webhook.go

Documentation: github.com/linkerd/linkerd2/viz/tap/injector

     1  package injector
     2  
     3  import (
     4  	"bytes"
     5  	"context"
     6  	"html/template"
     7  
     8  	"github.com/linkerd/linkerd2/controller/k8s"
     9  	"github.com/linkerd/linkerd2/controller/webhook"
    10  	vizLabels "github.com/linkerd/linkerd2/viz/pkg/labels"
    11  	log "github.com/sirupsen/logrus"
    12  	admissionv1beta1 "k8s.io/api/admission/v1beta1"
    13  	corev1 "k8s.io/api/core/v1"
    14  	"k8s.io/client-go/tools/record"
    15  	"sigs.k8s.io/yaml"
    16  )
    17  
    18  // Params holds the values used in the patch template.
    19  type Params struct {
    20  	ProxyPath       string
    21  	ProxyTapSvcName string
    22  }
    23  
    24  // Mutate mutates an AdmissionRequest and adds the LINKERD2_PROXY_TAP_SVC_NAME
    25  // env var to a pod's proxy container if tap is not disabled via annotation on the
    26  // pod or the namespace.
    27  func Mutate(tapSvcName string) webhook.Handler {
    28  	return func(
    29  		_ context.Context,
    30  		k8sAPI *k8s.MetadataAPI,
    31  		request *admissionv1beta1.AdmissionRequest,
    32  		_ record.EventRecorder,
    33  	) (*admissionv1beta1.AdmissionResponse, error) {
    34  		log.Debugf("request object bytes: %s", request.Object.Raw)
    35  		admissionResponse := &admissionv1beta1.AdmissionResponse{
    36  			UID:     request.UID,
    37  			Allowed: true,
    38  		}
    39  		var pod *corev1.Pod
    40  		if err := yaml.Unmarshal(request.Object.Raw, &pod); err != nil {
    41  			return nil, err
    42  		}
    43  		params := Params{
    44  			ProxyPath:       webhook.GetProxyContainerPath(pod.Spec),
    45  			ProxyTapSvcName: tapSvcName,
    46  		}
    47  		if params.ProxyPath == "" || vizLabels.IsTapEnabled(pod) {
    48  			return admissionResponse, nil
    49  		}
    50  		namespace, err := k8sAPI.Get(k8s.NS, request.Namespace)
    51  		if err != nil {
    52  			return nil, err
    53  		}
    54  		var t *template.Template
    55  		if vizLabels.IsTapDisabled(namespace) || vizLabels.IsTapDisabled(pod) {
    56  			return admissionResponse, nil
    57  		}
    58  		t, err = template.New("tpl").Parse(tpl)
    59  		if err != nil {
    60  			return nil, err
    61  		}
    62  		var patchJSON bytes.Buffer
    63  		if err = t.Execute(&patchJSON, params); err != nil {
    64  			return nil, err
    65  		}
    66  		patchType := admissionv1beta1.PatchTypeJSONPatch
    67  		admissionResponse.Patch = patchJSON.Bytes()
    68  		admissionResponse.PatchType = &patchType
    69  		return admissionResponse, nil
    70  	}
    71  }
    72
View as plain text