add identity support and disable knob for handler

Author: Mengqi Yu

pkg/webhook/admission/builder/builder.go

@@ -23,6 +23,7 @@ import (
 	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/sets"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
@@ -43,6 +44,12 @@ type WebhookBuilder struct {
 	// handlers[1] mutates a pod for a different feature bar.
 	handlers []admission.Handler
 
+	// disabledNames are names of handlers that will be disabled.
+	// each handler in handlers will be scanned.
+	// If the handler has implemented NameGetter interface and the name is the disabledNames list,
+	// it will not be register to the webhook when invoking Build method.
+	disabledNames []string
+
 	// t specifies the type of the webhook.
 	// Currently, Mutating and Validating are supported.
 	t *types.WebhookType
@@ -156,6 +163,12 @@ func (b *WebhookBuilder) Handlers(handlers ...admission.Handler) *WebhookBuilder
 	return b
 }
 
+// DisableHandlers disable handlers based on name..
+func (b *WebhookBuilder) DisableHandlers(names ...string) *WebhookBuilder {
+	b.disabledNames = names
+	return b
+}
+
 func (b *WebhookBuilder) validate() error {
 	if b.t == nil {
 		return errors.New("webhook type cannot be nil")
@@ -169,13 +182,29 @@ func (b *WebhookBuilder) validate() error {
 	return nil
 }
 
+func (b *WebhookBuilder) disableHandlers() {
+	if len(b.disabledNames) != 0 {
+		set := sets.NewString(b.disabledNames...)
+		var handlers []admission.Handler
+		for _, handler := range b.handlers {
+			if namedHandler, ok := handler.(admission.NameGetter); ok && set.Has(namedHandler.Name()) {
+				continue
+			}
+			handlers = append(handlers, handler)
+		}
+		b.handlers = handlers
+	}
+}
+
 // Build creates the Webhook based on the options provided.
 func (b *WebhookBuilder) Build() (*admission.Webhook, error) {
 	err := b.validate()
 	if err != nil {
 		return nil, err
 	}
 
+	b.disableHandlers()
+
 	w := &admission.Webhook{
 		Name:              b.name,
 		Type:              *b.t,

pkg/webhook/admission/webhook.go

@@ -42,6 +42,12 @@ type Handler interface {
 	Handle(context.Context, atypes.Request) atypes.Response
 }
 
+// NameGetter gets the name of the Handler
+type NameGetter interface {
+	// Name returns the identity of the Handler.
+	Name() string
+}
+
 // HandlerFunc implements Handler interface using a single function.
 type HandlerFunc func(context.Context, atypes.Request) atypes.Response
 

pkg/webhook/server.go

@@ -89,6 +89,8 @@ type BootstrapOptions struct {
 	// If neither Service nor Host is unspecified, Host will be defaulted to "localhost".
 	Host *string
 
+	DisabledHandlers []string
+
 	// certProvisioner is constructed using certGenerator and certWriter
 	certProvisioner *cert.Provisioner // nolint: structcheck