From 4356d43c4a4e60bbef8a7e8bc7d765be47cc2404 Mon Sep 17 00:00:00 2001 From: Xuecheng Date: Fri, 21 Apr 2023 04:40:00 +0300 Subject: [PATCH] add a parameter for yurt-manager to disable independent webhooks (#1399) * move controller webhook register to server.go Signed-off-by: hxcGit * add parameter webhook for yurt-manager Signed-off-by: hxcGit * add disable-independent-webhooks parameter for yurt-manager Signed-off-by: hxcGit * remove webhook-disabled check from controllerWebhooks Signed-off-by: hxcGit --------- Signed-off-by: hxcGit --- charts/openyurt/templates/yurt-manager.yaml | 3 + charts/openyurt/values.yaml | 2 + cmd/yurt-manager/app/options/generic.go | 8 +- pkg/controller/apis/config/types.go | 3 + pkg/webhook/add_v1alpha1_gateway.go | 25 ------ pkg/webhook/add_v1alpha1_nodepool.go | 25 ------ pkg/webhook/add_v1alpha1_staticpod.go | 25 ------ pkg/webhook/add_v1alpha1_yurtappdaemon.go | 25 ------ pkg/webhook/add_v1alpha1_yurtappset.go | 25 ------ pkg/webhook/add_v1beta1_nodepool.go | 25 ------ pkg/webhook/server.go | 93 +++++++++++++++------ pkg/webhook/util/util.go | 14 ++++ 12 files changed, 95 insertions(+), 178 deletions(-) delete mode 100644 pkg/webhook/add_v1alpha1_gateway.go delete mode 100644 pkg/webhook/add_v1alpha1_nodepool.go delete mode 100644 pkg/webhook/add_v1alpha1_staticpod.go delete mode 100644 pkg/webhook/add_v1alpha1_yurtappdaemon.go delete mode 100644 pkg/webhook/add_v1alpha1_yurtappset.go delete mode 100644 pkg/webhook/add_v1beta1_nodepool.go diff --git a/charts/openyurt/templates/yurt-manager.yaml b/charts/openyurt/templates/yurt-manager.yaml index 3a9c7da8497..002a8dce41a 100644 --- a/charts/openyurt/templates/yurt-manager.yaml +++ b/charts/openyurt/templates/yurt-manager.yaml @@ -61,6 +61,9 @@ spec: {{- if .Values.yurtManager.controllers }} - --controllers={{ .Values.yurtManager.controllers }} {{- end }} + - {{- if .Values.yurtManager.disableIndependentWebhooks }} + - --disable-independent-webhooks={{ .Values.yurtManager.disableIndependentWebhooks }} + {{- end }} command: - /usr/local/bin/yurt-manager image: {{ .Values.yurtManager.image.repository }}:{{ .Values.yurtManager.image.tag }} diff --git a/charts/openyurt/values.yaml b/charts/openyurt/values.yaml index c9864050956..1a1c7a210d9 100644 --- a/charts/openyurt/values.yaml +++ b/charts/openyurt/values.yaml @@ -58,6 +58,8 @@ yurtManager: port: 10271 # format should be "foo,-bar,*" controllers: "" + # format should be "foo,*" + disableIndependentWebhooks: "" healthProbe: port: 10272 # resources of yurt-manager container diff --git a/cmd/yurt-manager/app/options/generic.go b/cmd/yurt-manager/app/options/generic.go index c271b766e4e..a912e15a631 100644 --- a/cmd/yurt-manager/app/options/generic.go +++ b/cmd/yurt-manager/app/options/generic.go @@ -23,7 +23,7 @@ import ( "github.com/openyurtio/openyurt/pkg/features" ) -const enableAllController = "*" +const enableAll = "*" type GenericOptions struct { *config.GenericConfiguration @@ -40,7 +40,8 @@ func NewGenericOptions() *GenericOptions { RestConfigQPS: 30, RestConfigBurst: 50, WorkingNamespace: "kube-system", - Controllers: []string{enableAllController}, + Controllers: []string{enableAll}, + DisabledWebhooks: []string{}, }, } } @@ -71,6 +72,7 @@ func (o *GenericOptions) ApplyTo(cfg *config.GenericConfiguration) error { cfg.RestConfigBurst = o.RestConfigBurst cfg.WorkingNamespace = o.WorkingNamespace cfg.Controllers = o.Controllers + cfg.DisabledWebhooks = o.DisabledWebhooks return nil } @@ -91,6 +93,8 @@ func (o *GenericOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&o.WorkingNamespace, "working-namespace", o.WorkingNamespace, "The namespace where the yurt-manager is working.") fs.StringSliceVar(&o.Controllers, "controllers", o.Controllers, "A list of controllers to enable. "+ "'*' enables all on-by-default controllers, 'foo' enables the controller named 'foo', '-foo' disables the controller named 'foo'.") + fs.StringSliceVar(&o.DisabledWebhooks, "disable-independent-webhooks", o.DisabledWebhooks, "A list of webhooks to disable. "+ + "'*' disables all webhooks, 'foo' disables the webhook named 'foo'.") features.DefaultMutableFeatureGate.AddFlag(fs) } diff --git a/pkg/controller/apis/config/types.go b/pkg/controller/apis/config/types.go index e3d1e58cd0b..1626dec8445 100644 --- a/pkg/controller/apis/config/types.go +++ b/pkg/controller/apis/config/types.go @@ -75,4 +75,7 @@ type GenericConfiguration struct { // '-foo' means "disable 'foo'" // first item for a particular name wins Controllers []string + // DisabledWebhooks is used to specify the disabled webhooks + // Only care about controller-independent webhooks + DisabledWebhooks []string } diff --git a/pkg/webhook/add_v1alpha1_gateway.go b/pkg/webhook/add_v1alpha1_gateway.go deleted file mode 100644 index c53a51ea3da..00000000000 --- a/pkg/webhook/add_v1alpha1_gateway.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2023 The OpenYurt Authors. - -Licensed under the Apache License, Version 2.0 (the License); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an AS IS BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "github.com/openyurtio/openyurt/pkg/webhook/gateway/v1alpha1" -) - -func init() { - addWebhook("gateway", &v1alpha1.GatewayHandler{}) -} diff --git a/pkg/webhook/add_v1alpha1_nodepool.go b/pkg/webhook/add_v1alpha1_nodepool.go deleted file mode 100644 index fdcd8c03a88..00000000000 --- a/pkg/webhook/add_v1alpha1_nodepool.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2023 The OpenYurt Authors. - -Licensed under the Apache License, Version 2.0 (the License); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an AS IS BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "github.com/openyurtio/openyurt/pkg/webhook/nodepool/v1alpha1" -) - -func init() { - addWebhook("nodepool", &v1alpha1.NodePoolHandler{}) -} diff --git a/pkg/webhook/add_v1alpha1_staticpod.go b/pkg/webhook/add_v1alpha1_staticpod.go deleted file mode 100644 index d754b9bf1d1..00000000000 --- a/pkg/webhook/add_v1alpha1_staticpod.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2023 The OpenYurt Authors. - -Licensed under the Apache License, Version 2.0 (the License); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an AS IS BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "github.com/openyurtio/openyurt/pkg/webhook/staticpod/v1alpha1" -) - -func init() { - addWebhook("staticpod", &v1alpha1.StaticPodHandler{}) -} diff --git a/pkg/webhook/add_v1alpha1_yurtappdaemon.go b/pkg/webhook/add_v1alpha1_yurtappdaemon.go deleted file mode 100644 index 40f3236406d..00000000000 --- a/pkg/webhook/add_v1alpha1_yurtappdaemon.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2023 The OpenYurt Authors. - -Licensed under the Apache License, Version 2.0 (the License); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an AS IS BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "github.com/openyurtio/openyurt/pkg/webhook/yurtappdaemon/v1alpha1" -) - -func init() { - addWebhook("yurtappdaemon", &v1alpha1.YurtAppDaemonHandler{}) -} diff --git a/pkg/webhook/add_v1alpha1_yurtappset.go b/pkg/webhook/add_v1alpha1_yurtappset.go deleted file mode 100644 index 9ba4ed44a31..00000000000 --- a/pkg/webhook/add_v1alpha1_yurtappset.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2023 The OpenYurt Authors. - -Licensed under the Apache License, Version 2.0 (the License); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an AS IS BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "github.com/openyurtio/openyurt/pkg/webhook/yurtappset/v1alpha1" -) - -func init() { - addWebhook("yurtappset", &v1alpha1.YurtAppSetHandler{}) -} diff --git a/pkg/webhook/add_v1beta1_nodepool.go b/pkg/webhook/add_v1beta1_nodepool.go deleted file mode 100644 index f8d3a65d06f..00000000000 --- a/pkg/webhook/add_v1beta1_nodepool.go +++ /dev/null @@ -1,25 +0,0 @@ -/* -Copyright 2023 The OpenYurt Authors. - -Licensed under the Apache License, Version 2.0 (the License); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an AS IS BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "github.com/openyurtio/openyurt/pkg/webhook/nodepool/v1beta1" -) - -func init() { - addWebhook("nodepool", &v1beta1.NodePoolHandler{}) -} diff --git a/pkg/webhook/server.go b/pkg/webhook/server.go index c7b28d9521f..6e44b5ae7bc 100644 --- a/pkg/webhook/server.go +++ b/pkg/webhook/server.go @@ -26,34 +26,55 @@ import ( "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/webhook/admission" "github.com/openyurtio/openyurt/cmd/yurt-manager/app/config" - "github.com/openyurtio/openyurt/pkg/controller/util" + ctrlutil "github.com/openyurtio/openyurt/pkg/controller/util" + v1alpha1gateway "github.com/openyurtio/openyurt/pkg/webhook/gateway/v1alpha1" + v1alpha1nodepool "github.com/openyurtio/openyurt/pkg/webhook/nodepool/v1alpha1" + v1beta1nodepool "github.com/openyurtio/openyurt/pkg/webhook/nodepool/v1beta1" + v1pod "github.com/openyurtio/openyurt/pkg/webhook/pod/v1" + v1alpha1staticpod "github.com/openyurtio/openyurt/pkg/webhook/staticpod/v1alpha1" + "github.com/openyurtio/openyurt/pkg/webhook/util" webhookcontroller "github.com/openyurtio/openyurt/pkg/webhook/util/controller" "github.com/openyurtio/openyurt/pkg/webhook/util/health" + v1alpha1yurtappdaemon "github.com/openyurtio/openyurt/pkg/webhook/yurtappdaemon/v1alpha1" + v1alpha1yurtappset "github.com/openyurtio/openyurt/pkg/webhook/yurtappset/v1alpha1" ) type SetupWebhookWithManager interface { - admission.CustomDefaulter - admission.CustomValidator // mutate path, validatepath, error SetupWebhookWithManager(mgr ctrl.Manager) (string, string, error) } -var controllerWebhook map[string][]SetupWebhookWithManager +// controllerWebhooks is used to control whether enable or disable controller-webhooks +var controllerWebhooks map[string][]SetupWebhookWithManager + +// independentWebhooks is used to control whether disable independent-webhooks +var independentWebhooks = make(map[string]SetupWebhookWithManager) + var WebhookHandlerPath = make(map[string]struct{}) -func addWebhook(name string, handler SetupWebhookWithManager) { - if controllerWebhook == nil { - controllerWebhook = make(map[string][]SetupWebhookWithManager) +func addControllerWebhook(name string, handler SetupWebhookWithManager) { + if controllerWebhooks == nil { + controllerWebhooks = make(map[string][]SetupWebhookWithManager) } - if controllerWebhook[name] == nil { - controllerWebhook[name] = make([]SetupWebhookWithManager, 0) + if controllerWebhooks[name] == nil { + controllerWebhooks[name] = make([]SetupWebhookWithManager, 0) } - controllerWebhook[name] = append(controllerWebhook[name], handler) + controllerWebhooks[name] = append(controllerWebhooks[name], handler) +} + +func init() { + addControllerWebhook("gateway", &v1alpha1gateway.GatewayHandler{}) + addControllerWebhook("nodepool", &v1alpha1nodepool.NodePoolHandler{}) + addControllerWebhook("nodepool", &v1beta1nodepool.NodePoolHandler{}) + addControllerWebhook("staticpod", &v1alpha1staticpod.StaticPodHandler{}) + addControllerWebhook("yurtappset", &v1alpha1yurtappset.YurtAppSetHandler{}) + addControllerWebhook("yurtappdaemon", &v1alpha1yurtappdaemon.YurtAppDaemonHandler{}) + + independentWebhooks["pod"] = &v1pod.PodHandler{} } // Note !!! @kadisi @@ -61,26 +82,46 @@ func addWebhook(name string, handler SetupWebhookWithManager) { // Note !!! func SetupWithManager(c *config.CompletedConfig, mgr manager.Manager) error { - for controllerName, list := range controllerWebhook { - if !util.IsControllerEnabled(controllerName, c.ComponentConfig.Generic.Controllers) { + setup := func(s SetupWebhookWithManager) error { + m, v, err := s.SetupWebhookWithManager(mgr) + if err != nil { + return fmt.Errorf("unable to create webhook %v", err) + } + if _, ok := WebhookHandlerPath[m]; ok { + panic(fmt.Errorf("webhook handler path %s duplicated", m)) + } + WebhookHandlerPath[m] = struct{}{} + klog.Infof("Add webhook mutate path %s", m) + if _, ok := WebhookHandlerPath[v]; ok { + panic(fmt.Errorf("webhook handler path %s duplicated", v)) + } + WebhookHandlerPath[v] = struct{}{} + klog.Infof("Add webhook validate path %s", v) + + return nil + } + + // set up independent webhooks + for name, s := range independentWebhooks { + if util.IsWebhookDisabled(name, c.ComponentConfig.Generic.DisabledWebhooks) { + klog.Warningf("Webhook %v is disabled", name) + continue + } + if err := setup(s); err != nil { + return err + } + } + + // set up controller webhooks + for controllerName, list := range controllerWebhooks { + if !ctrlutil.IsControllerEnabled(controllerName, c.ComponentConfig.Generic.Controllers) { klog.Warningf("Webhook for %v is disabled", controllerName) continue } for _, s := range list { - m, v, err := s.SetupWebhookWithManager(mgr) - if err != nil { - return fmt.Errorf("unable to create webhook %v", err) - } - if _, ok := WebhookHandlerPath[m]; ok { - panic(fmt.Errorf("webhook handler path %s duplicated", m)) - } - WebhookHandlerPath[m] = struct{}{} - klog.Infof("Add webhook mutate path %s", m) - if _, ok := WebhookHandlerPath[v]; ok { - panic(fmt.Errorf("webhook handler path %s duplicated", v)) + if err := setup(s); err != nil { + return err } - WebhookHandlerPath[v] = struct{}{} - klog.Infof("Add webhook validate path %s", v) } } return nil diff --git a/pkg/webhook/util/util.go b/pkg/webhook/util/util.go index 96b07ba7daa..3d9e1231890 100644 --- a/pkg/webhook/util/util.go +++ b/pkg/webhook/util/util.go @@ -90,3 +90,17 @@ func GenerateValidatePath(gvk schema.GroupVersionKind) string { return "/validate-" + strings.ReplaceAll(gvk.Group, ".", "-") + "-" + gvk.Version + "-" + strings.ToLower(gvk.Kind) } + +// IsWebhookDisabled check if a specified webhook disabled or not. +func IsWebhookDisabled(name string, webhooks []string) bool { + hasStar := false + for _, ctrl := range webhooks { + if ctrl == name { + return true + } + if ctrl == "*" { + hasStar = true + } + } + return hasStar +}