init-webhook

cmd/webhook/kodata/LICENSE

@@ -0,0 +1 @@
+../../../LICENSE

cmd/webhook/kodata/VENDOR-LICENSE

@@ -0,0 +1 @@
+../../../third_party/VENDOR-LICENSE

cmd/webhook/main.go

@@ -0,0 +1,109 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+ "flag"
+ "log"
+
+ "github.com/knative/pkg/configmap"
+ "github.com/knative/pkg/logging"
+ "github.com/knative/pkg/logging/logkey"
+ "github.com/knative/pkg/signals"
+ "github.com/knative/pkg/webhook"
+ "github.com/tektoncd/pipeline/pkg/system"
+ "github.com/tektoncd/triggers/pkg/apis/triggers/v1alpha1"
+ "go.uber.org/zap"
+ "k8s.io/apimachinery/pkg/runtime/schema"
+ "k8s.io/client-go/kubernetes"
+ "k8s.io/client-go/rest"
+)
+
+// WebhookLogKey is the name of the logger for the webhook cmd
+const (
+ WebhookLogKey = "webhook"
+ // ConfigName is the name of the ConfigMap that the logging config will be stored in
+ ConfigName = "config-logging-triggers"
+)
+
+func main() {
+ flag.Parse()
+ cm, err := configmap.Load("/etc/config-logging")
+ if err != nil {
+ log.Fatalf("Error loading logging configuration: %v", err)
+ }
+ config, err := logging.NewConfigFromMap(cm)
+ if err != nil {
+ log.Fatalf("Error parsing logging configuration: %v", err)
+ }
+ logger, atomicLevel := logging.NewLoggerFromConfig(config, WebhookLogKey)
+
+ defer func() {
+ err := logger.Sync()
+ if err != nil {
+ logger.Fatal("Failed to sync the logger", zap.Error(err))
+ }
+ }()
+
+ logger = logger.With(zap.String(logkey.ControllerType, "webhook"))
+
+ logger.Info("Starting the Configuration Webhook")
+
+ // set up signals so we handle the first shutdown signal gracefully
+ stopCh := signals.SetupSignalHandler()
+
+ clusterConfig, err := rest.InClusterConfig()
+ if err != nil {
+ logger.Fatal("Failed to get in cluster config", zap.Error(err))
+ }
+
+ kubeClient, err := kubernetes.NewForConfig(clusterConfig)
+ if err != nil {
+ logger.Fatal("Failed to get the client set", zap.Error(err))
+ }
+ // Watch the logging config map and dynamically update logging levels.
+ configMapWatcher := configmap.NewInformedWatcher(kubeClient, system.GetNamespace())
+ configMapWatcher.Watch(ConfigName, logging.UpdateLevelFromConfigMap(logger, atomicLevel, WebhookLogKey))
+ if err = configMapWatcher.Start(stopCh); err != nil {
+ logger.Fatalf("failed to start configuration manager: %v", err)
+ }
+
+ options := webhook.ControllerOptions{
+ ServiceName: "tekton-triggers-webhook",
+ DeploymentName: "tekton-triggers-webhook",
+ Namespace: system.GetNamespace(),
+ Port: 8443,
+ SecretName: "triggers-webhook-certs",
+ WebhookName: "triggers-webhook.tekton.dev",
+ }
+ //TODO add validations here
+ controller := webhook.AdmissionController{
+ Client: kubeClient,
+ Options: options,
+ Handlers: map[schema.GroupVersionKind]webhook.GenericCRD{
+ v1alpha1.SchemeGroupVersion.WithKind("EventListener"): &v1alpha1.EventListener{},
+ v1alpha1.SchemeGroupVersion.WithKind("TriggerBinding"): &v1alpha1.TriggerBinding{},
+ v1alpha1.SchemeGroupVersion.WithKind("TriggerTemplate"): &v1alpha1.TriggerTemplate{},
+ },
+ Logger: logger,
+ DisallowUnknownFields: true,
+ }
+
+ if err := controller.Run(stopCh); err != nil {
+ logger.Fatal("Error running admission controller", zap.Error(err))
+ }
+}

config/200-clusterrole.yaml

@@ -17,6 +17,15 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: tekton-triggers-admin
 rules:
+ - apiGroups: [""]
+ resources: ["configmaps", "secrets"]
+ verbs: ["get", "list", "create", "watch"]
+ - apiGroups: ["apps"]
+ resources: ["deployments"]
+ verbs: ["get"]
+ - apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["mutatingwebhookconfigurations"]
+ verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]
  - apiGroups: ["tekton.dev"]
  resources: ["eventlisteners", "triggerbindings", "triggertemplates"]
  verbs: ["get", "list", "create", "update", "delete", "patch", "watch"]

config/webhook-service.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: tekton-triggers-webhook
+ name: tekton-triggers-webhook
+ namespace: tekton-pipelines
+spec:
+ ports:
+ - port: 443
+ targetPort: 8443
+ selector:
+ app: tekton-triggers-webhook

config/webhook.yaml

@@ -0,0 +1,44 @@
+# Copyright 2019 The Tekton Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ name: tekton-triggers-webhook
+ namespace: tekton-pipelines
+spec:
+ replicas: 1
+ template:
+ metadata:
+ annotations:
+ cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
+ labels:
+ app: tekton-triggers-webhook
+ spec:
+ serviceAccountName: tekton-triggers-controller
+ containers:
+ - name: webhook
+ image: github.com/tektoncd/triggers/cmd/webhook
+ env:
+ - name: SYSTEM_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - name: config-logging
+ mountPath: /etc/config-logging
+ volumes:
+ - name: config-logging
+ configMap:
+ name: config-logging-triggers

pkg/apis/triggers/v1alpha1/event_listener_defaults.go

@@ -0,0 +1,7 @@
+package v1alpha1
+
+import (
+ "context"
+)
+
+func (el *EventListener) SetDefaults(ctx context.Context) {}

pkg/apis/triggers/v1alpha1/trigger_binding_defaults.go

@@ -0,0 +1,7 @@
+package v1alpha1
+
+import (
+ "context"
+)
+
+func (tb *TriggerBinding) SetDefaults(ctx context.Context) {}

pkg/apis/triggers/v1alpha1/trigger_binding_validation.go

@@ -0,0 +1,30 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ "context"
+ "github.com/knative/pkg/apis"
+)
+
+func (t *TriggerBinding) Validate(ctx context.Context) *apis.FieldError {
+ return t.Spec.Validate(ctx)
+}
+
+func (s *TriggerBindingSpec) Validate(ctx context.Context) *apis.FieldError {
+ return nil
+}

pkg/apis/triggers/v1alpha1/trigger_template_defaults.go

@@ -0,0 +1,7 @@
+package v1alpha1
+
+import (
+ "context"
+)
+
+func (tt *TriggerTemplate) SetDefaults(ctx context.Context) {}

pkg/apis/triggers/v1alpha1/trigger_template_validation.go

@@ -0,0 +1,30 @@
+/*
+Copyright 2019 The Tekton Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha1
+
+import (
+ "context"
+ "github.com/knative/pkg/apis"
+)
+
+func (t *TriggerTemplate) Validate(ctx context.Context) *apis.FieldError {
+ return t.Spec.Validate(ctx)
+}
+
+func (s *TriggerTemplateSpec) Validate(ctx context.Context) *apis.FieldError {
+ return nil
+}