github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 09:22:44 +00:00
Code Issues Projects Releases Wiki Activity

add wait ready for mutating/validating webhook configuration

Browse Source
This commit is contained in:
hzxuzhonghu 2017-12-06 11:06:04 +08:00
parent f287527442
commit ec39259785
10 changed files with 72 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
staging/src/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager.go
View File

@ -31,17 +31,13 @@ import (
// MutatingWebhookConfigurationManager collects the mutating webhook objects so that they can be called. // MutatingWebhookConfigurationManager collects the mutating webhook objects so that they can be called.
type MutatingWebhookConfigurationManager struct { type MutatingWebhookConfigurationManager struct {
ready int32
configuration *atomic.Value configuration *atomic.Value
hasSynced func() bool
lister admissionregistrationlisters.MutatingWebhookConfigurationLister lister admissionregistrationlisters.MutatingWebhookConfigurationLister
} }
func NewMutatingWebhookConfigurationManager(informer admissionregistrationinformers.MutatingWebhookConfigurationInformer) *MutatingWebhookConfigurationManager { func NewMutatingWebhookConfigurationManager(informer admissionregistrationinformers.MutatingWebhookConfigurationInformer) *MutatingWebhookConfigurationManager {
manager := &MutatingWebhookConfigurationManager{ manager := &MutatingWebhookConfigurationManager{
ready: 0,
configuration: &atomic.Value{}, configuration: &atomic.Value{},
hasSynced: informer.Informer().HasSynced,
lister: informer.Lister(), lister: informer.Lister(),
} }
@ -59,16 +55,8 @@ func NewMutatingWebhookConfigurationManager(informer admissionregistrationinform
} }
// Webhooks returns the merged MutatingWebhookConfiguration. // Webhooks returns the merged MutatingWebhookConfiguration.
func (m *MutatingWebhookConfigurationManager) Webhooks() (*v1beta1.MutatingWebhookConfiguration, error) { func (m *MutatingWebhookConfigurationManager) Webhooks() *v1beta1.MutatingWebhookConfiguration {
if atomic.LoadInt32(&m.ready) == 0 { return m.configuration.Load().(*v1beta1.MutatingWebhookConfiguration)
if !m.hasSynced() {
// Return an error until we've synced
return nil, fmt.Errorf("mutating webhook configuration is not ready")
}
// Remember we're ready
atomic.StoreInt32(&m.ready, 1)
}
return m.configuration.Load().(*v1beta1.MutatingWebhookConfiguration), nil
} }
func (m *MutatingWebhookConfigurationManager) updateConfiguration() { func (m *MutatingWebhookConfigurationManager) updateConfiguration() {

49
staging/src/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager_test.go
View File

@ -43,7 +43,6 @@ func (f *fakeMutatingWebhookConfigSharedInformer) Lister() admissionregistration
type fakeMutatingWebhookConfigInformer struct { type fakeMutatingWebhookConfigInformer struct {
eventHandler cache.ResourceEventHandler eventHandler cache.ResourceEventHandler
hasSynced bool
} }
func (f *fakeMutatingWebhookConfigInformer) AddEventHandler(handler cache.ResourceEventHandler) { func (f *fakeMutatingWebhookConfigInformer) AddEventHandler(handler cache.ResourceEventHandler) {
@ -63,7 +62,7 @@ func (f *fakeMutatingWebhookConfigInformer) Run(stopCh <-chan struct{}) {
panic("unsupported") panic("unsupported")
} }
func (f *fakeMutatingWebhookConfigInformer) HasSynced() bool { func (f *fakeMutatingWebhookConfigInformer) HasSynced() bool {
return f.hasSynced panic("unsupported")
} }
func (f *fakeMutatingWebhookConfigInformer) LastSyncResourceVersion() string { func (f *fakeMutatingWebhookConfigInformer) LastSyncResourceVersion() string {
panic("unsupported") panic("unsupported")
@ -92,43 +91,33 @@ func TestGetMutatingWebhookConfig(t *testing.T) {
lister: &fakeMutatingWebhookConfigLister{}, lister: &fakeMutatingWebhookConfigLister{},
} }
// unsynced, error retrieving list // no configurations
informer.informer.hasSynced = false
informer.lister.list = nil informer.lister.list = nil
informer.lister.err = fmt.Errorf("mutating webhook configuration is not ready")
manager := NewMutatingWebhookConfigurationManager(informer) manager := NewMutatingWebhookConfigurationManager(informer)
if _, err := manager.Webhooks(); err == nil { if configurations := manager.Webhooks(); len(configurations.Webhooks) != 0 {
t.Errorf("expected err, but got none") t.Errorf("expected empty webhooks, but got %v", configurations.Webhooks)
} }
// list found, still unsynced // list err
informer.informer.hasSynced = false webhookConfiguration := &v1beta1.MutatingWebhookConfiguration{
informer.lister.list = []*v1beta1.MutatingWebhookConfiguration{}
informer.lister.err = nil
if _, err := manager.Webhooks(); err == nil {
t.Errorf("expected err, but got none")
}
// items populated, still unsynced
webhookContainer := &v1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "webhook1"}, ObjectMeta: metav1.ObjectMeta{Name: "webhook1"},
Webhooks: []v1beta1.Webhook{{Name: "webhook1.1"}}, Webhooks: []v1beta1.Webhook{{Name: "webhook1.1"}},
} }
informer.informer.hasSynced = false informer.lister.list = []*v1beta1.MutatingWebhookConfiguration{webhookConfiguration.DeepCopy()}
informer.lister.list = []*v1beta1.MutatingWebhookConfiguration{webhookContainer.DeepCopy()} informer.lister.err = fmt.Errorf("mutating webhook configuration list error")
informer.lister.err = nil informer.informer.eventHandler.OnAdd(webhookConfiguration.DeepCopy())
informer.informer.eventHandler.OnAdd(webhookContainer.DeepCopy()) if configurations := manager.Webhooks(); len(configurations.Webhooks) != 0 {
if _, err := manager.Webhooks(); err == nil { t.Errorf("expected empty webhooks, but got %v", configurations.Webhooks)
t.Errorf("expected err, but got none")
} }
// sync completed // configuration populated
informer.informer.hasSynced = true informer.lister.err = nil
hooks, err := manager.Webhooks() informer.informer.eventHandler.OnAdd(webhookConfiguration.DeepCopy())
if err != nil { configurations := manager.Webhooks()
t.Errorf("unexpected err: %v", err) if len(configurations.Webhooks) == 0 {
t.Errorf("expected non empty webhooks")
} }
if !reflect.DeepEqual(hooks.Webhooks, webhookContainer.Webhooks) { if !reflect.DeepEqual(configurations.Webhooks, webhookConfiguration.Webhooks) {
t.Errorf("Expected\n%#v\ngot\n%#v", webhookContainer.Webhooks, hooks.Webhooks) t.Errorf("Expected\n%#v\ngot\n%#v", webhookConfiguration.Webhooks, configurations.Webhooks)
} }
} }

16
staging/src/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager.go
View File

@ -31,17 +31,13 @@ import (
// ValidatingWebhookConfigurationManager collects the validating webhook objects so that they can be called. // ValidatingWebhookConfigurationManager collects the validating webhook objects so that they can be called.
type ValidatingWebhookConfigurationManager struct { type ValidatingWebhookConfigurationManager struct {
ready int32
configuration *atomic.Value configuration *atomic.Value
hasSynced func() bool
lister admissionregistrationlisters.ValidatingWebhookConfigurationLister lister admissionregistrationlisters.ValidatingWebhookConfigurationLister
} }
func NewValidatingWebhookConfigurationManager(informer admissionregistrationinformers.ValidatingWebhookConfigurationInformer) *ValidatingWebhookConfigurationManager { func NewValidatingWebhookConfigurationManager(informer admissionregistrationinformers.ValidatingWebhookConfigurationInformer) *ValidatingWebhookConfigurationManager {
manager := &ValidatingWebhookConfigurationManager{ manager := &ValidatingWebhookConfigurationManager{
ready: 0,
configuration: &atomic.Value{}, configuration: &atomic.Value{},
hasSynced: informer.Informer().HasSynced,
lister: informer.Lister(), lister: informer.Lister(),
} }
@ -59,16 +55,8 @@ func NewValidatingWebhookConfigurationManager(informer admissionregistrationinfo
} }
// Webhooks returns the merged ValidatingWebhookConfiguration. // Webhooks returns the merged ValidatingWebhookConfiguration.
func (v *ValidatingWebhookConfigurationManager) Webhooks() (*v1beta1.ValidatingWebhookConfiguration, error) { func (v *ValidatingWebhookConfigurationManager) Webhooks() *v1beta1.ValidatingWebhookConfiguration {
if atomic.LoadInt32(&v.ready) == 0 { return v.configuration.Load().(*v1beta1.ValidatingWebhookConfiguration)
if !v.hasSynced() {
// Return an error until we've synced
return nil, fmt.Errorf("validating webhook configuration is not ready")
}
// Remember we're ready
atomic.StoreInt32(&v.ready, 1)
}
return v.configuration.Load().(*v1beta1.ValidatingWebhookConfiguration), nil
} }
func (v *ValidatingWebhookConfigurationManager) updateConfiguration() { func (v *ValidatingWebhookConfigurationManager) updateConfiguration() {

49
staging/src/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager_test.go
View File

@ -43,7 +43,6 @@ func (f *fakeValidatingWebhookConfigSharedInformer) Lister() admissionregistrati
type fakeValidatingWebhookConfigInformer struct { type fakeValidatingWebhookConfigInformer struct {
eventHandler cache.ResourceEventHandler eventHandler cache.ResourceEventHandler
hasSynced bool
} }
func (f *fakeValidatingWebhookConfigInformer) AddEventHandler(handler cache.ResourceEventHandler) { func (f *fakeValidatingWebhookConfigInformer) AddEventHandler(handler cache.ResourceEventHandler) {
@ -63,7 +62,7 @@ func (f *fakeValidatingWebhookConfigInformer) Run(stopCh <-chan struct{}) {
panic("unsupported") panic("unsupported")
} }
func (f *fakeValidatingWebhookConfigInformer) HasSynced() bool { func (f *fakeValidatingWebhookConfigInformer) HasSynced() bool {
return f.hasSynced panic("unsupported")
} }
func (f *fakeValidatingWebhookConfigInformer) LastSyncResourceVersion() string { func (f *fakeValidatingWebhookConfigInformer) LastSyncResourceVersion() string {
panic("unsupported") panic("unsupported")
@ -92,43 +91,33 @@ func TestGettValidatingWebhookConfig(t *testing.T) {
lister: &fakeValidatingWebhookConfigLister{}, lister: &fakeValidatingWebhookConfigLister{},
} }
// unsynced, error retrieving list // no configurations
informer.informer.hasSynced = false
informer.lister.list = nil informer.lister.list = nil
informer.lister.err = fmt.Errorf("validating webhook configuration is not ready")
manager := NewValidatingWebhookConfigurationManager(informer) manager := NewValidatingWebhookConfigurationManager(informer)
if _, err := manager.Webhooks(); err == nil { if configurations := manager.Webhooks(); len(configurations.Webhooks) != 0 {
t.Errorf("expected err, but got none") t.Errorf("expected empty webhooks, but got %v", configurations.Webhooks)
} }
// list found, still unsynced // list error
informer.informer.hasSynced = false webhookConfiguration := &v1beta1.ValidatingWebhookConfiguration{
informer.lister.list = []*v1beta1.ValidatingWebhookConfiguration{}
informer.lister.err = nil
if _, err := manager.Webhooks(); err == nil {
t.Errorf("expected err, but got none")
}
// items populated, still unsynced
webhookContainer := &v1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{Name: "webhook1"}, ObjectMeta: metav1.ObjectMeta{Name: "webhook1"},
Webhooks: []v1beta1.Webhook{{Name: "webhook1.1"}}, Webhooks: []v1beta1.Webhook{{Name: "webhook1.1"}},
} }
informer.informer.hasSynced = false informer.lister.list = []*v1beta1.ValidatingWebhookConfiguration{webhookConfiguration.DeepCopy()}
informer.lister.list = []*v1beta1.ValidatingWebhookConfiguration{webhookContainer.DeepCopy()} informer.lister.err = fmt.Errorf("validating webhook configuration list error")
informer.lister.err = nil informer.informer.eventHandler.OnAdd(webhookConfiguration.DeepCopy())
informer.informer.eventHandler.OnAdd(webhookContainer.DeepCopy()) if configurations := manager.Webhooks(); len(configurations.Webhooks) != 0 {
if _, err := manager.Webhooks(); err == nil { t.Errorf("expected empty webhooks, but got %v", configurations.Webhooks)
t.Errorf("expected err, but got none")
} }
// sync completed // configuration populated
informer.informer.hasSynced = true informer.lister.err = nil
hooks, err := manager.Webhooks() informer.informer.eventHandler.OnAdd(webhookConfiguration.DeepCopy())
if err != nil { configurations := manager.Webhooks()
t.Errorf("unexpected err: %v", err) if len(configurations.Webhooks) == 0 {
t.Errorf("expected non empty webhooks")
} }
if !reflect.DeepEqual(hooks.Webhooks, webhookContainer.Webhooks) { if !reflect.DeepEqual(configurations.Webhooks, webhookConfiguration.Webhooks) {
t.Errorf("Expected\n%#v\ngot\n%#v", webhookContainer.Webhooks, hooks.Webhooks) t.Errorf("Expected\n%#v\ngot\n%#v", webhookConfiguration.Webhooks, configurations.Webhooks)
} }
} }

1
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD
View File

@ -14,7 +14,6 @@ go_library(
"//vendor/k8s.io/api/admission/v1beta1:go_default_library", "//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library", "//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library",

33
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/admission.go
View File

@ -30,7 +30,6 @@ import (
admissionv1beta1 "k8s.io/api/admission/v1beta1" admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/api/admissionregistration/v1beta1" "k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/runtime/serializer"
"k8s.io/apimachinery/pkg/runtime/serializer/json" "k8s.io/apimachinery/pkg/runtime/serializer/json"
@ -68,7 +67,7 @@ func Register(plugins *admission.Plugins) {
// WebhookSource can list dynamic webhook plugins. // WebhookSource can list dynamic webhook plugins.
type WebhookSource interface { type WebhookSource interface {
Webhooks() (*v1beta1.MutatingWebhookConfiguration, error) Webhooks() *v1beta1.MutatingWebhookConfiguration
} }
// NewMutatingWebhook returns a generic admission webhook plugin. // NewMutatingWebhook returns a generic admission webhook plugin.
@ -150,8 +149,11 @@ func (a *MutatingWebhook) SetExternalKubeClientSet(client clientset.Interface) {
func (a *MutatingWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { func (a *MutatingWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
namespaceInformer := f.Core().V1().Namespaces() namespaceInformer := f.Core().V1().Namespaces()
a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister() a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister()
a.SetReadyFunc(namespaceInformer.Informer().HasSynced) mutatingWebhookConfigurationsInformer := f.Admissionregistration().V1beta1().MutatingWebhookConfigurations()
a.hookSource = configuration.NewMutatingWebhookConfigurationManager(f.Admissionregistration().V1beta1().MutatingWebhookConfigurations()) a.hookSource = configuration.NewMutatingWebhookConfigurationManager(mutatingWebhookConfigurationsInformer)
a.SetReadyFunc(func() bool {
return namespaceInformer.Informer().HasSynced() && mutatingWebhookConfigurationsInformer.Informer().HasSynced()
})
} }
// ValidateInitialization implements the InitializationValidator interface. // ValidateInitialization implements the InitializationValidator interface.
@ -177,27 +179,18 @@ func (a *MutatingWebhook) ValidateInitialization() error {
return nil return nil
} }
func (a *MutatingWebhook) loadConfiguration(attr admission.Attributes) (*v1beta1.MutatingWebhookConfiguration, error) { func (a *MutatingWebhook) loadConfiguration(attr admission.Attributes) *v1beta1.MutatingWebhookConfiguration {
hookConfig, err := a.hookSource.Webhooks() hookConfig := a.hookSource.Webhooks()
if err != nil { return hookConfig
e := apierrors.NewServerTimeout(attr.GetResource().GroupResource(), string(attr.GetOperation()), 1)
e.ErrStatus.Message = fmt.Sprintf("Unable to refresh the Webhook configuration: %v", err)
e.ErrStatus.Reason = "LoadingConfiguration"
e.ErrStatus.Details.Causes = append(e.ErrStatus.Details.Causes, metav1.StatusCause{
Type: "MutatingWebhookConfigurationFailure",
Message: "An error has occurred while refreshing the MutatingWebhook configuration, no resources can be created/updated/deleted/connected until a refresh succeeds.",
})
return nil, e
}
return hookConfig, nil
} }
// Admit makes an admission decision based on the request attributes. // Admit makes an admission decision based on the request attributes.
func (a *MutatingWebhook) Admit(attr admission.Attributes) error { func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
hookConfig, err := a.loadConfiguration(attr) if !a.WaitForReady() {
if err != nil { return admission.NewForbidden(attr, fmt.Errorf("not yet ready to handle request"))
return err
} }
hookConfig := a.loadConfiguration(attr)
hooks := hookConfig.Webhooks hooks := hookConfig.Webhooks
ctx := context.TODO() ctx := context.TODO()

6
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/admission_test.go
View File

@ -47,16 +47,16 @@ type fakeHookSource struct {
err error err error
} }
func (f *fakeHookSource) Webhooks() (*registrationv1beta1.MutatingWebhookConfiguration, error) { func (f *fakeHookSource) Webhooks() *registrationv1beta1.MutatingWebhookConfiguration {
if f.err != nil { if f.err != nil {
return nil, f.err return nil
} }
for i, h := range f.hooks { for i, h := range f.hooks {
if h.NamespaceSelector == nil { if h.NamespaceSelector == nil {
f.hooks[i].NamespaceSelector = &metav1.LabelSelector{} f.hooks[i].NamespaceSelector = &metav1.LabelSelector{}
} }
} }
return &registrationv1beta1.MutatingWebhookConfiguration{Webhooks: f.hooks}, nil return &registrationv1beta1.MutatingWebhookConfiguration{Webhooks: f.hooks}
} }
func (f *fakeHookSource) Run(stopCh <-chan struct{}) {} func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}

1
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD
View File

@ -13,7 +13,6 @@ go_library(
"//vendor/k8s.io/api/admission/v1beta1:go_default_library", "//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library", "//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library", "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",

31
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go
View File

@ -30,7 +30,6 @@ import (
admissionv1beta1 "k8s.io/api/admission/v1beta1" admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/api/admissionregistration/v1beta1" "k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer" "k8s.io/apimachinery/pkg/runtime/serializer"
utilruntime "k8s.io/apimachinery/pkg/util/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@ -67,7 +66,7 @@ func Register(plugins *admission.Plugins) {
// WebhookSource can list dynamic webhook plugins. // WebhookSource can list dynamic webhook plugins.
type WebhookSource interface { type WebhookSource interface {
Webhooks() (*v1beta1.ValidatingWebhookConfiguration, error) Webhooks() *v1beta1.ValidatingWebhookConfiguration
} }
// NewValidatingAdmissionWebhook returns a generic admission webhook plugin. // NewValidatingAdmissionWebhook returns a generic admission webhook plugin.
@ -145,8 +144,11 @@ func (a *ValidatingAdmissionWebhook) SetExternalKubeClientSet(client clientset.I
func (a *ValidatingAdmissionWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) { func (a *ValidatingAdmissionWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
namespaceInformer := f.Core().V1().Namespaces() namespaceInformer := f.Core().V1().Namespaces()
a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister() a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister()
a.SetReadyFunc(namespaceInformer.Informer().HasSynced) validatingWebhookConfigurationsInformer := f.Admissionregistration().V1beta1().ValidatingWebhookConfigurations()
a.hookSource = configuration.NewValidatingWebhookConfigurationManager(f.Admissionregistration().V1beta1().ValidatingWebhookConfigurations()) a.hookSource = configuration.NewValidatingWebhookConfigurationManager(validatingWebhookConfigurationsInformer)
a.SetReadyFunc(func() bool {
return namespaceInformer.Informer().HasSynced() && validatingWebhookConfigurationsInformer.Informer().HasSynced()
})
} }
// ValidateInitialization implements the InitializationValidator interface. // ValidateInitialization implements the InitializationValidator interface.
@ -166,27 +168,16 @@ func (a *ValidatingAdmissionWebhook) ValidateInitialization() error {
return nil return nil
} }
func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1beta1.ValidatingWebhookConfiguration, error) { func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) *v1beta1.ValidatingWebhookConfiguration {
hookConfig, err := a.hookSource.Webhooks() return a.hookSource.Webhooks()
if err != nil {
e := apierrors.NewServerTimeout(attr.GetResource().GroupResource(), string(attr.GetOperation()), 1)
e.ErrStatus.Message = fmt.Sprintf("Unable to refresh the Webhook configuration: %v", err)
e.ErrStatus.Reason = "LoadingConfiguration"
e.ErrStatus.Details.Causes = append(e.ErrStatus.Details.Causes, metav1.StatusCause{
Type: "ValidatingWebhookConfigurationFailure",
Message: "An error has occurred while refreshing the ValidatingWebhook configuration, no resources can be created/updated/deleted/connected until a refresh succeeds.",
})
return nil, e
}
return hookConfig, nil
} }
// Validate makes an admission decision based on the request attributes. // Validate makes an admission decision based on the request attributes.
func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error { func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
hookConfig, err := a.loadConfiguration(attr) if !a.WaitForReady() {
if err != nil { return admission.NewForbidden(attr, fmt.Errorf("not yet ready to handle request"))
return err
} }
hookConfig := a.loadConfiguration(attr)
hooks := hookConfig.Webhooks hooks := hookConfig.Webhooks
ctx := context.TODO() ctx := context.TODO()

6
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go
View File

@ -47,16 +47,16 @@ type fakeHookSource struct {
err error err error
} }
func (f *fakeHookSource) Webhooks() (*registrationv1beta1.ValidatingWebhookConfiguration, error) { func (f *fakeHookSource) Webhooks() *registrationv1beta1.ValidatingWebhookConfiguration {
if f.err != nil { if f.err != nil {
return nil, f.err return nil
} }
for i, h := range f.hooks { for i, h := range f.hooks {
if h.NamespaceSelector == nil { if h.NamespaceSelector == nil {
f.hooks[i].NamespaceSelector = &metav1.LabelSelector{} f.hooks[i].NamespaceSelector = &metav1.LabelSelector{}
} }
} }
return &registrationv1beta1.ValidatingWebhookConfiguration{Webhooks: f.hooks}, nil return &registrationv1beta1.ValidatingWebhookConfiguration{Webhooks: f.hooks}
} }
func (f *fakeHookSource) Run(stopCh <-chan struct{}) {} func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}