github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

use existing admissionHandler readyfunc to wait for sync

Browse Source 
is what other plugins do, and should decrease verbosity in logs
This commit is contained in:
Alexander Zielenski 2022-11-08 13:07:42 -08:00
parent 2c1b7f5759
commit df315f347c
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/admission.go
View File

@ -21,17 +21,16 @@ import (
"errors" "errors"
"fmt" "fmt"
"io" "io"
"k8s.io/apimachinery/pkg/api/meta" "k8s.io/apimachinery/pkg/api/meta"
"k8s.io/apiserver/pkg/features" "k8s.io/apiserver/pkg/features"
"k8s.io/client-go/dynamic" "k8s.io/client-go/dynamic"
"k8s.io/component-base/featuregate" "k8s.io/component-base/featuregate"
"time"
"k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/admission"
"k8s.io/apiserver/pkg/admission/initializer" "k8s.io/apiserver/pkg/admission/initializer"
"k8s.io/client-go/informers" "k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/cache"
) )
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
@ -60,6 +59,7 @@ func Register(plugins *admission.Plugins) {
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
type celAdmissionPlugin struct { type celAdmissionPlugin struct {
*admission.Handler
evaluator CELPolicyEvaluator evaluator CELPolicyEvaluator
inspectedFeatureGates bool inspectedFeatureGates bool
@ -83,8 +83,9 @@ var _ admission.InitializationValidator = &celAdmissionPlugin{}
var _ admission.ValidationInterface = &celAdmissionPlugin{} var _ admission.ValidationInterface = &celAdmissionPlugin{}
func NewPlugin() (admission.Interface, error) { func NewPlugin() (admission.Interface, error) {
result := &celAdmissionPlugin{} return &celAdmissionPlugin{
return result, nil Handler: admission.NewHandler(admission.Connect, admission.Create, admission.Delete, admission.Update),
}, nil
} }
func (c *celAdmissionPlugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { func (c *celAdmissionPlugin) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
@ -142,6 +143,7 @@ func (c *celAdmissionPlugin) ValidateInitialization() error {
return err return err
} }
c.SetReadyFunc(c.evaluator.HasSynced)
go c.evaluator.Run(c.stopCh) go c.evaluator.Run(c.stopCh)
return nil return nil
} }
@ -163,16 +165,13 @@ func (c *celAdmissionPlugin) Validate(
return nil return nil
} }
deadlined, cancel := context.WithTimeout(ctx, 2*time.Second)
defer cancel()
// isPolicyResource determines if an admission.Attributes object is describing // isPolicyResource determines if an admission.Attributes object is describing
// the admission of a ValidatingAdmissionPolicy or a ValidatingAdmissionPolicyBinding // the admission of a ValidatingAdmissionPolicy or a ValidatingAdmissionPolicyBinding
if isPolicyResource(a) { if isPolicyResource(a) {
return return
} }
if !cache.WaitForNamedCacheSync("cel-admission-plugin", deadlined.Done(), c.evaluator.HasSynced) { if !c.WaitForReady() {
return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request")) return admission.NewForbidden(a, fmt.Errorf("not yet ready to handle request"))
} }