Use knative/pkg/webhooks

cmd/webhook/main.go

@@ -19,23 +19,28 @@ import (
 	"flag"
 	"log"
 
-	"github.com/knative/eventing/pkg/logconfig"
-	"github.com/knative/eventing/pkg/system"
-	"github.com/knative/eventing/pkg/webhook"
-	"github.com/knative/pkg/signals"
+	"go.uber.org/zap"
 
 	"github.com/knative/pkg/configmap"
 	"github.com/knative/pkg/logging"
 	"github.com/knative/pkg/logging/logkey"
+	"github.com/knative/pkg/signals"
+	"github.com/knative/pkg/webhook"
 
-	"go.uber.org/zap"
+	channelsv1alpha1 "github.com/knative/eventing/pkg/apis/channels/v1alpha1"
+	feedsv1alpha1 "github.com/knative/eventing/pkg/apis/feeds/v1alpha1"
+	flowsv1alpha1 "github.com/knative/eventing/pkg/apis/flows/v1alpha1"
+	"github.com/knative/eventing/pkg/logconfig"
+	"github.com/knative/eventing/pkg/system"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/rest"
 )
 
 func main() {
 	flag.Parse()
-
 	// Read the logging config and setup a logger.
 	cm, err := configmap.Load("/etc/config-logging")
 	if err != nil {
@@ -72,15 +77,36 @@ func main() {
 		logger.Fatalf("failed to start webhook configmap watcher: %v", err)
 	}
 
-	// TODO(n3wscott): Send the logger to the controller.
 	options := webhook.ControllerOptions{
-		ServiceName:      "eventing-webhook",
-		ServiceNamespace: system.Namespace,
-		Port:             443,
-		SecretName:       "eventing-webhook-certs",
-		WebhookName:      "webhook.eventing.knative.dev",
+		ServiceName:    "webhook",
+		DeploymentName: "webhook",
+		Namespace:      system.Namespace,
+		Port:           443,
+		SecretName:     "webhook-certs",
+		WebhookName:    "webhook.eventing.knative.dev",
+	}
+	controller := webhook.AdmissionController{
+		Client:  kubeClient,
+		Options: options,
+		Handlers: map[schema.GroupVersionKind]runtime.Object{
+			// For group channels.knative.dev,
+			channelsv1alpha1.SchemeGroupVersion.WithKind("Bus"):          &channelsv1alpha1.Bus{},
+			channelsv1alpha1.SchemeGroupVersion.WithKind("ClusterBus"):   &channelsv1alpha1.ClusterBus{},
+			channelsv1alpha1.SchemeGroupVersion.WithKind("Channel"):      &channelsv1alpha1.Channel{},
+			channelsv1alpha1.SchemeGroupVersion.WithKind("Subscription"): &channelsv1alpha1.Subscription{},
+
+			// For group feeds.knative.dev,
+			feedsv1alpha1.SchemeGroupVersion.WithKind("EventSource"):        &feedsv1alpha1.EventSource{},
+			feedsv1alpha1.SchemeGroupVersion.WithKind("ClusterEventSource"): &feedsv1alpha1.ClusterEventSource{},
+			feedsv1alpha1.SchemeGroupVersion.WithKind("EventType"):          &feedsv1alpha1.EventType{},
+			feedsv1alpha1.SchemeGroupVersion.WithKind("ClusterEventType"):   &feedsv1alpha1.ClusterEventType{},
+			feedsv1alpha1.SchemeGroupVersion.WithKind("Feed"):               &feedsv1alpha1.Feed{},
+
+			// For group flows.knative.dev,
+			flowsv1alpha1.SchemeGroupVersion.WithKind("Flow"): &flowsv1alpha1.Flow{},
+		},
+		Logger: logger,
 	}
-	controller, err := webhook.NewAdmissionController(kubeClient, options)
 	if err != nil {
 		logger.Fatal("Failed to create the admission controller", zap.Error(err))
 	}

config/400-webhook-service.yaml

@@ -16,12 +16,12 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    role: eventing-webhook
-  name: eventing-webhook
+    role: webhook
+  name: webhook
   namespace: knative-eventing
 spec:
   ports:
     - port: 443
       targetPort: 443
   selector:
-    role: eventing-webhook
+    role: webhook

config/500-webhook.yaml

@@ -15,27 +15,29 @@
 apiVersion: apps/v1beta1
 kind: Deployment
 metadata:
-  name: eventing-webhook
+  name: webhook
   namespace: knative-eventing
 spec:
   replicas: 1
   template:
     metadata:
+      annotations:
+        sidecar.istio.io/inject: "false"
       labels:
-        app: eventing-webhook
-        role: eventing-webhook
+        app: webhook
+        role: webhook
     spec:
       serviceAccountName: eventing-controller
       containers:
-      - name: eventing-webhook
+      - name: webhook
         terminationMessagePolicy: FallbackToLogsOnError
         # This is the Go import path for the binary that is containerized
         # and substituted here.
         image: github.com/knative/eventing/cmd/webhook
         volumeMounts:
-          - name: config-logging
-            mountPath: /etc/config-logging
+        - name: config-logging
+          mountPath: /etc/config-logging
       volumes:
         - name: config-logging
           configMap:
-            name: config-logging
+            name: config-logging

pkg/apis/channels/v1alpha1/bus_types.go

@@ -20,6 +20,7 @@ import (
 	"encoding/json"
 
 	"github.com/knative/pkg/apis"
+	"github.com/knative/pkg/webhook"
 	kapi "k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -40,10 +41,24 @@ type Bus struct {
 	Status             BusStatus `json:"status,omitempty"`
 }
 
+// Check that Bus can be validated, can be defaulted, and has immutable fields.
+var _ apis.Validatable = (*Bus)(nil)
+var _ apis.Defaultable = (*Bus)(nil)
+var _ apis.Immutable = (*Bus)(nil)
+var _ runtime.Object = (*Bus)(nil)
+var _ webhook.GenericCRD = (*Bus)(nil)
+
 // BusSpec specifies the Bus' parameters for Channels and Subscriptions, how the
 // provisioner and dispatcher for a bus should be run, and which volumes should
 // be mounted into them.
 type BusSpec struct {
+	// TODO: Generation does not work correctly with CRD. They are scrubbed
+	// by the APIserver (https://github.com/kubernetes/kubernetes/issues/58778)
+	// So, we add Generation here. Once that gets fixed, remove this and use
+	// ObjectMeta.Generation instead.
+	// +optional
+	Generation int64 `json:"generation,omitempty"`
+
 	// Parameters defines the parameters that must be passed by this Bus'
 	// Channels and their Subscriptions. Channels and Subscriptions fulfill
 	// these parameters with Arguments.

pkg/apis/channels/v1alpha1/channel_types.go

@@ -20,8 +20,10 @@ import (
 	"encoding/json"
 
 	"github.com/knative/pkg/apis"
+	"github.com/knative/pkg/webhook"
 	"k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // +genclient
@@ -44,10 +46,19 @@ type Channel struct {
 var _ apis.Validatable = (*Channel)(nil)
 var _ apis.Defaultable = (*Channel)(nil)
 var _ apis.Immutable = (*Channel)(nil)
+var _ runtime.Object = (*Channel)(nil)
+var _ webhook.GenericCRD = (*Channel)(nil)
 
 // ChannelSpec specifies the Bus backing a channel and the configuration
 // arguments for the channel.
 type ChannelSpec struct {
+	// TODO: Generation does not work correctly with CRD. They are scrubbed
+	// by the APIserver (https://github.com/kubernetes/kubernetes/issues/58778)
+	// So, we add Generation here. Once that gets fixed, remove this and use
+	// ObjectMeta.Generation instead.
+	// +optional
+	Generation int64 `json:"generation,omitempty"`
+
 	// Name of the bus backing this channel (optional)
 	Bus string `json:"bus,omitempty"`
 

pkg/apis/channels/v1alpha1/clusterbus_types.go

@@ -19,7 +19,10 @@ package v1alpha1
 import (
 	"encoding/json"
 
+	"github.com/knative/pkg/apis"
+	"github.com/knative/pkg/webhook"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // +genclient
@@ -36,6 +39,13 @@ type ClusterBus struct {
 	Status             ClusterBusStatus `json:"status,omitempty"`
 }
 
+// Check that Bus can be validated, can be defaulted, and has immutable fields.
+var _ apis.Validatable = (*ClusterBus)(nil)
+var _ apis.Defaultable = (*ClusterBus)(nil)
+var _ apis.Immutable = (*ClusterBus)(nil)
+var _ runtime.Object = (*ClusterBus)(nil)
+var _ webhook.GenericCRD = (*ClusterBus)(nil)
+
 // ClusterBusSpec (what the user wants) for a clusterbus
 type ClusterBusSpec = BusSpec
 

pkg/apis/channels/v1alpha1/subscription_types.go

@@ -20,8 +20,10 @@ import (
 	"encoding/json"
 
 	"github.com/knative/pkg/apis"
+	"github.com/knative/pkg/webhook"
 	"k8s.io/api/core/v1"
 	meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 // +genclient
@@ -42,10 +44,19 @@ type Subscription struct {
 var _ apis.Validatable = (*Subscription)(nil)
 var _ apis.Defaultable = (*Subscription)(nil)
 var _ apis.Immutable = (*Subscription)(nil)
+var _ runtime.Object = (*Subscription)(nil)
+var _ webhook.GenericCRD = (*ClusterBus)(nil)
 
 // SubscriptionSpec specifies the Channel and Subscriber and the configuration
 // arguments for the Subscription.
 type SubscriptionSpec struct {
+	// TODO: Generation does not work correctly with CRD. They are scrubbed
+	// by the APIserver (https://github.com/kubernetes/kubernetes/issues/58778)
+	// So, we add Generation here. Once that gets fixed, remove this and use
+	// ObjectMeta.Generation instead.
+	// +optional
+	Generation int64 `json:"generation,omitempty"`
+
 	// Channel is the name of the channel to subscribe to.
 	Channel string `json:"channel"`