add a parameter for yurt-manager to disable independent webhooks (#1399)

* move controller webhook register to server.go Signed-off-by: hxcGit <houxc_mail@163.com> * add parameter webhook for yurt-manager Signed-off-by: hxcGit <houxc_mail@163.com> * add disable-independent-webhooks parameter for yurt-manager Signed-off-by: hxcGit <houxc_mail@163.com> * remove webhook-disabled check from controllerWebhooks Signed-off-by: hxcGit <houxc_mail@163.com> --------- Signed-off-by: hxcGit <houxc_mail@163.com>
openyurtio · Apr 21, 2023 · 4356d43 · 4356d43
1 parent 801b25b
commit 4356d43
Show file tree

Hide file tree

Showing 12 changed files with 95 additions and 178 deletions.
diff --git a/charts/openyurt/templates/yurt-manager.yaml b/charts/openyurt/templates/yurt-manager.yaml
@@ -61,6 +61,9 @@ spec:
             {{- if .Values.yurtManager.controllers }}
             - --controllers={{ .Values.yurtManager.controllers }}
             {{- end }}
+            - {{- if .Values.yurtManager.disableIndependentWebhooks }}
+            - --disable-independent-webhooks={{ .Values.yurtManager.disableIndependentWebhooks }}
+            {{- end }}
           command:
             - /usr/local/bin/yurt-manager
           image: {{ .Values.yurtManager.image.repository }}:{{ .Values.yurtManager.image.tag }}

diff --git a/charts/openyurt/values.yaml b/charts/openyurt/values.yaml
@@ -58,6 +58,8 @@ yurtManager:
     port: 10271
   # format should be "foo,-bar,*"
   controllers: ""
+  # format should be "foo,*"
+  disableIndependentWebhooks: ""
   healthProbe:
     port: 10272
   # resources of yurt-manager container

diff --git a/cmd/yurt-manager/app/options/generic.go b/cmd/yurt-manager/app/options/generic.go
@@ -23,7 +23,7 @@ import (
 	"github.com/openyurtio/openyurt/pkg/features"
 )
 
-const enableAllController = "*"
+const enableAll = "*"
 
 type GenericOptions struct {
 	*config.GenericConfiguration
@@ -40,7 +40,8 @@ func NewGenericOptions() *GenericOptions {
 			RestConfigQPS:           30,
 			RestConfigBurst:         50,
 			WorkingNamespace:        "kube-system",
-			Controllers:             []string{enableAllController},
+			Controllers:             []string{enableAll},
+			DisabledWebhooks:        []string{},
 		},
 	}
 }
@@ -71,6 +72,7 @@ func (o *GenericOptions) ApplyTo(cfg *config.GenericConfiguration) error {
 	cfg.RestConfigBurst = o.RestConfigBurst
 	cfg.WorkingNamespace = o.WorkingNamespace
 	cfg.Controllers = o.Controllers
+	cfg.DisabledWebhooks = o.DisabledWebhooks
 
 	return nil
 }
@@ -91,6 +93,8 @@ func (o *GenericOptions) AddFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&o.WorkingNamespace, "working-namespace", o.WorkingNamespace, "The namespace where the yurt-manager is working.")
 	fs.StringSliceVar(&o.Controllers, "controllers", o.Controllers, "A list of controllers to enable. "+
 		"'*' enables all on-by-default controllers, 'foo' enables the controller named 'foo', '-foo' disables the controller named 'foo'.")
+	fs.StringSliceVar(&o.DisabledWebhooks, "disable-independent-webhooks", o.DisabledWebhooks, "A list of webhooks to disable. "+
+		"'*' disables all webhooks, 'foo' disables the webhook named 'foo'.")
 
 	features.DefaultMutableFeatureGate.AddFlag(fs)
 }
diff --git a/pkg/controller/apis/config/types.go b/pkg/controller/apis/config/types.go
@@ -75,4 +75,7 @@ type GenericConfiguration struct {
 	// '-foo' means "disable 'foo'"
 	// first item for a particular name wins
 	Controllers []string
+	// DisabledWebhooks is used to specify the disabled webhooks
+	// Only care about controller-independent webhooks
+	DisabledWebhooks []string
 }
diff --git a/pkg/webhook/add_v1alpha1_gateway.go b/pkg/webhook/add_v1alpha1_gateway.go
diff --git a/pkg/webhook/add_v1alpha1_nodepool.go b/pkg/webhook/add_v1alpha1_nodepool.go
diff --git a/pkg/webhook/add_v1alpha1_staticpod.go b/pkg/webhook/add_v1alpha1_staticpod.go
diff --git a/pkg/webhook/add_v1alpha1_yurtappdaemon.go b/pkg/webhook/add_v1alpha1_yurtappdaemon.go
diff --git a/pkg/webhook/add_v1alpha1_yurtappset.go b/pkg/webhook/add_v1alpha1_yurtappset.go
diff --git a/pkg/webhook/add_v1beta1_nodepool.go b/pkg/webhook/add_v1beta1_nodepool.go
diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go
@@ -26,61 +26,102 @@ import (
 	"k8s.io/klog/v2"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	"github.com/openyurtio/openyurt/cmd/yurt-manager/app/config"
-	"github.com/openyurtio/openyurt/pkg/controller/util"
+	ctrlutil "github.com/openyurtio/openyurt/pkg/controller/util"
+	v1alpha1gateway "github.com/openyurtio/openyurt/pkg/webhook/gateway/v1alpha1"
+	v1alpha1nodepool "github.com/openyurtio/openyurt/pkg/webhook/nodepool/v1alpha1"
+	v1beta1nodepool "github.com/openyurtio/openyurt/pkg/webhook/nodepool/v1beta1"
+	v1pod "github.com/openyurtio/openyurt/pkg/webhook/pod/v1"
+	v1alpha1staticpod "github.com/openyurtio/openyurt/pkg/webhook/staticpod/v1alpha1"
+	"github.com/openyurtio/openyurt/pkg/webhook/util"
 	webhookcontroller "github.com/openyurtio/openyurt/pkg/webhook/util/controller"
 	"github.com/openyurtio/openyurt/pkg/webhook/util/health"
+	v1alpha1yurtappdaemon "github.com/openyurtio/openyurt/pkg/webhook/yurtappdaemon/v1alpha1"
+	v1alpha1yurtappset "github.com/openyurtio/openyurt/pkg/webhook/yurtappset/v1alpha1"
 )
 
 type SetupWebhookWithManager interface {
-	admission.CustomDefaulter
-	admission.CustomValidator
 	// mutate path, validatepath, error
 	SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error)
 }
 
-var controllerWebhook map[string][]SetupWebhookWithManager
+// controllerWebhooks is used to control whether enable or disable controller-webhooks
+var controllerWebhooks map[string][]SetupWebhookWithManager
+
+// independentWebhooks is used to control whether disable independent-webhooks
+var independentWebhooks = make(map[string]SetupWebhookWithManager)
+
 var WebhookHandlerPath = make(map[string]struct{})
 
-func addWebhook(name string, handler SetupWebhookWithManager) {
-	if controllerWebhook == nil {
-		controllerWebhook = make(map[string][]SetupWebhookWithManager)
+func addControllerWebhook(name string, handler SetupWebhookWithManager) {
+	if controllerWebhooks == nil {
+		controllerWebhooks = make(map[string][]SetupWebhookWithManager)
 	}
 
-	if controllerWebhook[name] == nil {
-		controllerWebhook[name] = make([]SetupWebhookWithManager, 0)
+	if controllerWebhooks[name] == nil {
+		controllerWebhooks[name] = make([]SetupWebhookWithManager, 0)
 	}
 
-	controllerWebhook[name] = append(controllerWebhook[name], handler)
+	controllerWebhooks[name] = append(controllerWebhooks[name], handler)
+}
+
+func init() {
+	addControllerWebhook("gateway", &v1alpha1gateway.GatewayHandler{})
+	addControllerWebhook("nodepool", &v1alpha1nodepool.NodePoolHandler{})
+	addControllerWebhook("nodepool", &v1beta1nodepool.NodePoolHandler{})
+	addControllerWebhook("staticpod", &v1alpha1staticpod.StaticPodHandler{})
+	addControllerWebhook("yurtappset", &v1alpha1yurtappset.YurtAppSetHandler{})
+	addControllerWebhook("yurtappdaemon", &v1alpha1yurtappdaemon.YurtAppDaemonHandler{})
+
+	independentWebhooks["pod"] = &v1pod.PodHandler{}
 }
 
 // Note !!! @kadisi
 // Do not change the name of the file or the contents of the file !!!!!!!!!!
 // Note !!!
 
 func SetupWithManager(c *config.CompletedConfig, mgr manager.Manager) error {
-	for controllerName, list := range controllerWebhook {
-		if !util.IsControllerEnabled(controllerName, c.ComponentConfig.Generic.Controllers) {
+	setup := func(s SetupWebhookWithManager) error {
+		m, v, err := s.SetupWebhookWithManager(mgr)
+		if err != nil {
+			return fmt.Errorf("unable to create webhook %v", err)
+		}
+		if _, ok := WebhookHandlerPath[m]; ok {
+			panic(fmt.Errorf("webhook handler path %s duplicated", m))
+		}
+		WebhookHandlerPath[m] = struct{}{}
+		klog.Infof("Add webhook mutate path %s", m)
+		if _, ok := WebhookHandlerPath[v]; ok {
+			panic(fmt.Errorf("webhook handler path %s duplicated", v))
+		}
+		WebhookHandlerPath[v] = struct{}{}
+		klog.Infof("Add webhook validate path %s", v)
+
+		return nil
+	}
+
+	// set up independent webhooks
+	for name, s := range independentWebhooks {
+		if util.IsWebhookDisabled(name, c.ComponentConfig.Generic.DisabledWebhooks) {
+			klog.Warningf("Webhook %v is disabled", name)
+			continue
+		}
+		if err := setup(s); err != nil {
+			return err
+		}
+	}
+
+	// set up controller webhooks
+	for controllerName, list := range controllerWebhooks {
+		if !ctrlutil.IsControllerEnabled(controllerName, c.ComponentConfig.Generic.Controllers) {
 			klog.Warningf("Webhook for %v is disabled", controllerName)
 			continue
 		}
 		for _, s := range list {
-			m, v, err := s.SetupWebhookWithManager(mgr)
-			if err != nil {
-				return fmt.Errorf("unable to create webhook %v", err)
-			}
-			if _, ok := WebhookHandlerPath[m]; ok {
-				panic(fmt.Errorf("webhook handler path %s duplicated", m))
-			}
-			WebhookHandlerPath[m] = struct{}{}
-			klog.Infof("Add webhook mutate path %s", m)
-			if _, ok := WebhookHandlerPath[v]; ok {
-				panic(fmt.Errorf("webhook handler path %s duplicated", v))
+			if err := setup(s); err != nil {
+				return err
 			}
-			WebhookHandlerPath[v] = struct{}{}
-			klog.Infof("Add webhook validate path %s", v)
 		}
 	}
 	return nil

diff --git a/pkg/webhook/util/util.go b/pkg/webhook/util/util.go
@@ -90,3 +90,17 @@ func GenerateValidatePath(gvk schema.GroupVersionKind) string {
 	return "/validate-" + strings.ReplaceAll(gvk.Group, ".", "-") + "-" +
 		gvk.Version + "-" + strings.ToLower(gvk.Kind)
 }
+
+// IsWebhookDisabled check if a specified webhook disabled or not.
+func IsWebhookDisabled(name string, webhooks []string) bool {
+	hasStar := false
+	for _, ctrl := range webhooks {
+		if ctrl == name {
+			return true
+		}
+		if ctrl == "*" {
+			hasStar = true
+		}
+	}
+	return hasStar
+}