package generic

import "k8s.io/apiserver/pkg/admission/plugin/webhook/generic"

Index

Types

type Dispatcher 

type Dispatcher interface {
	// Dispatch a request to the webhooks. Dispatcher may choose not to
	// call a hook, either because the rules of the hook does not match, or
	// the namespaceSelector or the objectSelector of the hook does not
	// match. A non-nil error means the request is rejected.
	Dispatch(ctx context.Context, a admission.Attributes, o admission.ObjectInterfaces, hooks []webhook.WebhookAccessor) error
}

Dispatcher dispatches webhook call to a list of webhooks with admission attributes as argument.

type ReloadableSource 

type ReloadableSource interface {
	Source
	// RunReloadLoop watches for configuration changes and reloads when detected.
	// It blocks until ctx is canceled.
	RunReloadLoop(ctx context.Context)
}

ReloadableSource extends Source with a method to run a reload loop that watches for configuration changes and blocks until the context is canceled.

type Source 

type Source interface {
	Webhooks() []webhook.WebhookAccessor
	HasSynced() bool
}

Source can list dynamic webhook plugins.

func NewCompositeWebhookSource 

func NewCompositeWebhookSource(staticSource, apiSource Source) Source

NewCompositeWebhookSource creates a webhook source that combines static and API-based sources. Static webhooks are evaluated first, followed by API-based webhooks. If staticSource is nil, only apiSource webhooks are returned.

type StaticSourceFactory 

type StaticSourceFactory func(manifestsDir string) (ReloadableSource, error)

StaticSourceFactory creates a static webhook source from a manifest directory. The returned Source should have LoadInitial() already called.

type VersionedAttributeAccessor 

type VersionedAttributeAccessor interface {
	VersionedAttribute(gvk schema.GroupVersionKind) (*admission.VersionedAttributes, error)
}

type Webhook 

type Webhook struct {
	*admission.Handler
	// contains filtered or unexported fields
}

Webhook is an abstract admission plugin with all the infrastructure to define Admit or Validate on-top.

func NewWebhook 

func NewWebhook(handler *admission.Handler, configFile io.Reader, sourceFactory sourceFactory, dispatcherFactory dispatcherFactory) (*Webhook, error)

NewWebhook creates a new generic admission webhook.

func (*Webhook) Dispatch 

func (a *Webhook) Dispatch(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error

Dispatch is called by the downstream Validate or Admit methods.

func (*Webhook) GetAPIServerID 

func (a *Webhook) GetAPIServerID() string

GetAPIServerID returns the stored API server ID.

func (*Webhook) SetAPIServerID 

func (a *Webhook) SetAPIServerID(id string)

SetAPIServerID implements the WantsAPIServerID interface. The API server ID is used for metrics labeling and must be set before SetExternalKubeInformerFactory is called.

func (*Webhook) SetAuthenticationInfoResolverWrapper 

func (a *Webhook) SetAuthenticationInfoResolverWrapper(wrapper webhookutil.AuthenticationInfoResolverWrapper)

SetAuthenticationInfoResolverWrapper sets the AuthenticationInfoResolverWrapper. TODO find a better way wire this, but keep this pull small for now.

func (*Webhook) SetAuthorizer 

func (a *Webhook) SetAuthorizer(authorizer authorizer.Authorizer)

func (*Webhook) SetDrainedNotification 

func (a *Webhook) SetDrainedNotification(stopCh <-chan struct{})

SetDrainedNotification implements the WantsDrainedNotification interface.

func (*Webhook) SetExternalKubeClientSet 

func (a *Webhook) SetExternalKubeClientSet(client clientset.Interface)

SetExternalKubeClientSet implements the WantsExternalKubeInformerFactory interface. It sets external ClientSet for admission plugins that need it

func (*Webhook) SetExternalKubeInformerFactory 

func (a *Webhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)

SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.

func (*Webhook) SetServiceResolver 

func (a *Webhook) SetServiceResolver(sr webhookutil.ServiceResolver)

SetServiceResolver sets a service resolver for the webhook admission plugin. Passing a nil resolver does not have an effect, instead a default one will be used.

func (*Webhook) SetStaticSourceFactory 

func (a *Webhook) SetStaticSourceFactory(factory StaticSourceFactory)

SetStaticSourceFactory sets the factory for creating static webhook sources. This should be called before SetExternalKubeInformerFactory.

func (*Webhook) ShouldCallHook 

func (a *Webhook) ShouldCallHook(ctx context.Context, h webhook.WebhookAccessor, attr admission.Attributes, o admission.ObjectInterfaces, v VersionedAttributeAccessor) (*WebhookInvocation, *apierrors.StatusError)

ShouldCallHook returns invocation details if the webhook should be called, nil if the webhook should not be called, or an error if an error was encountered during evaluation.

func (*Webhook) ValidateInitialization 

func (a *Webhook) ValidateInitialization() error

ValidateInitialization implements the InitializationValidator interface. Static source creation happens here (after all initializers have run) because SetManifestLoaders may be called after SetExternalKubeInformerFactory.

type WebhookInvocation 

type WebhookInvocation struct {
	Webhook     webhook.WebhookAccessor
	Resource    schema.GroupVersionResource
	Subresource string
	Kind        schema.GroupVersionKind
}

WebhookInvocation describes how to call a webhook, including the resource and subresource the webhook registered for, and the kind that should be sent to the webhook.

Source Files

composite_webhook_source.go interfaces.go webhook.go

Version
v0.36.0 (latest)
Published
Apr 22, 2026
Platform
linux/amd64
Imports
27 packages
Last checked
4 days ago

Tools for package owners.