Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor(kube-api-rewriter): rewrite owner refs #105

Closed
wants to merge 12 commits into from
Closed

refactor(kube-api-rewriter): rewrite owner refs #105

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
67f50ad
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 22, 2024
60de76f
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 22, 2024
5bd5b3c
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 23, 2024
65315dd
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 26, 2024
7aab8ab
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 27, 2024
d788f61
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 27, 2024
384e816
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 27, 2024
7c2347e
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 27, 2024
6de5e49
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 28, 2024
34b3250
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 28, 2024
3b72081
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 28, 2024
e0944ca
fix(kube-api-rewriter): add rewrite ownerReferences
LopatinDmitr May 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions images/kube-api-proxy/pkg/rewriter/rule_rewriter.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,6 @@ func (rw *RuleBasedRewriter) rewriteFieldSelector(rawQuery string) string {
func (rw *RuleBasedRewriter) RewriteJSONPayload(targetReq *TargetRequest, obj []byte, action Action) ([]byte, error) {
// Detect Kind
kind := gjson.GetBytes(obj, "kind").String()

var rwrBytes []byte
var err error

Expand Down Expand Up @@ -176,7 +175,7 @@ func (rw *RuleBasedRewriter) RewriteJSONPayload(targetReq *TargetRequest, obj []
rwrBytes, err = RewriteRoleOrList(rw.Rules, obj, action)

default:
if targetReq.IsCore() {
if targetReq.IsCore() || mustRewriteResource(kind) {
rwrBytes, err = RewriteOwnerReferences(rw.Rules, obj, action)
} else {
rwrBytes, err = RewriteCustomResourceOrList(rw.Rules, obj, action)
Expand Down Expand Up @@ -206,3 +205,13 @@ func (rw *RuleBasedRewriter) RewritePatch(targetReq *TargetRequest, obj []byte)

return obj, nil
}

func mustRewriteResource(kind string) bool {
switch kind {
case "PodDisruptionBudget", "PodDisruptionBudgetList",
"ControllerRevision", "ControllerRevisionList":
return true
}

return false
}
75 changes: 38 additions & 37 deletions images/kube-api-proxy/pkg/rewriter/target_request.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ func (tr *TargetRequest) RawQuery() string {
// ShouldRewriteRequest returns true if incoming payload should
// be rewritten.
func (tr *TargetRequest) ShouldRewriteRequest() bool {

// Consider known webhook should be rewritten. Unknown paths will be passed as-is.
if tr.webhookRule != nil {
return true
Expand All @@ -126,28 +127,12 @@ func (tr *TargetRequest) ShouldRewriteRequest() bool {
if tr.targetEndpoint == nil {
// Pass resources without rules as is, except some special types.

if tr.originEndpoint.IsCore {
switch tr.originEndpoint.ResourceType {
case "pods":
return true
}
}

switch tr.originEndpoint.ResourceType {
case "mutatingwebhookconfigurations",
"validatingwebhookconfigurations",
"clusterroles",
"roles":
return true
}

// Rewrite request body when creating CRD.
if tr.originEndpoint.ResourceType == "customresourcedefinitions" && tr.originEndpoint.Name == "" {
return true
}

// Should not rewrite request if path is not rewritten.
return false
return shouldRewriteResource(tr.originEndpoint.ResourceType, tr.originEndpoint.IsCore)
}
}

Expand All @@ -171,16 +156,6 @@ func (tr *TargetRequest) ShouldRewriteResponse() bool {
return false
}

// Some core resources should be rewritten.
if tr.originEndpoint.IsCore {
switch tr.originEndpoint.ResourceType {
case "pods":
return true
// pods should be rewritten
}
return false
}

if tr.originEndpoint.IsCRD {
// Rewrite CRD List.
if tr.originEndpoint.Name == "" {
Expand All @@ -203,16 +178,7 @@ func (tr *TargetRequest) ShouldRewriteResponse() bool {
return true
}

// Rewrite special resources.
switch tr.originEndpoint.ResourceType {
// Webhook configurations should be rewritten.
case "mutatingwebhookconfigurations",
"validatingwebhookconfigurations",
"clusterroles":
return true
}

return false
return shouldRewriteResource(tr.originEndpoint.ResourceType, tr.originEndpoint.IsCore)
}

func (tr *TargetRequest) ResourceForLog() string {
Expand Down Expand Up @@ -276,3 +242,38 @@ func (tr *TargetRequest) ResourceForLog() string {

return "UNKNOWN"
}

func shouldRewriteResource(kind string, isCore bool) bool {
// Some core resources should be rewritten.
if isCore {
switch kind {
case "pods",
"configmaps",
"secrets",
"services",
"serviceaccounts":

return true
}
return false
}

// Rewrite special resources.
switch kind {
case "mutatingwebhookconfigurations",
"validatingwebhookconfigurations",
"clusterroles",
"roles",
"rolebindings",
"clusterrolebindings",
"deployments",
"statefulsets",
"daemonsets",
"poddisruptionbudgets",
"controllerrevisions":

return true
}

return false
}