github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-27 20:42:58 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #62496 from jennybuckley/service-port-docs

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 61306, 60270, 62496, 62181, 62234). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Update WebhookClientConfig documentation regarding service ports

**What this PR does / why we need it**:
Dynamic admission webhooks backed by services [will always use 443](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/config/client.go#L133) no matter what ports are available. Our [current documentation](https://github.com/kubernetes/api/blob/master/admissionregistration/v1beta1/types.go#L257-L259) says that "If there is only one port open for the service, that port will be used."

This PR fixes that piece of documentation.
In the future we may wish to support specifying ports other than 443, but the documentation should be fixed first.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #61510

**Release note**:
```release-note
NONE
```

/sig api-machinery
This commit is contained in:
Kubernetes Submit Queue 2018-04-13 15:03:10 -07:00 committed by GitHub
commit 3fc6832ad6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 7 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/openapi-spec/swagger.json generated
View File

@ -70574,7 +70574,7 @@
"format": "byte"
},
"service": {
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nIf there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error.",
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error.",
"$ref": "#/definitions/io.k8s.api.admissionregistration.v1beta1.ServiceReference"
},
"url": {

2
api/swagger-spec/admissionregistration.k8s.io_v1beta1.json generated
View File

@ -1777,7 +1777,7 @@
},
"service": {
"$ref": "v1beta1.ServiceReference",
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nIf there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error."
"description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error."
},
"caBundle": {
"type": "string",

2
docs/api-reference/admissionregistration.k8s.io/v1beta1/definitions.html generated
View File

@ -1598,7 +1598,7 @@ Attempting to use a user or basic auth e.g. "user:password@" is not allowed. Fra
<br>
If the webhook is running within the cluster, then you should use <code>service</code>.<br>
<br>
If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error.</p></td>
Port 443 will be used if it is open, otherwise it is an error.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">true</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1beta1_servicereference">v1beta1.ServiceReference</a></p></td>
<td class="tableblock halign-left valign-top"></td>

4
pkg/apis/admissionregistration/types.go
View File

@ -298,9 +298,7 @@ type WebhookClientConfig struct {
//
// If the webhook is running within the cluster, then you should use `service`.
//
// If there is only one port open for the service, that port will be
// used. If there are multiple ports open, port 443 will be used if it
// is open, otherwise it is an error.
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference

4
staging/src/k8s.io/api/admissionregistration/v1beta1/generated.proto
View File

@ -250,9 +250,7 @@ message WebhookClientConfig {
//
// If the webhook is running within the cluster, then you should use `service`.
//
// If there is only one port open for the service, that port will be
// used. If there are multiple ports open, port 443 will be used if it
// is open, otherwise it is an error.
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
optional ServiceReference service = 1;

4
staging/src/k8s.io/api/admissionregistration/v1beta1/types.go
View File

@ -254,9 +254,7 @@ type WebhookClientConfig struct {
//
// If the webhook is running within the cluster, then you should use `service`.
//
// If there is only one port open for the service, that port will be
// used. If there are multiple ports open, port 443 will be used if it
// is open, otherwise it is an error.
// Port 443 will be used if it is open, otherwise it is an error.
//
// +optional
Service *ServiceReference `json:"service" protobuf:"bytes,1,opt,name=service"`

2
staging/src/k8s.io/api/admissionregistration/v1beta1/types_swagger_doc_generated.go generated
View File

@ -114,7 +114,7 @@ func (Webhook) SwaggerDoc() map[string]string {
var map_WebhookClientConfig = map[string]string{
"": "WebhookClientConfig contains the information to make a TLS connection with the webhook",
"url": "`url` gives the location of the webhook, in standard URL form (`[scheme://]host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.",
"service": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nIf there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error.",
"service": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.\n\nPort 443 will be used if it is open, otherwise it is an error.",
"caBundle": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. Required.",
}