mirror of
https://github.com/projectcapsule/capsule.git
synced 2026-02-14 18:09:58 +00:00
feat(controller): administration persona (#1739)
* chore(refactor): project and api refactoring Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> * chore(refactor): project and api refactoring Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com> --------- Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
This commit is contained in:
Oliver Bähler
GitHub
104
cmd/main.go
104
cmd/main.go
@@ -31,37 +31,38 @@ import (
|
||||
|
||||
capsulev1beta1 "github.com/projectcapsule/capsule/api/v1beta1"
|
||||
capsulev1beta2 "github.com/projectcapsule/capsule/api/v1beta2"
|
||||
configcontroller "github.com/projectcapsule/capsule/controllers/config"
|
||||
podlabelscontroller "github.com/projectcapsule/capsule/controllers/pod"
|
||||
"github.com/projectcapsule/capsule/controllers/pv"
|
||||
rbaccontroller "github.com/projectcapsule/capsule/controllers/rbac"
|
||||
"github.com/projectcapsule/capsule/controllers/resourcepools"
|
||||
"github.com/projectcapsule/capsule/controllers/resources"
|
||||
servicelabelscontroller "github.com/projectcapsule/capsule/controllers/servicelabels"
|
||||
tenantcontroller "github.com/projectcapsule/capsule/controllers/tenant"
|
||||
tlscontroller "github.com/projectcapsule/capsule/controllers/tls"
|
||||
utilscontroller "github.com/projectcapsule/capsule/controllers/utils"
|
||||
configcontroller "github.com/projectcapsule/capsule/internal/controllers/cfg"
|
||||
podlabelscontroller "github.com/projectcapsule/capsule/internal/controllers/pod"
|
||||
"github.com/projectcapsule/capsule/internal/controllers/pv"
|
||||
rbaccontroller "github.com/projectcapsule/capsule/internal/controllers/rbac"
|
||||
"github.com/projectcapsule/capsule/internal/controllers/resourcepools"
|
||||
"github.com/projectcapsule/capsule/internal/controllers/resources"
|
||||
servicelabelscontroller "github.com/projectcapsule/capsule/internal/controllers/servicelabels"
|
||||
tenantcontroller "github.com/projectcapsule/capsule/internal/controllers/tenant"
|
||||
tlscontroller "github.com/projectcapsule/capsule/internal/controllers/tls"
|
||||
utilscontroller "github.com/projectcapsule/capsule/internal/controllers/utils"
|
||||
"github.com/projectcapsule/capsule/internal/metrics"
|
||||
"github.com/projectcapsule/capsule/internal/webhook"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/defaults"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/gateway"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/ingress"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/namespace"
|
||||
namespacemutation "github.com/projectcapsule/capsule/internal/webhook/namespace/mutation"
|
||||
namespacevalidation "github.com/projectcapsule/capsule/internal/webhook/namespace/validation"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/networkpolicy"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/node"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/pod"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/pvc"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/resourcepool"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/route"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/service"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/serviceaccounts"
|
||||
tenantmutation "github.com/projectcapsule/capsule/internal/webhook/tenant/mutation"
|
||||
tenantvalidation "github.com/projectcapsule/capsule/internal/webhook/tenant/validation"
|
||||
tntresource "github.com/projectcapsule/capsule/internal/webhook/tenantresource"
|
||||
"github.com/projectcapsule/capsule/internal/webhook/utils"
|
||||
"github.com/projectcapsule/capsule/pkg/configuration"
|
||||
"github.com/projectcapsule/capsule/pkg/indexer"
|
||||
"github.com/projectcapsule/capsule/pkg/metrics"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/defaults"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/gateway"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/ingress"
|
||||
namespacemutation "github.com/projectcapsule/capsule/pkg/webhook/namespace/mutation"
|
||||
namespacevalidation "github.com/projectcapsule/capsule/pkg/webhook/namespace/validation"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/networkpolicy"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/node"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/pod"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/pvc"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/resourcepool"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/route"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/service"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/serviceaccounts"
|
||||
tenantmutation "github.com/projectcapsule/capsule/pkg/webhook/tenant/mutation"
|
||||
tenantvalidation "github.com/projectcapsule/capsule/pkg/webhook/tenant/validation"
|
||||
tntresource "github.com/projectcapsule/capsule/pkg/webhook/tenantresource"
|
||||
"github.com/projectcapsule/capsule/pkg/webhook/utils"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -92,7 +93,7 @@ func main() {
|
||||
|
||||
var enableLeaderElection, version bool
|
||||
|
||||
var metricsAddr, namespace, configurationName string
|
||||
var metricsAddr, ns, configurationName string
|
||||
|
||||
var webhookPort int
|
||||
|
||||
@@ -125,7 +126,7 @@ func main() {
|
||||
os.Exit(0)
|
||||
}
|
||||
|
||||
if namespace = os.Getenv("NAMESPACE"); len(namespace) == 0 {
|
||||
if ns = os.Getenv("NAMESPACE"); len(ns) == 0 {
|
||||
setupLog.Error(fmt.Errorf("unable to determinate the Namespace Capsule is running on"), "unable to start manager")
|
||||
os.Exit(1)
|
||||
}
|
||||
@@ -179,7 +180,7 @@ func main() {
|
||||
tlsReconciler := &tlscontroller.Reconciler{
|
||||
Client: directClient,
|
||||
Log: ctrl.Log.WithName("controllers").WithName("TLS"),
|
||||
Namespace: namespace,
|
||||
Namespace: ns,
|
||||
Configuration: directCfg,
|
||||
}
|
||||
|
||||
@@ -190,7 +191,7 @@ func main() {
|
||||
|
||||
tlsCert := &corev1.Secret{}
|
||||
|
||||
if err = directClient.Get(ctx, types.NamespacedName{Namespace: namespace, Name: directCfg.TLSSecretName()}, tlsCert); err != nil {
|
||||
if err = directClient.Get(ctx, types.NamespacedName{Namespace: ns, Name: directCfg.TLSSecretName()}, tlsCert); err != nil {
|
||||
setupLog.Error(err, "unable to get Capsule TLS secret")
|
||||
os.Exit(1)
|
||||
}
|
||||
@@ -233,21 +234,50 @@ func main() {
|
||||
webhooksList := append(
|
||||
make([]webhook.Webhook, 0),
|
||||
route.Pod(pod.ImagePullPolicy(), pod.ContainerRegistry(cfg), pod.PriorityClass(), pod.RuntimeClass()),
|
||||
route.Namespace(utils.InCapsuleGroups(cfg, namespacevalidation.PatchHandler(cfg), namespacevalidation.QuotaHandler(), namespacevalidation.FreezeHandler(cfg), namespacevalidation.PrefixHandler(cfg), namespacevalidation.UserMetadataHandler())),
|
||||
route.Ingress(ingress.Class(cfg, kubeVersion), ingress.Hostnames(cfg), ingress.Collision(cfg), ingress.Wildcard()),
|
||||
route.PVC(pvc.Validating(), pvc.PersistentVolumeReuse()),
|
||||
route.Service(service.Handler()),
|
||||
route.TenantResourceObjects(utils.InCapsuleGroups(cfg, tntresource.WriteOpsHandler())),
|
||||
route.NetworkPolicy(utils.InCapsuleGroups(cfg, networkpolicy.Handler())),
|
||||
route.TenantMutating(tenantmutation.MetaHandler()),
|
||||
route.TenantValidating(tenantvalidation.NameHandler(), tenantvalidation.RoleBindingRegexHandler(), tenantvalidation.IngressClassRegexHandler(), tenantvalidation.StorageClassRegexHandler(), tenantvalidation.ContainerRegistryRegexHandler(), tenantvalidation.HostnameRegexHandler(), tenantvalidation.FreezedEmitter(), tenantvalidation.ServiceAccountNameHandler(), tenantvalidation.ForbiddenAnnotationsRegexHandler(), tenantvalidation.ProtectedHandler()),
|
||||
route.Cordoning(tenantvalidation.CordoningHandler(cfg)),
|
||||
route.Node(utils.InCapsuleGroups(cfg, node.UserMetadataHandler(cfg, kubeVersion))),
|
||||
route.ServiceAccounts(serviceaccounts.Handler(cfg)),
|
||||
route.NamespacePatch(utils.InCapsuleGroups(cfg, namespacemutation.CordoningLabelHandler(cfg), namespacemutation.OwnerReferenceHandler(cfg), namespacemutation.MetadataHandler(cfg))),
|
||||
route.CustomResources(tenantvalidation.ResourceCounterHandler(manager.GetClient())),
|
||||
route.Gateway(gateway.Class(cfg)),
|
||||
route.Defaults(defaults.Handler(cfg, kubeVersion)),
|
||||
route.TenantMutation(
|
||||
tenantmutation.MetaHandler(),
|
||||
),
|
||||
route.TenantValidation(
|
||||
tenantvalidation.NameHandler(),
|
||||
tenantvalidation.RoleBindingRegexHandler(),
|
||||
tenantvalidation.IngressClassRegexHandler(),
|
||||
tenantvalidation.StorageClassRegexHandler(),
|
||||
tenantvalidation.ContainerRegistryRegexHandler(),
|
||||
tenantvalidation.HostnameRegexHandler(),
|
||||
tenantvalidation.FreezedEmitter(),
|
||||
tenantvalidation.ServiceAccountNameHandler(),
|
||||
tenantvalidation.ForbiddenAnnotationsRegexHandler(),
|
||||
tenantvalidation.ProtectedHandler(),
|
||||
),
|
||||
route.NamespaceValidation(
|
||||
namespace.NamespaceHandler(
|
||||
cfg,
|
||||
namespacevalidation.PatchHandler(cfg),
|
||||
namespacevalidation.FreezeHandler(cfg),
|
||||
namespacevalidation.QuotaHandler(),
|
||||
namespacevalidation.PrefixHandler(cfg),
|
||||
namespacevalidation.UserMetadataHandler(),
|
||||
),
|
||||
),
|
||||
route.NamespaceMutation(
|
||||
namespace.NamespaceHandler(
|
||||
cfg,
|
||||
namespacemutation.OwnerReferenceHandler(cfg),
|
||||
namespacemutation.CordoningLabelHandler(cfg),
|
||||
namespacemutation.MetadataHandler(cfg),
|
||||
),
|
||||
),
|
||||
route.ResourcePoolMutation((resourcepool.PoolMutationHandler(ctrl.Log.WithName("webhooks").WithName("resourcepool")))),
|
||||
route.ResourcePoolValidation((resourcepool.PoolValidationHandler(ctrl.Log.WithName("webhooks").WithName("resourcepool")))),
|
||||
route.ResourcePoolClaimMutation((resourcepool.ClaimMutationHandler(ctrl.Log.WithName("webhooks").WithName("resourcepoolclaims")))),
|
||||
|
||||
Reference in New Issue
Block a user