 files changed, 16 insertions(+), 20 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 8a644c1..d09f4a6 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -40,7 +40,7 @@ linters-settings: Statements: 50 goconst: min-len: 2 - min-occurrences: 2 + min-occurrences: 5 depguard: list-type: blacklist include-go-root: false diff --git a/main.go b/main.go index 2ad7214..d471221 100644 --- a/main.go +++ b/main.go @@ -56,12 +56,6 @@ type admissionWebhookServer struct { logger *zap.SugaredLogger } -const ( - deploymentKind string = "Deployment" - podKind string = "Pod" - replicaSetKind string = "ReplicaSet" -) - func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse { var resp = &admissionv1.AdmissionResponse{ UID: in.UID, @@ -75,13 +69,13 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis return resp } - metaPtr, podMetaPtr, spec := s.unmarshal(in) + podMetaPtr, spec := s.unmarshal(in) p := "" - if in.Kind.Kind != podKind { + if in.Kind.Kind != "Pod" { p = "/spec/template" } p = path.Join("/", p) - podMetaPtr = s.postProcessPodMeta(podMetaPtr, metaPtr, in.Kind.Kind) + if spec == nil { resp.Allowed = true return resp @@ -110,16 +104,17 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis return resp } -func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (metaPtr, podMetaPtr *v1.ObjectMeta, podSpec *corev1.PodSpec) { +func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (podMetaPtr *v1.ObjectMeta, podSpec *corev1.PodSpec) { var target interface{} + var metaPtr *v1.ObjectMeta switch in.Kind.Kind { - case deploymentKind: + case "Deployment": var deployment appsv1.Deployment metaPtr = &deployment.ObjectMeta podMetaPtr = &deployment.Spec.Template.ObjectMeta podSpec = &deployment.Spec.Template.Spec target = &deployment - case podKind: + case "Pod": var pod corev1.Pod podMetaPtr = &pod.ObjectMeta podSpec = &pod.Spec @@ -136,19 +131,20 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (me podMetaPtr = &statefulSet.Spec.Template.ObjectMeta podSpec = &statefulSet.Spec.Template.Spec target = &statefulSet - case replicaSetKind: + case "ReplicaSet": var replicaSet appsv1.ReplicaSet metaPtr = &replicaSet.ObjectMeta podMetaPtr = &replicaSet.Spec.Template.ObjectMeta podSpec = &replicaSet.Spec.Template.Spec target = &replicaSet default: - return nil, nil, nil + return nil, nil } if err := json.Unmarshal(in.Object.Raw, target); err != nil { - return nil, nil, nil + return nil, nil } - return metaPtr, podMetaPtr, podSpec + podMetaPtr = s.postProcessPodMeta(podMetaPtr, metaPtr, in.Kind.Kind) + return podMetaPtr, podSpec } func (s *admissionWebhookServer) postProcessPodMeta(podMetaPtr, metaPtr *v1.ObjectMeta, kind string) *v1.ObjectMeta { @@ -156,16 +152,16 @@ func (s *admissionWebhookServer) postProcessPodMeta(podMetaPtr, metaPtr *v1.Obje podMetaPtr.Labels = make(map[string]string) } // Annotations shouldn't be applied second time. - if kind != podKind && metaPtr.Annotations != nil { + if kind != "Pod" { if podMetaPtr.Annotations == nil { podMetaPtr.Annotations = metaPtr.Annotations } else { s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.") } } - if kind == replicaSetKind { + if kind == "ReplicaSet" { for _, o := range metaPtr.OwnerReferences { - if o.Kind == deploymentKind { + if o.Kind == "Deployment" { return nil } }