Add support for ReplicaSet k8s kind

internal/imports/imports_linux.go

@@ -10,6 +10,7 @@ import (
 	_ "crypto/x509/pkix"
 	_ "encoding/json"
 	_ "encoding/pem"
+	_ "errors"
 	_ "fmt"
 	_ "github.com/kelseyhightower/envconfig"
 	_ "github.com/labstack/echo/v4"

internal/k8s/selfregister.go

@@ -98,11 +98,35 @@ func (a *AdmissionWebhookRegisterClient) Register(ctx context.Context, c *config
 					{
 						Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update},
 						Rule: admissionv1.Rule{
-							APIGroups:   []string{"extensions"},
+							APIGroups:   []string{"apps"},
 							APIVersions: []string{"v1"},
 							Resources:   []string{"deployments"},
 						},
 					},
+					{
+						Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update},
+						Rule: admissionv1.Rule{
+							APIGroups:   []string{"apps"},
+							APIVersions: []string{"v1"},
+							Resources:   []string{"statefulsets"},
+						},
+					},
+					{
+						Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update},
+						Rule: admissionv1.Rule{
+							APIGroups:   []string{"apps"},
+							APIVersions: []string{"v1"},
+							Resources:   []string{"daemonsets"},
+						},
+					},
+					{
+						Operations: []admissionv1.OperationType{admissionv1.Create, admissionv1.Update},
+						Rule: admissionv1.Rule{
+							APIGroups:   []string{"apps"},
+							APIVersions: []string{"v1"},
+							Resources:   []string{"replicasets"},
+						},
+					},
 				},
 				SideEffects:             &sideEffects,
 				AdmissionReviewVersions: []string{"v1"},

main.go

@@ -56,19 +56,25 @@ type admissionWebhookServer struct {
 	logger *zap.SugaredLogger
 }
 
+const (
+	deploymentKind string = "Deployment"
+	podKind        string = "Pod"
+	replicaSetKind string = "ReplicaSet"
+)
+
 func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 	var resp = &admissionv1.AdmissionResponse{
 		UID: in.UID,
 	}
 
-	s.logger.Infof("Incoming request: %+v", in)
+	s.logger.Infof("Incoming request: kind, %+v, Name %+v, Namespace %+v", in.Kind, in.Name, in.Namespace)
 	defer s.logger.Infof("Outgoing response: %+v", resp)
 
 	if in.Operation != admissionv1.Create {
 		resp.Allowed = true
 		return resp
 	}
-
+	s.logger.Infof("Unmarshall in of kind %s", in.Kind.Kind)
 	p, metaPtr, spec := s.unmarshal(in)
 	if spec == nil {
 		resp.Allowed = true
@@ -77,13 +83,15 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis
 	annotation := metaPtr.Annotations[s.config.Annotation]
 
 	if annotation != "" {
+		s.logger.Infof("%v annotation is present ", s.config.Annotation)
 		bytes, err := json.Marshal([]jsonpatch.JsonPatchOperation{
 			s.createInitContainerPatch(p, annotation, spec.InitContainers),
 			s.createContainerPatch(p, annotation, spec.Containers),
 			s.createVolumesPatch(p, spec.Volumes),
 			s.createLabelPatch(p, metaPtr.Labels),
 		})
 		if err != nil {
+			s.logger.Info("Some error happened")
 			resp.Result = &v1.Status{
 				Status: err.Error(),
 			}
@@ -95,36 +103,48 @@ func (s *admissionWebhookServer) Review(in *admissionv1.AdmissionRequest) *admis
 	}
 
 	resp.Allowed = true
+	s.logger.Infof("Response")
 	return resp
 }
 
 func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p string, meta *v1.ObjectMeta, spec *corev1.PodSpec) {
 	var podSpec *corev1.PodSpec
+	var podMetaPtr *v1.ObjectMeta
 	var metaPtr *v1.ObjectMeta
 	var target interface{}
 	p = "/spec/template"
+
 	switch in.Kind.Kind {
-	case "Deployment":
+	case deploymentKind:
 		var deployment appsv1.Deployment
-		metaPtr = &deployment.Spec.Template.ObjectMeta
+		metaPtr = &deployment.ObjectMeta
+		podMetaPtr = &deployment.Spec.Template.ObjectMeta
 		podSpec = &deployment.Spec.Template.Spec
 		target = &deployment
-	case "Pod":
+	case podKind:
 		var pod corev1.Pod
 		p = ""
-		metaPtr = &pod.ObjectMeta
+		podMetaPtr = &pod.ObjectMeta
 		podSpec = &pod.Spec
 		target = &pod
 	case "DaemonSet":
 		var daemonSet appsv1.DaemonSet
-		metaPtr = &daemonSet.Spec.Template.ObjectMeta
+		metaPtr = &daemonSet.ObjectMeta
+		podMetaPtr = &daemonSet.Spec.Template.ObjectMeta
 		podSpec = &daemonSet.Spec.Template.Spec
 		target = &daemonSet
 	case "StatefulSet":
 		var statefulSet appsv1.StatefulSet
-		metaPtr = &statefulSet.Spec.Template.ObjectMeta
+		metaPtr = &statefulSet.ObjectMeta
+		podMetaPtr = &statefulSet.Spec.Template.ObjectMeta
 		podSpec = &statefulSet.Spec.Template.Spec
 		target = &statefulSet
+	case replicaSetKind:
+		var replicaSet appsv1.ReplicaSet
+		metaPtr = &replicaSet.ObjectMeta
+		podMetaPtr = &replicaSet.Spec.Template.ObjectMeta
+		podSpec = &replicaSet.Spec.Template.Spec
+		target = &replicaSet
 	default:
 		return "", nil, nil
 	}
@@ -133,10 +153,28 @@ func (s *admissionWebhookServer) unmarshal(in *admissionv1.AdmissionRequest) (p
 		return "", nil, nil
 	}
 	p = path.Join("/", p)
-	if metaPtr.Labels == nil {
-		metaPtr.Labels = make(map[string]string)
+	if podMetaPtr.Labels == nil {
+		podMetaPtr.Labels = make(map[string]string)
+	}
+	// Annotations shouldn't be applied second time.
+	if in.Kind.Kind == replicaSetKind {
+		for _, o := range metaPtr.OwnerReferences {
+			if o.Kind == deploymentKind {
+				return "", nil, nil
+			}
+		}
 	}
-	return p, metaPtr, podSpec
+
+	func() {
+		if in.Kind.Kind != podKind && metaPtr.Annotations != nil {
+			if podMetaPtr.Annotations == nil {
+				podMetaPtr.Annotations = metaPtr.Annotations
+			}
+			s.logger.Errorf("Malformed specification. Annotations can't be provided in several places.")
+		}
+	}()
+
+	return p, podMetaPtr, podSpec
 }
 
 func (s *admissionWebhookServer) createVolumesPatch(p string, volumes []corev1.Volume) jsonpatch.JsonPatchOperation {