diff --git a/integration/docker/webhook/Dockerfile b/integration/docker/webhook/Dockerfile new file mode 100644 index 00000000..3a23331c --- /dev/null +++ b/integration/docker/webhook/Dockerfile @@ -0,0 +1,43 @@ +FROM alpine:3.9 +MAINTAINER Levente Kale + +ENV GOPATH /go +ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH +ENV GOOS=linux + +WORKDIR / + +RUN mkdir -p $GOPATH/bin \ +&& mkdir -p $GOPATH/src + +RUN apk add --no-cache libcap iputils + +RUN apk add --no-cache --virtual .tools ca-certificates gcc musl-dev go glide git tar curl \ +&& mkdir -p $GOPATH/src/github.com/nokia/danm \ +&& git clone -b 'webhook' --depth 1 https://github.com/nokia/danm.git $GOPATH/src/github.com/nokia/danm \ +&& cd $GOPATH/src/github.com/nokia/danm \ +&& glide install --strip-vendor \ +&& go get -d github.com/vishvananda/netlink \ +&& go get github.com/containernetworking/plugins/pkg/ns \ +&& go get github.com/golang/groupcache/lru \ +&& rm -rf $GOPATH/src/k8s.io/code-generator \ +&& git clone -b 'kubernetes-1.13.4' --depth 1 https://github.com/kubernetes/code-generator.git $GOPATH/src/k8s.io/code-generator \ +&& go install k8s.io/code-generator/cmd/deepcopy-gen \ +&& go install k8s.io/code-generator/cmd/client-gen \ +&& go install k8s.io/code-generator/cmd/lister-gen \ +&& go install k8s.io/code-generator/cmd/informer-gen \ +&& deepcopy-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 -O zz_generated.deepcopy --bounding-dirs github.com/nokia/danm/crd/apis \ +&& client-gen --alsologtostderr --clientset-name versioned --input-base "" --input github.com/nokia/danm/crd/apis/danm/v1 --clientset-path github.com/nokia/danm/crd/client/clientset \ +&& lister-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --output-package github.com/nokia/danm/crd/client/listers \ +&& informer-gen --alsologtostderr --input-dirs github.com/nokia/danm/crd/apis/danm/v1 --versioned-clientset-package github.com/nokia/danm/crd/client/clientset/versioned --listers-package github.com/nokia/danm/crd/client/listers --output-package github.com/nokia/danm/crd/client/informers \ +&& go install -a -ldflags '-extldflags "-static"' github.com/nokia/danm/cmd/webhook \ +&& cp $GOPATH/bin/webhook /usr/local/bin/webhook \ +&& rm -rf $GOPATH/src \ +&& rm -rf $GOPATH/bin \ +&& apk del .tools \ +&& rm -rf /var/cache/apk/* \ +&& rm -rf /var/lib/apt/lists/* \ +&& rm -rf /tmp/* \ +&& rm -rf ~/.glide + +ENTRYPOINT ["/usr/local/bin/webhook"] diff --git a/integration/manifests/netwatcher/netwatcher_ds.yaml b/integration/manifests/netwatcher/netwatcher_ds.yaml index 40ed6df4..2247ca65 100644 --- a/integration/manifests/netwatcher/netwatcher_ds.yaml +++ b/integration/manifests/netwatcher/netwatcher_ds.yaml @@ -19,7 +19,7 @@ spec: hostPID: true containers: - name: netwatcher - image: netwatcher:3.0.0 + image: netwatcher securityContext: capabilities: add: diff --git a/integration/manifests/svcwatcher/svcwatcher_ds.yaml b/integration/manifests/svcwatcher/svcwatcher_ds.yaml index bc33f521..3c341202 100644 --- a/integration/manifests/svcwatcher/svcwatcher_ds.yaml +++ b/integration/manifests/svcwatcher/svcwatcher_ds.yaml @@ -10,6 +10,7 @@ spec: template: metadata: annotations: + # Adapt to your own network environment! danm.k8s.io/interfaces: | [ { @@ -25,7 +26,7 @@ spec: "node-role.kubernetes.io/master": "" containers: - name: svcwatcher - image: svcwatcher:3.0.0 + image: svcwatcher args: - "--logtostderr" tolerations: diff --git a/integration/manifests/webhook/webhook.yaml b/integration/manifests/webhook/webhook.yaml new file mode 100644 index 00000000..bfbe207c --- /dev/null +++ b/integration/manifests/webhook/webhook.yaml @@ -0,0 +1,76 @@ +--- +apiVersion: admissionregistration.k8s.io/v1beta1 +kind: MutatingWebhookConfiguration +metadata: + name: danm-webhook-config + namespace: kube-system +webhooks: + - name: danm-webhook.nokia.k8s.io + clientConfig: + service: + name: danm-webhook-svc + namespace: kube-system + path: "/webhook" + # Configure your pre-generated certificate matching the details of your environment + caBundle: + rules: + - operations: ["CREATE","UPDATE"] + apiGroups: ["danm.k8s.io"] + apiVersions: ["v1"] + resources: ["danmnets"] + failurePolicy: Fail +--- +apiVersion: v1 +kind: Service +metadata: + name: danm-webhook-svc + namespace: kube-system + labels: + danm: webhook +spec: + ports: + - name: webhook + port: 443 + targetPort: 8443 + selector: + danm: webhook +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: danm-webhook-deployment + namespace: kube-system + labels: + danm: webhook +spec: + selector: + matchLabels: + danm: webhook + template: + metadata: + annotations: + # Adapt to your own network environment! + danm.k8s.io/interfaces: | + [ + { + "network":"flannel" + } + ] + name: danm-webhook + labels: + danm: webhook + spec: + containers: + - name: danm-webhook + image: danm_webhook + command: [ "/usr/local/bin/webhook", "-tls-cert-bundle=/etc/webhook/certs/danm_webhook.crt", "-tls-private-key-file=/etc/webhook/certs/danm_webhook.key", "bind-port=8443" ] + imagePullPolicy: IfNotPresent + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true + # Configure the directory holding the Webhook's server certificates + volumes: + - name: webhook-certs + hostPath: + path: /etc/kubernetes/ssl/ \ No newline at end of file diff --git a/pkg/netadmit/netadmit.go b/pkg/netadmit/netadmit.go index a4d5bcd2..1c432b0c 100644 --- a/pkg/netadmit/netadmit.go +++ b/pkg/netadmit/netadmit.go @@ -3,7 +3,6 @@ package netadmit import ( "bytes" "errors" - "fmt" "log" "net" "reflect" @@ -35,39 +34,32 @@ type Patch struct { } func ValidateNetwork(responseWriter http.ResponseWriter, request *http.Request) { - log.Println("INFO: got a request") admissionReview, err := DecodeAdmissionReview(request) if err != nil { SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err) return } - log.Println("INFO: after decode") manifest, err := getNetworkManifest(admissionReview.Request.Object.Raw) if err != nil { SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err) return } - log.Println("INFO: after get manifest") origManifest := *manifest isManifestValid, err := validateNetworkByType(manifest, request.Method) if !isManifestValid { SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err) return } - log.Println("INFO: after validate") err = mutateManifest(manifest) if err != nil { SendErroneousAdmissionResponse(responseWriter, admissionReview.Request.UID, err) return } - log.Println("INFO: after mutate") responseAdmissionReview := v1beta1.AdmissionReview { Response: CreateReviewResponseFromPatches(createPatchListFromChanges(origManifest,manifest)), } responseAdmissionReview.Response.UID = admissionReview.Request.UID - fmt.Printf("This is the response we gonna send: %+v\n", responseAdmissionReview) SendAdmissionResponse(responseWriter, responseAdmissionReview) - log.Println("INFO: we have sent a successful answer!") } func DecodeAdmissionReview(httpRequest *http.Request) (*v1beta1.AdmissionReview,error) { @@ -104,7 +96,7 @@ func SendErroneousAdmissionResponse(responseWriter http.ResponseWriter, uid type func SendAdmissionResponse(responseWriter http.ResponseWriter, reviewResponse v1beta1.AdmissionReview) { respBytes, err := json.Marshal(reviewResponse) if err != nil { - log.Println("ERROR: Failed to send AdmissionRespons for request:" + string(reviewResponse.Response.UID) + " because JSON marshalling failed with error:" + err.Error()) + log.Println("ERROR: Failed to send AdmissionResponse for request:" + string(reviewResponse.Response.UID) + " because JSON marshalling failed with error:" + err.Error()) } responseWriter.Header().Set("Content-Type", "application/json") _, err = responseWriter.Write(respBytes) @@ -213,6 +205,5 @@ func CreateGenericPatchFromChange(attributePaths map[string]string, attribute st Path: attributePaths[attribute], Value: value, } - fmt.Printf("This is a patch we want to send: %+v\n", patch) return patch } diff --git a/pkg/netadmit/validators.go b/pkg/netadmit/validators.go index 42fedb45..599c8945 100644 --- a/pkg/netadmit/validators.go +++ b/pkg/netadmit/validators.go @@ -5,9 +5,7 @@ import ( "log" "net" "strconv" - "strings" "encoding/binary" - "net/http" danmtypes "github.com/nokia/danm/crd/apis/danm/v1" "github.com/nokia/danm/pkg/ipam" ) @@ -65,11 +63,6 @@ func validateIpFields(cidr string, routes map[string]string) error { } func validateAllocationPool(dnet *danmtypes.DanmNet, httpMethod string) error { - log.Println("HTTP method was:" + httpMethod) - log.Println("HTTP method constant is:" + http.MethodPost) - log.Println("Alloc was:" + dnet.Spec.Options.Alloc) - log.Println("Strings compare res:" + strconv.Itoa(strings.Compare(httpMethod,http.MethodPost))) - log.Println("Empty string check:" + strconv.Itoa(len(dnet.Spec.Options.Alloc))) cidr := dnet.Spec.Options.Cidr if cidr == "" { if dnet.Spec.Options.Pool.Start != "" || dnet.Spec.Options.Pool.End != "" { diff --git a/test/utils/utils.go b/test/utils/utils.go index 96562e80..c744ebb3 100644 --- a/test/utils/utils.go +++ b/test/utils/utils.go @@ -12,11 +12,10 @@ import ( func SetupAllocationPools(nets []danmtypes.DanmNet) error { for index, dnet := range nets { if dnet.Spec.Options.Cidr != "" { - bitArray, err := netadmit.CreateAllocationArray(&dnet) + err := netadmit.CreateAllocationArray(&dnet) if err != nil { return err } - dnet.Spec.Options.Alloc = bitArray.Encode() _, ipnet, err := net.ParseCIDR(dnet.Spec.Options.Cidr) if err != nil { return err