-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
127 lines (105 loc) · 3.24 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package main
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"os"
"github.com/sirupsen/logrus"
"github.com/alpacked/mutation-webhook/pkg/admission"
admissionv1 "k8s.io/api/admission/v1"
)
func main() {
setLogger()
// handle our core application
http.HandleFunc("/mutate-pods", ServeMutatePods)
http.HandleFunc("/health", ServeHealth)
// start the server
// listens to clear text http on specified port unless TLS env var is set to "true"
listen_port := os.Getenv("LISTEN_PORT")
if os.Getenv("TLS") == "true" {
cert := "/etc/admission-webhook/tls/tls.crt"
key := "/etc/admission-webhook/tls/tls.key"
logrus.Printf("Listening on port %s...", listen_port)
logrus.Fatal(http.ListenAndServeTLS(":" + listen_port, cert, key, nil))
} else {
logrus.Printf("Listening on port %s...", listen_port)
logrus.Fatal(http.ListenAndServe(":" + listen_port, nil))
}
}
// ServeHealth returns 200 when things are good
func ServeHealth(w http.ResponseWriter, r *http.Request) {
logrus.WithField("uri", r.RequestURI).Debug("healthy")
fmt.Fprint(w, "OK")
}
// ServeMutatePods returns an admission review with pod mutations as a json patch
// in the review response
func ServeMutatePods(w http.ResponseWriter, r *http.Request) {
logger := logrus.WithField("uri", r.RequestURI)
logger.Debug("received mutation request")
in, err := parseRequest(*r)
if err != nil {
logger.Error(err)
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
adm := admission.Admitter{
Logger: logger,
Request: in.Request,
}
out, err := adm.MutatePodReview()
if err != nil {
e := fmt.Sprintf("could not generate admission response: %v", err)
logger.Error(e)
http.Error(w, e, http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
jout, err := json.Marshal(out)
if err != nil {
e := fmt.Sprintf("could not parse admission response: %v", err)
logger.Error(e)
http.Error(w, e, http.StatusInternalServerError)
return
}
logger.Debug("sending response")
logger.Debugf("%s", jout)
fmt.Fprintf(w, "%s", jout)
}
// setLogger sets the logger using env vars, it defaults to text logs on
// debug level unless otherwise specified
func setLogger() {
logrus.SetLevel(logrus.DebugLevel)
lev := os.Getenv("LOG_LEVEL")
if lev != "" {
llev, err := logrus.ParseLevel(lev)
if err != nil {
logrus.Fatalf("cannot set LOG_LEVEL to %q", lev)
}
logrus.SetLevel(llev)
}
if os.Getenv("LOG_JSON") == "true" {
logrus.SetFormatter(&logrus.JSONFormatter{})
}
}
// parseRequest extracts an AdmissionReview from an http.Request if possible
func parseRequest(r http.Request) (*admissionv1.AdmissionReview, error) {
if r.Header.Get("Content-Type") != "application/json" {
return nil, fmt.Errorf("Content-Type: %q should be %q",
r.Header.Get("Content-Type"), "application/json")
}
bodybuf := new(bytes.Buffer)
bodybuf.ReadFrom(r.Body)
body := bodybuf.Bytes()
if len(body) == 0 {
return nil, fmt.Errorf("admission request body is empty")
}
var a admissionv1.AdmissionReview
if err := json.Unmarshal(body, &a); err != nil {
return nil, fmt.Errorf("could not parse admission review request: %v", err)
}
if a.Request == nil {
return nil, fmt.Errorf("admission review can't be used: Request field is nil")
}
return &a, nil
}