k-space
/
harbor-operator
9
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Activity

Exclude CNI namespaces from mutation
continuous-integration/drone Build is passing Details

This commit is contained in:
Lauri Võsandi 2022-12-23 08:40:54 +02:00
parent 700af5259b
commit 7077d75395
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
app/harbor-operator.py
View File

@ -10,6 +10,7 @@ from sanic.response import json
from image_mutation import mutate_image from image_mutation import mutate_image
from harbor_wrapper import Harbor from harbor_wrapper import Harbor
mutation_excluded_namespaces = set(["tigera-operator", "calico-system", "kube-system"])
harbor = Harbor(os.environ["HARBOR_URI"]) harbor = Harbor(os.environ["HARBOR_URI"])
cached_registries = set() cached_registries = set()
app = Sanic("admission_control") app = Sanic("admission_control")
@ -18,17 +19,21 @@ app = Sanic("admission_control")
@app.post("/") @app.post("/")
async def admission_control_handler(request): async def admission_control_handler(request):
patches = [] patches = []
for index, container in enumerate(request.json["request"]["object"]["spec"]["containers"]): pod_namespace = request.json["request"]["object"]["metadata"]["namespace"]
mutated_image = mutate_image(container["image"], harbor.hostname, cached_registries) pod_name = request.json["request"]["object"]["metadata"].get("name", "")
patches.append({ pod_ref = "%s/%s" % (pod_namespace, pod_name)
"op": "replace", if pod_namespace in mutation_excluded_namespaces:
"path": "/spec/containers/%d/image" % index, print("Pod %s not mutated by namespace exclusion" % pod_ref)
"value": mutated_image, else:
}) for index, container in enumerate(request.json["request"]["object"]["spec"]["containers"]):
print("Substituting %s with %s for pod %s/%s" % ( mutated_image = mutate_image(container["image"], harbor.hostname, cached_registries)
container["image"], mutated_image, patches.append({
request.json["request"]["object"]["metadata"]["namespace"], "op": "replace",
request.json["request"]["object"]["metadata"]["name"])) "path": "/spec/containers/%d/image" % index,
"value": mutated_image,
})
print("Substituting %s with %s for pod %s" % (
container["image"], mutated_image, pod_ref))
response = { response = {
"apiVersion": "admission.k8s.io/v1", "apiVersion": "admission.k8s.io/v1",
"kind": "AdmissionReview", "kind": "AdmissionReview",