split the exmaple file into multiple files

Author: Mengqi Yu

example/controller.go

@@ -0,0 +1,77 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+
+	"github.com/go-logr/logr"
+
+	appsv1 "k8s.io/api/apps/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/reconcile"
+)
+
+// reconcileReplicaSet reconciles ReplicaSets
+type reconcileReplicaSet struct {
+	// client can be used to retrieve objects from the APIServer.
+	client client.Client
+	log    logr.Logger
+}
+
+// Implement reconcile.Reconciler so the controller can reconcile objects
+var _ reconcile.Reconciler = &reconcileReplicaSet{}
+
+func (r *reconcileReplicaSet) Reconcile(request reconcile.Request) (reconcile.Result, error) {
+	// set up a convinient log object so we don't have to type request over and over again
+	log := r.log.WithValues("request", request)
+
+	// Fetch the ReplicaSet from the cache
+	rs := &appsv1.ReplicaSet{}
+	err := r.client.Get(context.TODO(), request.NamespacedName, rs)
+	if errors.IsNotFound(err) {
+		log.Error(nil, "Could not find ReplicaSet")
+		return reconcile.Result{}, nil
+	}
+
+	if err != nil {
+		log.Error(err, "Could not fetch ReplicaSet")
+		return reconcile.Result{}, err
+	}
+
+	// Print the ReplicaSet
+	log.Info("Reconciling ReplicaSet", "container name", rs.Spec.Template.Spec.Containers[0].Name)
+
+	// Set the label if it is missing
+	if rs.Labels == nil {
+		rs.Labels = map[string]string{}
+	}
+	if rs.Labels["hello"] == "world" {
+		return reconcile.Result{}, nil
+	}
+
+	// Update the ReplicaSet
+	rs.Labels["hello"] = "world"
+	err = r.client.Update(context.TODO(), rs)
+	if err != nil {
+		log.Error(err, "Could not write ReplicaSet")
+		return reconcile.Result{}, err
+	}
+
+	return reconcile.Result{}, nil
+}

example/main.go

@@ -17,31 +17,22 @@ limitations under the License.
 package main
 
 import (
-	"context"
 	"flag"
-	"fmt"
-	"net/http"
 	"os"
 
-	"github.com/go-logr/logr"
-
 	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
-	"k8s.io/apimachinery/pkg/api/errors"
 	apitypes "k8s.io/apimachinery/pkg/types"
 	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
 	"sigs.k8s.io/controller-runtime/pkg/runtime/signals"
 	"sigs.k8s.io/controller-runtime/pkg/source"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
-	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission/builder"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/types"
 )
@@ -112,21 +103,21 @@ func main() {
 	as, err := webhook.NewServer("foo-admission-server", mgr, webhook.ServerOptions{
 		Port:    443,
 		CertDir: "/tmp/cert",
-		Client:  mgr.GetClient(),
-		KVMap:   map[string]interface{}{"foo": "bar"},
+		//Client:  mgr.GetClient(),
+		KVMap: map[string]interface{}{"foo": "bar"},
 		BootstrapOptions: &webhook.BootstrapOptions{
 			Secret: &apitypes.NamespacedName{
 				Namespace: "default",
 				Name:      "foo-admission-server-secret",
 			},
 
-			Service: &apitypes.NamespacedName{
+			Service: &webhook.Service{
 				Namespace: "default",
 				Name:      "foo-admission-server-service",
-			},
-			// Labels should select the pods that runs this webhook server.
-			Labels: map[string]string{
-				"app": "foo-admission-server",
+				// Selectors should select the pods that runs this webhook server.
+				Selectors: map[string]string{
+					"app": "foo-admission-server",
+				},
 			},
 		},
 	})
@@ -145,122 +136,3 @@ func main() {
 		os.Exit(1)
 	}
 }
-
-// reconcileReplicaSet reconciles ReplicaSets
-type reconcileReplicaSet struct {
-	// client can be used to retrieve objects from the APIServer.
-	client client.Client
-	log    logr.Logger
-}
-
-// Implement reconcile.Reconciler so the controller can reconcile objects
-var _ reconcile.Reconciler = &reconcileReplicaSet{}
-
-func (r *reconcileReplicaSet) Reconcile(request reconcile.Request) (reconcile.Result, error) {
-	// set up a convinient log object so we don't have to type request over and over again
-	log := r.log.WithValues("request", request)
-
-	// Fetch the ReplicaSet from the cache
-	rs := &appsv1.ReplicaSet{}
-	err := r.client.Get(context.TODO(), request.NamespacedName, rs)
-	if errors.IsNotFound(err) {
-		log.Error(nil, "Could not find ReplicaSet")
-		return reconcile.Result{}, nil
-	}
-
-	if err != nil {
-		log.Error(err, "Could not fetch ReplicaSet")
-		return reconcile.Result{}, err
-	}
-
-	// Print the ReplicaSet
-	log.Info("Reconciling ReplicaSet", "container name", rs.Spec.Template.Spec.Containers[0].Name)
-
-	// Set the label if it is missing
-	if rs.Labels == nil {
-		rs.Labels = map[string]string{}
-	}
-	if rs.Labels["hello"] == "world" {
-		return reconcile.Result{}, nil
-	}
-
-	// Update the ReplicaSet
-	rs.Labels["hello"] = "world"
-	err = r.client.Update(context.TODO(), rs)
-	if err != nil {
-		log.Error(err, "Could not write ReplicaSet")
-		return reconcile.Result{}, err
-	}
-
-	return reconcile.Result{}, nil
-}
-
-// podAnnotator annotates Pods
-type podAnnotator struct {
-	client  client.Client
-	decoder admission.Decoder
-}
-
-// Implement admission.Handler so the controller can handle admission request.
-var _ admission.Handler = &podAnnotator{}
-
-// podAnnotator adds an annotation to every incoming pods.
-func (a *podAnnotator) Handle(_ context.Context, req admission.Request) admission.Response {
-	pod := &corev1.Pod{}
-
-	err := a.decoder.Decode(req, pod)
-	if err != nil {
-		return admission.ErrorResponse(http.StatusBadRequest, err)
-	}
-	copy := pod.DeepCopy()
-
-	err = mutatePodsFn(copy)
-	if err != nil {
-		return admission.ErrorResponse(http.StatusInternalServerError, err)
-	}
-	return admission.PatchResponse(pod, copy)
-}
-
-// mutatePodsFn add an annotation to the given pod
-func mutatePodsFn(pod *corev1.Pod) error {
-	anno := pod.GetAnnotations()
-	anno["example-mutating-admission-webhhok"] = "foo"
-	pod.SetAnnotations(anno)
-	return nil
-}
-
-// podValidator validates Pods
-type podValidator struct {
-	client  client.Client
-	decoder admission.Decoder
-}
-
-// Implement admission.Handler so the controller can handle admission request.
-var _ admission.Handler = &podValidator{}
-
-// podValidator admits a pod iff a specific annotation exists.
-func (v *podValidator) Handle(_ context.Context, req admission.Request) admission.Response {
-	pod := &corev1.Pod{}
-
-	err := v.decoder.Decode(req, pod)
-	if err != nil {
-		return admission.ErrorResponse(http.StatusBadRequest, err)
-	}
-
-	allowed, reason, err := validatePodsFn(pod)
-	if err != nil {
-		return admission.ErrorResponse(http.StatusInternalServerError, err)
-	}
-	return admission.ValidationResponse(allowed, reason)
-}
-
-func validatePodsFn(pod *corev1.Pod) (bool, string, error) {
-	anno := pod.GetAnnotations()
-	key := "example-mutating-admission-webhhok"
-	_, found := anno[key]
-	if found {
-		return found, "", nil
-	} else {
-		return found, fmt.Sprintf("failed to find annotation with key: %v", key), nil
-	}
-}

example/mutatingwebhook.go

@@ -0,0 +1,65 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	corev1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+// podAnnotator annotates Pods
+type podAnnotator struct {
+	client  client.Client
+	decoder admission.Decoder
+}
+
+// Implement admission.Handler so the controller can handle admission request.
+var _ admission.Handler = &podAnnotator{}
+
+// podAnnotator adds an annotation to every incoming pods.
+func (a *podAnnotator) Handle(ctx context.Context, req admission.Request) admission.Response {
+	pod := &corev1.Pod{}
+
+	err := a.decoder.Decode(req, pod)
+	if err != nil {
+		return admission.ErrorResponse(http.StatusBadRequest, err)
+	}
+	copy := pod.DeepCopy()
+
+	err = mutatePodsFn(ctx, copy)
+	if err != nil {
+		return admission.ErrorResponse(http.StatusInternalServerError, err)
+	}
+	return admission.PatchResponse(pod, copy)
+}
+
+// mutatePodsFn add an annotation to the given pod
+func mutatePodsFn(ctx context.Context, pod *corev1.Pod) error {
+	v, ok := ctx.Value(admission.StringKey("foo")).(string)
+	if !ok {
+		return fmt.Errorf("the value associated with %v is expected to be a string", "foo")
+	}
+	anno := pod.GetAnnotations()
+	anno["example-mutating-admission-webhook"] = v
+	pod.SetAnnotations(anno)
+	return nil
+}