View Source K8sWebhoox.Plug (k8s_webhoox v0.2.0)

A Plug used to handle admission webhook requests. The Plug, when called, extracts the admission request from %Plug.Conn{} and passes a %K8sWebhoox.Conn{} to the handlers in the pipeline.

usage

Usage

plug-it-in

Plug it in

Once your endpoint serves via HTTPS, you can route admission webhook requests to this Plug as follows:

defmodule MyOperator.Router do
  use Plug.Router

  plug :match
  plug :dispatch

  post "/admission-review/validating",
    to: K8sWebhoox.Plug,
    init_opts: [
      webhook_handler: {MyOperator.K8sWebhoox.AdmissionControlHandler, webhook_type: :validating}
    ]
end

implementing-the-handler

Implementing the Handler

The webhook handler (MyOperator.K8sWebhoox.AdmissionControlHandler in the example above) needs to implement the Pluggable behviour. Pluggable is very simliar to Plug but instead of a %Plug.Conn{}, you get a %K8sWebhoox.Conn{} struct passed to call/2. Use the helper functions in K8sWebhoox.AdmissionControl.AdmissionReview to process the request.

defmodule MyOperator.K8sWebhoox.AdmissionControlHandler do
  @behaviour Pluggable

  alias K8sWebhoox.AdmissionControl.AdmissionReview

  def init(_), do: nil

  def call(%{assigns: %{webhook_type: :validation}} = conn, _) do
    case conn.request["resource"] do
      %{"group" => "my-operator.com", "version" => "v1beta1", "resource" => "mycrd"} ->
        AdmissionReview.check_immutable(conn, ["spec", "some_immutable_field"])

      _ ->
        conn
    end
  end

options

Options

The plug has to be initialized with to mandatory option webhook_handler:

  • webhook_handler - The Pluggable handling the admission request. Can be a module or a tuple in the form {Handler.Module, init_opts}. The latter will pass the init_opts to the init/1 function of the handler:

    post "/k8s-webhook",
      to: K8sWebhoox.Plug,
      init_opts: [
        webhook_handler: {MyOperator.K8sWebhoox.RequestHandler, env: env}
      ]