⚠️ wire wehbooks if implements the interfaces

If user defines a CRD type and make it implement the Defaulter and
(or) the Validator interface, it will automatically wire a webhook
server for the admission webhooks.

Author: Mengqi Yu

Gopkg.lock

@@ -30,6 +30,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/predicate"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	"sigs.k8s.io/controller-runtime/pkg/source"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 )
 
 // Supporting mocking out functions for testing
@@ -65,6 +66,8 @@ func ControllerManagedBy(m manager.Manager) *Builder {
 // update events by *reconciling the object*.
 // This is the equivalent of calling
 // Watches(&source.Kind{Type: apiType}, &handler.EnqueueRequestForObject{})
+// If the passed in object has implemented the admission.Defaulter interface, a MutatingWebhook will be wired for this type.
+// If the passed in object has implemented the admission.Validator interface, a ValidatingWebhook will be wired for this type.
 //
 // Deprecated: Use For
 func (blder *Builder) ForType(apiType runtime.Object) *Builder {
@@ -75,6 +78,8 @@ func (blder *Builder) ForType(apiType runtime.Object) *Builder {
 // update events by *reconciling the object*.
 // This is the equivalent of calling
 // Watches(&source.Kind{Type: apiType}, &handler.EnqueueRequestForObject{})
+// If the passed in object has implemented the admission.Defaulter interface, a MutatingWebhook will be wired for this type.
+// If the passed in object has implemented the admission.Validator interface, a ValidatingWebhook will be wired for this type.
 func (blder *Builder) For(apiType runtime.Object) *Builder {
 	blder.apiType = apiType
 	return blder
@@ -124,7 +129,7 @@ func (blder *Builder) WithEventFilter(p predicate.Predicate) *Builder {
 	return blder
 }
 
-// Complete builds the Application ControllerManagedBy and returns the Manager used to start it.
+// Complete builds the Application ControllerManagedBy.
 func (blder *Builder) Complete(r reconcile.Reconciler) error {
 	_, err := blder.Build(r)
 	return err
@@ -135,7 +140,7 @@ func (blder *Builder) Complete(r reconcile.Reconciler) error {
 // Deprecated: Use Complete
 func (blder *Builder) Build(r reconcile.Reconciler) (manager.Manager, error) {
 	if r == nil {
-		return nil, fmt.Errorf("must call WithReconciler to set Reconciler")
+		return nil, fmt.Errorf("must provide a non-nil Reconciler")
 	}
 
 	// Set the Config
@@ -153,12 +158,26 @@ func (blder *Builder) Build(r reconcile.Reconciler) (manager.Manager, error) {
 		return nil, err
 	}
 
+	// Set the Webook if needed
+	if err := blder.doWebhook(); err != nil {
+		return nil, err
+	}
+
+	// Set the Watch
+	if err := blder.doWatch(); err != nil {
+		return nil, err
+	}
+
+	return blder.mgr, nil
+}
+
+func (blder *Builder) doWatch() error {
 	// Reconcile type
 	src := &source.Kind{Type: blder.apiType}
 	hdler := &handler.EnqueueRequestForObject{}
 	err := blder.ctrl.Watch(src, hdler, blder.predicates...)
 	if err != nil {
-		return nil, err
+		return err
 	}
 
 	// Watches the managed types
@@ -169,19 +188,18 @@ func (blder *Builder) Build(r reconcile.Reconciler) (manager.Manager, error) {
 			IsController: true,
 		}
 		if err := blder.ctrl.Watch(src, hdler, blder.predicates...); err != nil {
-			return nil, err
+			return err
 		}
 	}
 
 	// Do the watch requests
 	for _, w := range blder.watchRequest {
 		if err := blder.ctrl.Watch(w.src, w.eventhandler, blder.predicates...); err != nil {
-			return nil, err
+			return err
 		}
 
 	}
-
-	return blder.mgr, nil
+	return nil
 }
 
 func (blder *Builder) doConfig() error {
@@ -223,3 +241,51 @@ func (blder *Builder) doController(r reconcile.Reconciler) error {
 	blder.ctrl, err = newController(name, blder.mgr, controller.Options{Reconciler: r})
 	return err
 }
+
+func (blder *Builder) doWebhook() error {
+	// Create a webhook for each type
+	gvk, err := apiutil.GVKForObject(blder.apiType, blder.mgr.GetScheme())
+	if err != nil {
+		return err
+	}
+
+	partialPath := strings.Replace(gvk.Group, ".", "-", -1) + "-" +
+		gvk.Version + "-" + strings.ToLower(gvk.Kind)
+
+	// TODO: When the conversion webhook lands, we need to handle all registered versions of a given group-kind.
+	// A potential workflow for defaulting webhook
+	// 1) a bespoke (non-hub) version comes in
+	// 2) convert it to the hub version
+	// 3) do defaulting
+	// 4) convert it back to the same bespoke version
+	// 5) calculate the JSON patch
+	//
+	// A potential workflow for validating webhook
+	// 1) a bespoke (non-hub) version comes in
+	// 2) convert it to the hub version
+	// 3) do validation
+	if defaulter, isDefaulter := blder.apiType.(admission.Defaulter); isDefaulter {
+		mwh := admission.DefaultingWebhookFor(defaulter)
+		if mwh != nil {
+			path := "/mutate-" + partialPath
+			log.Info("Registering a mutating webhook",
+				"GVK", gvk,
+				"path", path)
+
+			blder.mgr.GetWebhookServer().Register(path, mwh)
+		}
+	}
+
+	if validator, isValidator := blder.apiType.(admission.Validator); isValidator {
+		vwh := admission.ValidatingWebhookFor(validator)
+		if vwh != nil {
+			path := "/validate-" + partialPath
+			log.Info("Registering a validating webhook",
+				"GVK", gvk,
+				"path", path)
+			blder.mgr.GetWebhookServer().Register(path, vwh)
+		}
+	}
+
+	return err
+}

pkg/builder/build.go

@@ -21,14 +21,17 @@ import (
 
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
+
 	"k8s.io/client-go/rest"
 	"sigs.k8s.io/controller-runtime/pkg/envtest"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 	"sigs.k8s.io/controller-runtime/pkg/metrics"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+	"sigs.k8s.io/testing_frameworks/integration/addr"
 )
 
-func TestSource(t *testing.T) {
+func TestBuilder(t *testing.T) {
 	RegisterFailHandler(Fail)
 	RunSpecsWithDefaultAndCustomReporters(t, "application Suite", []Reporter{envtest.NewlineReporter{}})
 }
@@ -48,6 +51,9 @@ var _ = BeforeSuite(func(done Done) {
 	// Prevent the metrics listener being created
 	metrics.DefaultBindAddress = "0"
 
+	webhook.DefaultPort, _, err = addr.Suggest()
+	Expect(err).NotTo(HaveOccurred())
+
 	close(done)
 }, 60)
 
@@ -56,4 +62,7 @@ var _ = AfterSuite(func() {
 
 	// Put the DefaultBindAddress back
 	metrics.DefaultBindAddress = ":8080"
+
+	// Change the webhook.DefaultPort back to the original default.
+	webhook.DefaultPort = 443
 })

pkg/builder/builder_suite_test.go

@@ -20,3 +20,9 @@ limitations under the License.
 // Projects built with the builder package can trivially be rebased on top of the underlying
 // packages if the project requires more customized behavior in the future.
 package builder
+
+import (
+	logf "sigs.k8s.io/controller-runtime/pkg/internal/log"
+)
+
+var log = logf.RuntimeLog.WithName("builder")

pkg/builder/doc.go

@@ -37,6 +37,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/metrics"
 	"sigs.k8s.io/controller-runtime/pkg/recorder"
 	"sigs.k8s.io/controller-runtime/pkg/runtime/inject"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
 
 var log = logf.RuntimeLog.WithName("manager")
@@ -93,6 +94,13 @@ type controllerManager struct {
 	internalStopper chan<- struct{}
 
 	startCache func(stop <-chan struct{}) error
+
+	// port is the port that the webhook server serves at.
+	port int
+	// host is the hostname that the webhook server binds to.
+	host string
+
+	webhookServer *webhook.Server
 }
 
 // Add sets dependencies on i, and adds it to the list of runnables to start.
@@ -177,6 +185,19 @@ func (cm *controllerManager) GetAPIReader() client.Reader {
 	return cm.apiReader
 }
 
+func (cm *controllerManager) GetWebhookServer() *webhook.Server {
+	if cm.webhookServer == nil {
+		cm.webhookServer = &webhook.Server{
+			Port: cm.port,
+			Host: cm.host,
+		}
+		if err := cm.Add(cm.webhookServer); err != nil {
+			panic("unable to add webhookServer to the controller manager")
+		}
+	}
+	return cm.webhookServer
+}
+
 func (cm *controllerManager) serveMetrics(stop <-chan struct{}) {
 	handler := promhttp.HandlerFor(metrics.Registry, promhttp.HandlerOpts{
 		ErrorHandling: promhttp.HTTPErrorOnError,

pkg/manager/internal.go

@@ -36,6 +36,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/leaderelection"
 	"sigs.k8s.io/controller-runtime/pkg/metrics"
 	"sigs.k8s.io/controller-runtime/pkg/recorder"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 )
 
 // Manager initializes shared dependencies such as Caches and Clients, and provides them to Runnables.
@@ -79,6 +80,9 @@ type Manager interface {
 	// This should be used sparingly and only when the client does not fit your
 	// use case.
 	GetAPIReader() client.Reader
+
+	// GetWebhookServer returns a webhook.Server
+	GetWebhookServer() *webhook.Server
 }
 
 // Options are the arguments for creating a new Manager
@@ -121,6 +125,13 @@ type Options struct {
 	// for serving prometheus metrics
 	MetricsBindAddress string
 
+	// Port is the port that the webhook server serves at.
+	// It is used to set webhook.Server.Port.
+	Port int
+	// Host is the hostname that the webhook server binds to.
+	// It is used to set webhook.Server.Host.
+	Host string
+
 	// Functions to all for a user to customize the values that will be injected.
 
 	// NewCache is the function that will create the cache to be used
@@ -234,6 +245,8 @@ func New(config *rest.Config, options Options) (Manager, error) {
 		metricsListener:  metricsListener,
 		internalStop:     stop,
 		internalStopper:  stop,
+		port:             options.Port,
+		host:             options.Host,
 	}, nil
 }
 

pkg/manager/manager.go

@@ -0,0 +1,75 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package admission
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+
+	"k8s.io/apimachinery/pkg/runtime"
+)
+
+// Defaulter defines functions for setting defaults on resources
+type Defaulter interface {
+	runtime.Object
+	Default()
+}
+
+// DefaultingWebhookFor creates a new Webhook for Defaulting the provided type.
+func DefaultingWebhookFor(defaulter Defaulter) *Webhook {
+	return &Webhook{
+		Handler: &mutatingHandler{defaulter: defaulter},
+	}
+}
+
+type mutatingHandler struct {
+	defaulter Defaulter
+	decoder   *Decoder
+}
+
+var _ DecoderInjector = &mutatingHandler{}
+
+// InjectDecoder injects the decoder into a mutatingHandler.
+func (h *mutatingHandler) InjectDecoder(d *Decoder) error {
+	h.decoder = d
+	return nil
+}
+
+// Handle handles admission requests.
+func (h *mutatingHandler) Handle(ctx context.Context, req Request) Response {
+	if h.defaulter == nil {
+		panic("defaulter should never be nil")
+	}
+
+	// Get the object in the request
+	obj := h.defaulter.DeepCopyObject().(Defaulter)
+	err := h.decoder.Decode(req, obj)
+	if err != nil {
+		return Errored(http.StatusBadRequest, err)
+	}
+
+	// Default the object
+	obj.Default()
+	marshalled, err := json.Marshal(obj)
+	if err != nil {
+		return Errored(http.StatusInternalServerError, err)
+	}
+
+	// Create the patch
+	return PatchResponseFromRaw(req.Object.Raw, marshalled)
+}