/kubernetes-webooks-framework

Framework and tooling to support writing admission controllers and conversion hooks for Kubernetes in Java

Primary LanguageJavaApache License 2.0Apache-2.0

kubernetes-webhooks-framework

Framework and tooling to support implementing dynamic admission controllers and conversion hooks for Kubernetes in Java. Supports both quarkus and spring boot. Both sync and async programing model.

Documentation

For a more detailed documentation check the docs.

Sample Usage

Dynamic Admission Controllers

Defining a mutation or validation controller is simple as:

  @Singleton
  @Named(MUTATING_CONTROLLER)
  public AdmissionController<Ingress> mutatingController() {
    return new AdmissionController<>((resource, operation) -> {
      if (resource.getMetadata().getLabels() == null) {
        resource.getMetadata().setLabels(new HashMap<>());
      }
      resource.getMetadata().getLabels().putIfAbsent(APP_NAME_LABEL_KEY, "mutation-test");
      return resource;
    });
  }
  
  @Singleton
  @Named(VALIDATING_CONTROLLER)
  public AdmissionController<Ingress> validatingController() {
    return new AdmissionController<>((resource, operation) -> {
      if (resource.getMetadata().getLabels() == null
              || resource.getMetadata().getLabels().get(APP_NAME_LABEL_KEY) == null) {
        throw new NotAllowedException("Missing label: " + APP_NAME_LABEL_KEY);
      }
    });
  }

What can be simply used in an endpoint:

  @POST
  @Path(MUTATE_PATH)
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  public AdmissionReview mutate(AdmissionReview admissionReview) {
    return mutationController.handle(admissionReview);
  }

  @POST
  @Path(VALIDATE_PATH)
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  public AdmissionReview validate(AdmissionReview admissionReview) {
    return validationController.handle(admissionReview);
  }

See samples also for details.

Conversion Hooks

Conversion hooks follows the same patter described in Kuberbuilder, thus first converts the custom resource from actual version to a hub, and as next step from the hub to the target resource version.

To create the controller register mappers :

  @Singleton
  public ConversionController conversionController() {
    var controller = new ConversionController();
    controller.registerMapper(new V1Mapper());
    controller.registerMapper(new V2Mapper());
    return controller;
  }

and use the controllers in the endpoint:

  @PostMapping(CONVERSION_PATH)
  @ResponseBody
  public ConversionReview convert(@RequestBody ConversionReview conversionReview) {
    return conversionController.handle(conversionReview);
  }