From f78a5341e131ac4e3cfa7d5b914e20a4161f0de9 Mon Sep 17 00:00:00 2001 From: Daniel Smith Date: Tue, 31 Oct 2017 16:28:06 -0700 Subject: [PATCH 1/2] Add URL beside service Kubernetes-commit: a0cb2ce697c195d22daeef4fbe6545bdaba11e2f --- admissionregistration/v1alpha1/types.go | 56 ++++++++++++++++++++----- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/admissionregistration/v1alpha1/types.go b/admissionregistration/v1alpha1/types.go index 9232c1eb34..23645f05b6 100644 --- a/admissionregistration/v1alpha1/types.go +++ b/admissionregistration/v1alpha1/types.go @@ -272,26 +272,60 @@ const ( // WebhookClientConfig contains the information to make a TLS // connection with the webhook type WebhookClientConfig struct { - // Service is a reference to the service for this webhook. If there is only - // one port open for the service, that port will be used. If there are multiple - // ports open, port 443 will be used if it is open, otherwise it is an error. - // Required - Service ServiceReference `json:"service" protobuf:"bytes,1,opt,name=service"` + // `url` gives the location of the webhook, in standard URL form + // (`[scheme://]host:port/path`). Exactly one of `url` or `service` + // must be specified. + // + // The `host` should not refer to a service running in the cluster; use + // the `service` field instead. The host might be resolved via external + // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve + // in-cluster DNS as that would be a layering violation). `host` may + // also be an IP address. + // + // Please note that using `localhost` or `127.0.0.1` as a `host` is + // risky unless you take great care to run this webhook on all hosts + // which run an apiserver which might need to make calls to this + // webhook. Such installs are likely to be non-portable, i.e., not easy + // to turn up in a new cluster. + // + // If the scheme is present, it must be "https://". + // + // A path is optional, and if present may be any string permissible in + // a URL. You may use the path to pass an arbitrary string to the + // webhook, for example, a cluster identifier. + // + // +optional + URL *string `json:"url,omitempty"` - // URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object. - URLPath string `json:"urlPath" protobuf:"bytes,3,opt,name=urlPath"` + // `service` is a reference to the service for this webhook. Either + // `service` or `url` must be specified. + // + // If the webhook is running within the cluster, then you should use `service`. + // + // If there is only one port open for the service, that port will be + // used. If there are multiple ports open, port 443 will be used if it + // is open, otherwise it is an error. + // + // +optional + Service *ServiceReference `json:"service" protobuf:"bytes,1,opt,name=service"` - // CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate. - // Required + // `caBundle` is a PEM encoded CA bundle which will be used to validate + // the webhook's server certificate. + // Required. CABundle []byte `json:"caBundle" protobuf:"bytes,2,opt,name=caBundle"` } // ServiceReference holds a reference to Service.legacy.k8s.io type ServiceReference struct { - // Namespace is the namespace of the service + // `namespace` is the namespace of the service. // Required Namespace string `json:"namespace" protobuf:"bytes,1,opt,name=namespace"` - // Name is the name of the service + // `name` is the name of the service. // Required Name string `json:"name" protobuf:"bytes,2,opt,name=name"` + + // `path` is an optional URL path which will be sent in any request to + // this service. + // +optional + Path *string `json:"path,omitempty"` } From e685fbdf93f03680a265785b954e11df0827e73a Mon Sep 17 00:00:00 2001 From: Daniel Smith Date: Fri, 10 Nov 2017 09:03:30 -0800 Subject: [PATCH 2/2] generated Kubernetes-commit: fc0924cd4b59ab49ee955b7f0631820db57a824f --- .../v1alpha1/generated.pb.go | 216 +++++++++++------- .../v1alpha1/generated.proto | 57 ++++- admissionregistration/v1alpha1/types.go | 4 +- .../v1alpha1/types_swagger_doc_generated.go | 11 +- .../v1alpha1/zz_generated.deepcopy.go | 28 ++- 5 files changed, 217 insertions(+), 99 deletions(-) diff --git a/admissionregistration/v1alpha1/generated.pb.go b/admissionregistration/v1alpha1/generated.pb.go index 95e5979a26..9daf708703 100644 --- a/admissionregistration/v1alpha1/generated.pb.go +++ b/admissionregistration/v1alpha1/generated.pb.go @@ -449,6 +449,12 @@ func (m *ServiceReference) MarshalTo(dAtA []byte) (int, error) { i++ i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) i += copy(dAtA[i:], m.Name) + if m.Path != nil { + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.Path))) + i += copy(dAtA[i:], *m.Path) + } return i, nil } @@ -601,24 +607,28 @@ func (m *WebhookClientConfig) MarshalTo(dAtA []byte) (int, error) { _ = i var l int _ = l - dAtA[i] = 0xa - i++ - i = encodeVarintGenerated(dAtA, i, uint64(m.Service.Size())) - n10, err := m.Service.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err + if m.Service != nil { + dAtA[i] = 0xa + i++ + i = encodeVarintGenerated(dAtA, i, uint64(m.Service.Size())) + n10, err := m.Service.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n10 } - i += n10 if m.CABundle != nil { dAtA[i] = 0x12 i++ i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle))) i += copy(dAtA[i:], m.CABundle) } - dAtA[i] = 0x1a - i++ - i = encodeVarintGenerated(dAtA, i, uint64(len(m.URLPath))) - i += copy(dAtA[i:], m.URLPath) + if m.URL != nil { + dAtA[i] = 0x1a + i++ + i = encodeVarintGenerated(dAtA, i, uint64(len(*m.URL))) + i += copy(dAtA[i:], *m.URL) + } return i, nil } @@ -764,6 +774,10 @@ func (m *ServiceReference) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.Name) n += 1 + l + sovGenerated(uint64(l)) + if m.Path != nil { + l = len(*m.Path) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -822,14 +836,18 @@ func (m *Webhook) Size() (n int) { func (m *WebhookClientConfig) Size() (n int) { var l int _ = l - l = m.Service.Size() - n += 1 + l + sovGenerated(uint64(l)) + if m.Service != nil { + l = m.Service.Size() + n += 1 + l + sovGenerated(uint64(l)) + } if m.CABundle != nil { l = len(m.CABundle) n += 1 + l + sovGenerated(uint64(l)) } - l = len(m.URLPath) - n += 1 + l + sovGenerated(uint64(l)) + if m.URL != nil { + l = len(*m.URL) + n += 1 + l + sovGenerated(uint64(l)) + } return n } @@ -931,6 +949,7 @@ func (this *ServiceReference) String() string { s := strings.Join([]string{`&ServiceReference{`, `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, `Name:` + fmt.Sprintf("%v", this.Name) + `,`, + `Path:` + valueToStringGenerated(this.Path) + `,`, `}`, }, "") return s @@ -976,9 +995,9 @@ func (this *WebhookClientConfig) String() string { return "nil" } s := strings.Join([]string{`&WebhookClientConfig{`, - `Service:` + strings.Replace(strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1), `&`, ``, 1) + `,`, + `Service:` + strings.Replace(fmt.Sprintf("%v", this.Service), "ServiceReference", "ServiceReference", 1) + `,`, `CABundle:` + valueToStringGenerated(this.CABundle) + `,`, - `URLPath:` + fmt.Sprintf("%v", this.URLPath) + `,`, + `URL:` + valueToStringGenerated(this.URL) + `,`, `}`, }, "") return s @@ -1878,6 +1897,36 @@ func (m *ServiceReference) Unmarshal(dAtA []byte) error { } m.Name = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Path", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGenerated + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGenerated + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + s := string(dAtA[iNdEx:postIndex]) + m.Path = &s + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -2379,6 +2428,9 @@ func (m *WebhookClientConfig) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } + if m.Service == nil { + m.Service = &ServiceReference{} + } if err := m.Service.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err } @@ -2416,7 +2468,7 @@ func (m *WebhookClientConfig) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 3: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field URLPath", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field URL", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -2441,7 +2493,8 @@ func (m *WebhookClientConfig) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.URLPath = string(dAtA[iNdEx:postIndex]) + s := string(dAtA[iNdEx:postIndex]) + m.URL = &s iNdEx = postIndex default: iNdEx = preIndex @@ -2574,65 +2627,68 @@ func init() { } var fileDescriptorGenerated = []byte{ - // 960 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x56, 0x4f, 0x6f, 0x23, 0xc5, - 0x13, 0xf5, 0xc4, 0x8e, 0x62, 0xb7, 0x6d, 0xed, 0xa6, 0x7f, 0x3f, 0x24, 0x2b, 0x5a, 0x8d, 0xad, - 0x39, 0xa0, 0xac, 0x10, 0x33, 0x24, 0x8b, 0x56, 0x48, 0x08, 0x50, 0x26, 0x12, 0x2b, 0x4b, 0xd9, - 0x6c, 0xe8, 0x0d, 0xbb, 0x12, 0xe2, 0x40, 0x7b, 0x5c, 0xb6, 0x1b, 0x8f, 0x67, 0x46, 0xdd, 0x3d, - 0x66, 0xc3, 0x89, 0x0b, 0x77, 0x24, 0xbe, 0x04, 0x1f, 0x25, 0xc7, 0x85, 0x03, 0xca, 0xc9, 0x22, - 0x83, 0xc4, 0x91, 0x03, 0xc7, 0x3d, 0xa1, 0x9e, 0x7f, 0x1e, 0xc7, 0x71, 0x88, 0x39, 0xe4, 0xc0, - 0xcd, 0x5d, 0xd5, 0xef, 0x55, 0xbd, 0xaa, 0xae, 0xf2, 0x20, 0x32, 0xfe, 0x40, 0x98, 0xcc, 0xb7, - 0xc6, 0x61, 0x0f, 0xb8, 0x07, 0x12, 0x84, 0x35, 0x05, 0xaf, 0xef, 0x73, 0x2b, 0x75, 0xd0, 0x80, - 0x59, 0xb4, 0x3f, 0x61, 0x42, 0x30, 0xdf, 0xe3, 0x30, 0x64, 0x42, 0x72, 0x2a, 0x99, 0xef, 0x59, - 0xd3, 0x3d, 0xea, 0x06, 0x23, 0xba, 0x67, 0x0d, 0xc1, 0x03, 0x4e, 0x25, 0xf4, 0xcd, 0x80, 0xfb, - 0xd2, 0xc7, 0x0f, 0x13, 0xa8, 0x49, 0x03, 0x66, 0x5e, 0x0b, 0x35, 0x33, 0xe8, 0xce, 0xbb, 0x43, - 0x26, 0x47, 0x61, 0xcf, 0x74, 0xfc, 0x89, 0x35, 0xf4, 0x87, 0xbe, 0x15, 0x33, 0xf4, 0xc2, 0x41, - 0x7c, 0x8a, 0x0f, 0xf1, 0xaf, 0x84, 0x79, 0xc7, 0x28, 0x24, 0xe5, 0xf8, 0x1c, 0xac, 0xe9, 0x52, - 0xf4, 0x9d, 0xf7, 0xe7, 0x77, 0x26, 0xd4, 0x19, 0x31, 0x0f, 0xf8, 0x99, 0x15, 0x8c, 0x87, 0xca, - 0x20, 0xac, 0x09, 0x48, 0x7a, 0x1d, 0xca, 0x5a, 0x85, 0xe2, 0xa1, 0x27, 0xd9, 0x04, 0x96, 0x00, - 0x8f, 0xff, 0x09, 0x20, 0x9c, 0x11, 0x4c, 0xe8, 0x12, 0xee, 0xd1, 0x2a, 0x5c, 0x28, 0x99, 0x6b, - 0x31, 0x4f, 0x0a, 0xc9, 0xaf, 0x82, 0x8c, 0xef, 0x35, 0x54, 0xef, 0x7a, 0x4c, 0x32, 0xea, 0xb2, - 0x6f, 0x81, 0xe3, 0x0e, 0xaa, 0x78, 0x74, 0x02, 0x2d, 0xad, 0xa3, 0xed, 0xd6, 0xec, 0xc6, 0xf9, - 0xac, 0x5d, 0x8a, 0x66, 0xed, 0xca, 0x31, 0x9d, 0x00, 0x89, 0x3d, 0xf8, 0x14, 0x6d, 0xf2, 0xd0, - 0x05, 0xd1, 0xda, 0xe8, 0x94, 0x77, 0xeb, 0xfb, 0x96, 0x79, 0xeb, 0x9e, 0x98, 0x24, 0x74, 0xc1, - 0x6e, 0xa6, 0x9c, 0x9b, 0xea, 0x24, 0x48, 0x42, 0x66, 0xfc, 0xa9, 0xa1, 0x56, 0x21, 0x8f, 0x43, - 0xdf, 0x1b, 0xb0, 0x61, 0x98, 0x10, 0xe0, 0xaf, 0x50, 0x55, 0x55, 0xb7, 0x4f, 0x25, 0x8d, 0x13, - 0xab, 0xef, 0xbf, 0x57, 0x88, 0x9a, 0x8b, 0x35, 0x83, 0xf1, 0x50, 0x19, 0x84, 0xa9, 0x6e, 0x9b, - 0xd3, 0x3d, 0xf3, 0x59, 0xef, 0x6b, 0x70, 0xe4, 0x53, 0x90, 0xd4, 0xc6, 0x69, 0x58, 0x34, 0xb7, - 0x91, 0x9c, 0x15, 0x07, 0xa8, 0xc1, 0xe6, 0xd1, 0x33, 0x6d, 0x8f, 0xd7, 0xd0, 0x56, 0x48, 0xde, - 0xfe, 0x7f, 0x1a, 0xab, 0x51, 0x30, 0x0a, 0xb2, 0x10, 0xc1, 0xf8, 0x43, 0x43, 0x0f, 0x56, 0x09, - 0x3e, 0x62, 0x42, 0xe2, 0x2f, 0x97, 0x44, 0x9b, 0xb7, 0x13, 0xad, 0xd0, 0xb1, 0xe4, 0xfb, 0x69, - 0x1a, 0xd5, 0xcc, 0x52, 0x10, 0x3c, 0x42, 0x9b, 0x4c, 0xc2, 0x24, 0x53, 0x7a, 0xf8, 0xef, 0x94, - 0x2e, 0x64, 0x3d, 0xef, 0x6c, 0x57, 0x31, 0x93, 0x24, 0x80, 0xf1, 0xab, 0x86, 0x1e, 0x3c, 0x0d, - 0x25, 0x95, 0xcc, 0x1b, 0xbe, 0x84, 0xde, 0xc8, 0xf7, 0xc7, 0x77, 0xdd, 0xdd, 0x53, 0x54, 0x4d, - 0x23, 0x67, 0x7a, 0xf7, 0xd7, 0xd0, 0x9b, 0x42, 0xed, 0x8a, 0x8a, 0x41, 0xaa, 0xdf, 0xa4, 0x4c, - 0xea, 0xc9, 0x76, 0x6e, 0x12, 0x76, 0x07, 0x5d, 0x74, 0x17, 0xbb, 0xf8, 0x64, 0x0d, 0x55, 0x37, - 0x65, 0xbe, 0xa2, 0x93, 0x3f, 0x6a, 0xa8, 0xa2, 0x86, 0x16, 0xbf, 0x83, 0x6a, 0x34, 0x60, 0x4f, - 0xb8, 0x1f, 0x06, 0xa2, 0xa5, 0x75, 0xca, 0xbb, 0x35, 0xbb, 0x19, 0xcd, 0xda, 0xb5, 0x83, 0x93, - 0x6e, 0x62, 0x24, 0x73, 0x3f, 0xde, 0x43, 0x75, 0x1a, 0xb0, 0x17, 0xc0, 0x55, 0x2e, 0x49, 0xa6, - 0x35, 0xfb, 0x5e, 0x34, 0x6b, 0xd7, 0x0f, 0x4e, 0xba, 0x99, 0x99, 0x14, 0xef, 0x28, 0x7e, 0x0e, - 0xc2, 0x0f, 0xb9, 0x03, 0xa2, 0x55, 0x9e, 0xf3, 0x93, 0xcc, 0x48, 0xe6, 0x7e, 0xe3, 0x27, 0x0d, - 0x61, 0x95, 0xd5, 0x4b, 0x26, 0x47, 0xcf, 0x02, 0x48, 0x14, 0x08, 0xfc, 0x09, 0x42, 0x7e, 0x7e, - 0x4a, 0x93, 0x6c, 0xc7, 0x2f, 0x24, 0xb7, 0xbe, 0x99, 0xb5, 0x9b, 0xf9, 0xe9, 0xf4, 0x2c, 0x00, - 0x52, 0x80, 0xe0, 0xcf, 0x50, 0x45, 0xad, 0xa6, 0xd6, 0x46, 0xdc, 0xb5, 0xb5, 0xd7, 0x5c, 0xbe, - 0x3a, 0xd5, 0x89, 0xc4, 0x54, 0x06, 0xa0, 0xfb, 0xcf, 0x81, 0x4f, 0x99, 0x03, 0x04, 0x06, 0xc0, - 0xc1, 0x73, 0x00, 0x5b, 0xa8, 0xa6, 0xd6, 0xaa, 0x08, 0xa8, 0x93, 0x6d, 0xdd, 0xed, 0x14, 0x5a, - 0x3b, 0xce, 0x1c, 0x64, 0x7e, 0x27, 0xdf, 0xd0, 0x1b, 0xab, 0x36, 0xb4, 0x71, 0xa1, 0x21, 0xfd, - 0x05, 0x75, 0x59, 0xff, 0xbf, 0x37, 0x73, 0x7f, 0x69, 0xc8, 0xb8, 0x59, 0xda, 0x1d, 0x4c, 0x9d, - 0xb7, 0x38, 0x75, 0xdd, 0x35, 0x74, 0xdd, 0x9c, 0xfb, 0x8a, 0xb9, 0xfb, 0xb9, 0x8c, 0xb6, 0xd2, - 0xeb, 0xb7, 0xf8, 0x7f, 0x7e, 0x85, 0x1a, 0x8e, 0xcb, 0xc0, 0x93, 0x09, 0x75, 0xfa, 0x7e, 0x3f, - 0x5e, 0xbf, 0xf8, 0x87, 0x05, 0x96, 0xf9, 0x5f, 0x5a, 0xd1, 0x4a, 0x16, 0x22, 0xe1, 0x5e, 0xf6, - 0x65, 0x50, 0x8e, 0xeb, 0xf2, 0xd1, 0x9a, 0x23, 0xb3, 0x38, 0xc0, 0xd7, 0x7f, 0x27, 0xe0, 0x23, - 0xd4, 0x1c, 0x50, 0xe6, 0x86, 0x1c, 0x4e, 0x7c, 0x97, 0x39, 0x67, 0xad, 0x4a, 0x5c, 0x88, 0xb7, - 0xa3, 0x59, 0xbb, 0xf9, 0x69, 0xd1, 0xf1, 0x66, 0xd6, 0xde, 0x5e, 0x30, 0xc4, 0x03, 0xbe, 0x08, - 0xc6, 0xaf, 0xd0, 0x76, 0x3e, 0x58, 0xcf, 0xc1, 0x05, 0x47, 0xfa, 0xbc, 0xb5, 0x19, 0x17, 0xec, - 0xd1, 0x2d, 0x1f, 0x0c, 0xed, 0x81, 0x9b, 0x41, 0xed, 0xb7, 0xa2, 0x59, 0x7b, 0xfb, 0xf8, 0x2a, - 0x23, 0x59, 0x0e, 0x62, 0xfc, 0xa2, 0xa1, 0xff, 0x5d, 0x53, 0x67, 0x3c, 0x40, 0x5b, 0x22, 0x59, - 0x11, 0xe9, 0xc3, 0xfd, 0x70, 0x8d, 0x2a, 0x5e, 0x5d, 0x2e, 0xf6, 0xbd, 0xb4, 0x86, 0x5b, 0x99, - 0x27, 0x23, 0xc7, 0xbb, 0xa8, 0xea, 0x50, 0x3b, 0xf4, 0xfa, 0xe9, 0x86, 0x6b, 0xd8, 0x0d, 0xf5, - 0xda, 0x0f, 0x0f, 0x12, 0x1b, 0xc9, 0xbd, 0xf8, 0x21, 0xda, 0x0a, 0xb9, 0x7b, 0x42, 0xe5, 0xa8, - 0x55, 0x8e, 0x6b, 0x9d, 0x93, 0x7e, 0x4e, 0x8e, 0x94, 0x99, 0x64, 0x7e, 0xdb, 0x3c, 0xbf, 0xd4, - 0x4b, 0xaf, 0x2f, 0xf5, 0xd2, 0xc5, 0xa5, 0x5e, 0xfa, 0x2e, 0xd2, 0xb5, 0xf3, 0x48, 0xd7, 0x5e, - 0x47, 0xba, 0x76, 0x11, 0xe9, 0xda, 0x6f, 0x91, 0xae, 0xfd, 0xf0, 0xbb, 0x5e, 0xfa, 0xa2, 0x9a, - 0xe5, 0xfb, 0x77, 0x00, 0x00, 0x00, 0xff, 0xff, 0x37, 0xaf, 0xd5, 0xfa, 0x23, 0x0c, 0x00, 0x00, + // 1001 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x56, 0xcf, 0x6f, 0xe3, 0x44, + 0x14, 0xae, 0x9b, 0x54, 0x4d, 0x26, 0xa9, 0xd8, 0x1a, 0x90, 0x42, 0x55, 0xd9, 0x91, 0x0f, 0xa8, + 0x08, 0xad, 0x4d, 0xba, 0x68, 0x85, 0x84, 0x00, 0xd5, 0x95, 0x58, 0x45, 0x6a, 0xbb, 0x65, 0xb6, + 0xec, 0x4a, 0x88, 0x03, 0x13, 0xe7, 0x35, 0x19, 0xe2, 0xd8, 0xd6, 0xcc, 0x38, 0xb4, 0x9c, 0x90, + 0x10, 0x77, 0x24, 0xfe, 0x09, 0xfe, 0x0a, 0xce, 0x3d, 0x2e, 0x17, 0xd4, 0x93, 0x45, 0x8d, 0xc4, + 0x91, 0x03, 0xc7, 0x3d, 0xa1, 0xf1, 0x8f, 0xd8, 0x69, 0x9a, 0xd2, 0x70, 0xe8, 0x81, 0x5b, 0xe6, + 0x7b, 0xf3, 0x7d, 0xef, 0x7d, 0x33, 0xf3, 0x5e, 0x8c, 0xf0, 0xe8, 0x03, 0x6e, 0x52, 0xdf, 0x1a, + 0x85, 0x3d, 0x60, 0x1e, 0x08, 0xe0, 0xd6, 0x04, 0xbc, 0xbe, 0xcf, 0xac, 0x2c, 0x40, 0x02, 0x6a, + 0x91, 0xfe, 0x98, 0x72, 0x4e, 0x7d, 0x8f, 0xc1, 0x80, 0x72, 0xc1, 0x88, 0xa0, 0xbe, 0x67, 0x4d, + 0x3a, 0xc4, 0x0d, 0x86, 0xa4, 0x63, 0x0d, 0xc0, 0x03, 0x46, 0x04, 0xf4, 0xcd, 0x80, 0xf9, 0xc2, + 0x57, 0xdf, 0x49, 0xa9, 0x26, 0x09, 0xa8, 0x79, 0x23, 0xd5, 0xcc, 0xa9, 0x5b, 0x0f, 0x07, 0x54, + 0x0c, 0xc3, 0x9e, 0xe9, 0xf8, 0x63, 0x6b, 0xe0, 0x0f, 0x7c, 0x2b, 0x51, 0xe8, 0x85, 0xa7, 0xc9, + 0x2a, 0x59, 0x24, 0xbf, 0x52, 0xe5, 0x2d, 0xa3, 0x54, 0x94, 0xe3, 0x33, 0xb0, 0x26, 0x73, 0xd9, + 0xb7, 0x0e, 0x8b, 0x3d, 0x70, 0x26, 0xc0, 0x93, 0xc9, 0xf9, 0x43, 0x12, 0x50, 0x0e, 0x6c, 0x02, + 0xcc, 0x0a, 0x46, 0x03, 0x19, 0xe3, 0xb3, 0x1b, 0xac, 0x49, 0xa7, 0x07, 0x62, 0xde, 0xcc, 0xd6, + 0xfb, 0x85, 0xdc, 0x98, 0x38, 0x43, 0xea, 0x01, 0x3b, 0x2f, 0x34, 0xc6, 0x20, 0xc8, 0x4d, 0x45, + 0x58, 0x8b, 0x58, 0x2c, 0xf4, 0x04, 0x1d, 0xc3, 0x1c, 0xe1, 0xf1, 0xbf, 0x11, 0xb8, 0x33, 0x84, + 0x31, 0x99, 0xe3, 0x3d, 0x5a, 0xc4, 0x0b, 0x05, 0x75, 0x2d, 0xea, 0x09, 0x2e, 0xd8, 0x75, 0x92, + 0xf1, 0x83, 0x82, 0x1a, 0x5d, 0x8f, 0x0a, 0x4a, 0x5c, 0xfa, 0x2d, 0x30, 0xb5, 0x8d, 0xaa, 0x1e, + 0x19, 0x43, 0x4b, 0x69, 0x2b, 0x3b, 0x75, 0xbb, 0x79, 0x11, 0xe9, 0x2b, 0x71, 0xa4, 0x57, 0x8f, + 0xc8, 0x18, 0x70, 0x12, 0x51, 0x4f, 0xd0, 0x1a, 0x0b, 0x5d, 0xe0, 0xad, 0xd5, 0x76, 0x65, 0xa7, + 0xb1, 0x6b, 0x99, 0x77, 0xbe, 0x62, 0x13, 0x87, 0x2e, 0xd8, 0x1b, 0x99, 0xe6, 0x9a, 0x5c, 0x71, + 0x9c, 0x8a, 0x19, 0x7f, 0x29, 0xa8, 0x55, 0xaa, 0x63, 0xdf, 0xf7, 0x4e, 0xe9, 0x20, 0x4c, 0x05, + 0xd4, 0xaf, 0x50, 0x4d, 0x9e, 0x6e, 0x9f, 0x08, 0x92, 0x14, 0xd6, 0xd8, 0x7d, 0xaf, 0x94, 0x75, + 0x6a, 0xd6, 0x0c, 0x46, 0x03, 0x09, 0x70, 0x53, 0xee, 0x36, 0x27, 0x1d, 0xf3, 0x69, 0xef, 0x6b, + 0x70, 0xc4, 0x21, 0x08, 0x62, 0xab, 0x59, 0x5a, 0x54, 0x60, 0x78, 0xaa, 0xaa, 0x06, 0xa8, 0x49, + 0x8b, 0xec, 0xb9, 0xb7, 0xc7, 0x4b, 0x78, 0x2b, 0x15, 0x6f, 0xbf, 0x91, 0xe5, 0x6a, 0x96, 0x40, + 0x8e, 0x67, 0x32, 0x18, 0x7f, 0x2a, 0x68, 0x7b, 0x91, 0xe1, 0x03, 0xca, 0x85, 0xfa, 0xe5, 0x9c, + 0x69, 0xf3, 0x6e, 0xa6, 0x25, 0x3b, 0xb1, 0xfc, 0x20, 0x2b, 0xa3, 0x96, 0x23, 0x25, 0xc3, 0x43, + 0xb4, 0x46, 0x05, 0x8c, 0x73, 0xa7, 0xfb, 0xff, 0xcd, 0xe9, 0x4c, 0xd5, 0xc5, 0xcd, 0x76, 0xa5, + 0x32, 0x4e, 0x13, 0x18, 0xbf, 0x29, 0x68, 0xfb, 0x30, 0x14, 0x44, 0x50, 0x6f, 0xf0, 0x02, 0x7a, + 0x43, 0xdf, 0x1f, 0xdd, 0xf7, 0xed, 0x9e, 0xa0, 0x5a, 0x96, 0x39, 0xf7, 0xbb, 0xbb, 0x84, 0xdf, + 0x8c, 0x6a, 0x57, 0x65, 0x0e, 0x5c, 0xfb, 0x26, 0x53, 0x92, 0x4f, 0xb6, 0x7d, 0x9b, 0xb1, 0x7b, + 0xb8, 0x45, 0x77, 0xf6, 0x16, 0x9f, 0x2c, 0xe1, 0xea, 0xb6, 0xca, 0x17, 0xdc, 0xe4, 0x4f, 0x0a, + 0xaa, 0xca, 0xa6, 0x55, 0xdf, 0x45, 0x75, 0x12, 0xd0, 0x27, 0xcc, 0x0f, 0x03, 0xde, 0x52, 0xda, + 0x95, 0x9d, 0xba, 0xbd, 0x11, 0x47, 0x7a, 0x7d, 0xef, 0xb8, 0x9b, 0x82, 0xb8, 0x88, 0xab, 0x1d, + 0xd4, 0x20, 0x01, 0x7d, 0x0e, 0x2c, 0x19, 0xae, 0x49, 0xa5, 0x75, 0xfb, 0xb5, 0x38, 0xd2, 0x1b, + 0x7b, 0xc7, 0xdd, 0x1c, 0xc6, 0xe5, 0x3d, 0x52, 0x9f, 0x01, 0xf7, 0x43, 0xe6, 0x00, 0x6f, 0x55, + 0x0a, 0x7d, 0x9c, 0x83, 0xb8, 0x88, 0x1b, 0x3f, 0x2b, 0x48, 0x95, 0x55, 0xbd, 0xa0, 0x62, 0xf8, + 0x34, 0x80, 0xd4, 0x01, 0x57, 0x3f, 0x41, 0xc8, 0x9f, 0xae, 0xb2, 0x22, 0xf5, 0xe4, 0x85, 0x4c, + 0xd1, 0x57, 0x91, 0xbe, 0x31, 0x5d, 0x9d, 0x9c, 0x07, 0x80, 0x4b, 0x14, 0xf5, 0x33, 0x54, 0x95, + 0xa3, 0xa9, 0xb5, 0x9a, 0xdc, 0xda, 0xd2, 0x63, 0x6e, 0x3a, 0x3a, 0xe5, 0x0a, 0x27, 0x52, 0xc6, + 0xf7, 0x0a, 0x7a, 0xf0, 0x0c, 0xd8, 0x84, 0x3a, 0x80, 0xe1, 0x14, 0x18, 0x78, 0x0e, 0xa8, 0x16, + 0xaa, 0xcb, 0xb9, 0xca, 0x03, 0xe2, 0xe4, 0x63, 0x77, 0x33, 0xe3, 0xd6, 0x8f, 0xf2, 0x00, 0x2e, + 0xf6, 0x4c, 0x47, 0xf4, 0xea, 0xc2, 0x11, 0xbd, 0x8d, 0xaa, 0x01, 0x11, 0xc3, 0x56, 0x25, 0xd9, + 0x51, 0x93, 0xd1, 0x63, 0x22, 0x86, 0x38, 0x41, 0x8d, 0x4b, 0x05, 0x69, 0xcf, 0x89, 0x4b, 0xfb, + 0xff, 0xbf, 0x96, 0xfc, 0x5b, 0x41, 0xc6, 0xed, 0xd6, 0xee, 0xa1, 0x29, 0xbd, 0xd9, 0xa6, 0xec, + 0x2e, 0xe1, 0xeb, 0xf6, 0xda, 0x17, 0xb4, 0xe5, 0xaf, 0x15, 0xb4, 0x9e, 0x6d, 0xbf, 0xc3, 0xdf, + 0xf7, 0x19, 0x6a, 0x3a, 0x2e, 0x05, 0x4f, 0xa4, 0xd2, 0xd9, 0xf3, 0xfe, 0x78, 0xf9, 0xc3, 0xdf, + 0x2f, 0xa9, 0x14, 0xff, 0x78, 0x65, 0x14, 0xcf, 0x64, 0x52, 0x7b, 0xf9, 0x87, 0x43, 0x25, 0x39, + 0x97, 0x8f, 0x96, 0xec, 0xa8, 0xd9, 0xfe, 0xbe, 0xf9, 0x33, 0x42, 0x3d, 0x40, 0x1b, 0xa7, 0x84, + 0xba, 0x21, 0x83, 0x63, 0xdf, 0xa5, 0xce, 0x79, 0xab, 0x9a, 0x1c, 0xc4, 0xdb, 0x71, 0xa4, 0x6f, + 0x7c, 0x5a, 0x0e, 0xbc, 0x8a, 0xf4, 0xcd, 0x19, 0x20, 0xe9, 0xff, 0x59, 0xb2, 0x7a, 0x86, 0x36, + 0xa7, 0x6d, 0xf7, 0x0c, 0x5c, 0x70, 0x84, 0xcf, 0x5a, 0x6b, 0xc9, 0x81, 0x3d, 0xba, 0xe3, 0x83, + 0x21, 0x3d, 0x70, 0x73, 0xaa, 0xfd, 0x66, 0x1c, 0xe9, 0x9b, 0x47, 0xd7, 0x15, 0xf1, 0x7c, 0x12, + 0xe3, 0x17, 0x05, 0xbd, 0x7e, 0xc3, 0x39, 0xab, 0x3d, 0xb4, 0xce, 0xd3, 0x01, 0x92, 0x3d, 0xdc, + 0x0f, 0x97, 0x38, 0xc5, 0xeb, 0xa3, 0xc7, 0x6e, 0xc4, 0x91, 0xbe, 0x9e, 0xa3, 0xb9, 0xb0, 0xba, + 0x83, 0x6a, 0x0e, 0xb1, 0x43, 0xaf, 0x9f, 0x0d, 0xbf, 0xa6, 0xdd, 0x94, 0x2f, 0x7d, 0x7f, 0x2f, + 0xc5, 0xf0, 0x34, 0xaa, 0xbe, 0x85, 0x2a, 0x21, 0x73, 0xb3, 0x31, 0xb3, 0x1e, 0x47, 0x7a, 0xe5, + 0x73, 0x7c, 0x80, 0x25, 0x66, 0x9b, 0x17, 0x57, 0xda, 0xca, 0xcb, 0x2b, 0x6d, 0xe5, 0xf2, 0x4a, + 0x5b, 0xf9, 0x2e, 0xd6, 0x94, 0x8b, 0x58, 0x53, 0x5e, 0xc6, 0x9a, 0x72, 0x19, 0x6b, 0xca, 0xef, + 0xb1, 0xa6, 0xfc, 0xf8, 0x87, 0xb6, 0xf2, 0x45, 0x2d, 0xaf, 0xed, 0x9f, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xca, 0x86, 0x75, 0x7d, 0x7d, 0x0c, 0x00, 0x00, } diff --git a/admissionregistration/v1alpha1/generated.proto b/admissionregistration/v1alpha1/generated.proto index 56f503a036..f450cb4c02 100644 --- a/admissionregistration/v1alpha1/generated.proto +++ b/admissionregistration/v1alpha1/generated.proto @@ -22,6 +22,7 @@ syntax = 'proto2'; package k8s.io.api.admissionregistration.v1alpha1; import "k8s.io/api/core/v1/generated.proto"; +import "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/generated.proto"; import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/generated.proto"; import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; @@ -147,13 +148,18 @@ message RuleWithOperations { // ServiceReference holds a reference to Service.legacy.k8s.io message ServiceReference { - // Namespace is the namespace of the service + // `namespace` is the namespace of the service. // Required optional string namespace = 1; - // Name is the name of the service + // `name` is the name of the service. // Required optional string name = 2; + + // `path` is an optional URL path which will be sent in any request to + // this service. + // +optional + optional string path = 3; } // ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it. @@ -252,17 +258,46 @@ message Webhook { // WebhookClientConfig contains the information to make a TLS // connection with the webhook message WebhookClientConfig { - // Service is a reference to the service for this webhook. If there is only - // one port open for the service, that port will be used. If there are multiple - // ports open, port 443 will be used if it is open, otherwise it is an error. - // Required - optional ServiceReference service = 1; + // `url` gives the location of the webhook, in standard URL form + // (`[scheme://]host:port/path`). Exactly one of `url` or `service` + // must be specified. + // + // The `host` should not refer to a service running in the cluster; use + // the `service` field instead. The host might be resolved via external + // DNS in some apiservers (e.g., `kube-apiserver` cannot resolve + // in-cluster DNS as that would be a layering violation). `host` may + // also be an IP address. + // + // Please note that using `localhost` or `127.0.0.1` as a `host` is + // risky unless you take great care to run this webhook on all hosts + // which run an apiserver which might need to make calls to this + // webhook. Such installs are likely to be non-portable, i.e., not easy + // to turn up in a new cluster. + // + // If the scheme is present, it must be "https://". + // + // A path is optional, and if present may be any string permissible in + // a URL. You may use the path to pass an arbitrary string to the + // webhook, for example, a cluster identifier. + // + // +optional + optional string url = 3; - // URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object. - optional string urlPath = 3; + // `service` is a reference to the service for this webhook. Either + // `service` or `url` must be specified. + // + // If the webhook is running within the cluster, then you should use `service`. + // + // If there is only one port open for the service, that port will be + // used. If there are multiple ports open, port 443 will be used if it + // is open, otherwise it is an error. + // + // +optional + optional ServiceReference service = 1; - // CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate. - // Required + // `caBundle` is a PEM encoded CA bundle which will be used to validate + // the webhook's server certificate. + // Required. optional bytes caBundle = 2; } diff --git a/admissionregistration/v1alpha1/types.go b/admissionregistration/v1alpha1/types.go index 23645f05b6..60f579651b 100644 --- a/admissionregistration/v1alpha1/types.go +++ b/admissionregistration/v1alpha1/types.go @@ -295,7 +295,7 @@ type WebhookClientConfig struct { // webhook, for example, a cluster identifier. // // +optional - URL *string `json:"url,omitempty"` + URL *string `json:"url,omitempty" protobuf:"bytes,3,opt,name=url"` // `service` is a reference to the service for this webhook. Either // `service` or `url` must be specified. @@ -327,5 +327,5 @@ type ServiceReference struct { // `path` is an optional URL path which will be sent in any request to // this service. // +optional - Path *string `json:"path,omitempty"` + Path *string `json:"path,omitempty" protobuf:"bytes,3,opt,name=path"` } diff --git a/admissionregistration/v1alpha1/types_swagger_doc_generated.go b/admissionregistration/v1alpha1/types_swagger_doc_generated.go index bcb9b5a6f9..b8bafeb0bc 100644 --- a/admissionregistration/v1alpha1/types_swagger_doc_generated.go +++ b/admissionregistration/v1alpha1/types_swagger_doc_generated.go @@ -99,8 +99,9 @@ func (RuleWithOperations) SwaggerDoc() map[string]string { var map_ServiceReference = map[string]string{ "": "ServiceReference holds a reference to Service.legacy.k8s.io", - "namespace": "Namespace is the namespace of the service Required", - "name": "Name is the name of the service Required", + "namespace": "`namespace` is the namespace of the service. Required", + "name": "`name` is the name of the service. Required", + "path": "`path` is an optional URL path which will be sent in any request to this service.", } func (ServiceReference) SwaggerDoc() map[string]string { @@ -142,9 +143,9 @@ func (Webhook) SwaggerDoc() map[string]string { var map_WebhookClientConfig = map[string]string{ "": "WebhookClientConfig contains the information to make a TLS connection with the webhook", - "service": "Service is a reference to the service for this webhook. If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error. Required", - "urlPath": "URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.", - "caBundle": "CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate. Required", + "url": "`url` gives the location of the webhook, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nIf the scheme is present, it must be \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.", + "service": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nIf there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error.", + "caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. Required.", } func (WebhookClientConfig) SwaggerDoc() map[string]string { diff --git a/admissionregistration/v1alpha1/zz_generated.deepcopy.go b/admissionregistration/v1alpha1/zz_generated.deepcopy.go index c3db08be35..d603a4204d 100644 --- a/admissionregistration/v1alpha1/zz_generated.deepcopy.go +++ b/admissionregistration/v1alpha1/zz_generated.deepcopy.go @@ -240,6 +240,15 @@ func (in *RuleWithOperations) DeepCopy() *RuleWithOperations { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceReference) DeepCopyInto(out *ServiceReference) { *out = *in + if in.Path != nil { + in, out := &in.Path, &out.Path + if *in == nil { + *out = nil + } else { + *out = new(string) + **out = **in + } + } return } @@ -366,7 +375,24 @@ func (in *Webhook) DeepCopy() *Webhook { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookClientConfig) DeepCopyInto(out *WebhookClientConfig) { *out = *in - out.Service = in.Service + if in.URL != nil { + in, out := &in.URL, &out.URL + if *in == nil { + *out = nil + } else { + *out = new(string) + **out = **in + } + } + if in.Service != nil { + in, out := &in.Service, &out.Service + if *in == nil { + *out = nil + } else { + *out = new(ServiceReference) + (*in).DeepCopyInto(*out) + } + } if in.CABundle != nil { in, out := &in.CABundle, &out.CABundle *out = make([]byte, len(*in))