Skip to content

Instantly share code, notes, and snippets.

@Yapcheekian

Yapcheekian/validating.go

Created March 4, 2022 00:11
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Yapcheekian/e6c0c94d4ed1f6dd5df1de77ec1761f4 to your computer and use it in GitHub Desktop.
Save Yapcheekian/e6c0c94d4ed1f6dd5df1de77ec1761f4 to your computer and use it in GitHub Desktop.
Download ZIP
validating webhook
Raw
validating.go
package validate
import (
"encoding/json"
"log"
"net/http"
"regexp"
admission "k8s.io/api/admission/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func Validation(w http.ResponseWriter, r *http.Request) {
ar := new(admission.AdmissionReview)
err := json.NewDecoder(r.Body).Decode(ar)
if err != nil {
handleError(w, nil, err)
return
}
response := &admission.AdmissionResponse{
UID: ar.Request.UID,
Allowed: true,
}
pod := &corev1.Pod{}
if err := json.Unmarshal(ar.Request.Object.Raw, pod); err != nil {
handleError(w, ar, err)
return
}
re := regexp.MustCompile(`(?m)(nginx|nginx:\S+)`)
for _, c := range pod.Spec.Containers {
if !re.MatchString(c.Image) {
response.Allowed = false
break
}
}
responseAR := &admission.AdmissionReview{
TypeMeta: metav1.TypeMeta{
Kind: "AdmissionReview",
APIVersion: "admission.k8s.io/v1",
},
Response: response,
}
json.NewEncoder(w).Encode(responseAR)
}
func handleError(w http.ResponseWriter, ar *admission.AdmissionReview, err error) {
if err != nil {
log.Println("[Error]", err.Error())
}
response := &admission.AdmissionResponse{
Allowed: false,
}
if ar != nil {
response.UID = ar.Request.UID
}
ar.Response = response
json.NewEncoder(w).Encode(ar)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment