operator-framework/josdk-webhooks

# kubernetes-webhooks-framework 支持在 Java 中为 Kubernetes 实现 [dynamic admission controllers](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) 和 [conversion hooks](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/#webhook-conversion) 的框架和工具。同时支持 **quarkus** 和 **spring boot**。支持 **sync** 和 **async** 两种编程模型。 ## 文档 **如需更详细的文档，请查看 [docs](docs)。** ## 示例用法 向您的项目添加依赖： ``` io.javaoperatorsdk kubernetes-webhooks-framework-core ${josdk.webhooks.version} ``` ### Dynamic Admission Controllers 定义一个 mutation 或 validation 控制器非常简单： ``` @Singleton @Named(MUTATING_CONTROLLER) public AdmissionController mutatingController() { return new AdmissionController<>((resource, operation) -> { if (resource.getMetadata().getLabels() == null) { resource.getMetadata().setLabels(new HashMap<>()); } resource.getMetadata().getLabels().putIfAbsent(APP_NAME_LABEL_KEY, "mutation-test"); return resource; }); } @Singleton @Named(VALIDATING_CONTROLLER) public AdmissionController validatingController() { return new AdmissionController<>((resource, oldResource, operation) -> { if (resource.getMetadata().getLabels() == null || resource.getMetadata().getLabels().get(APP_NAME_LABEL_KEY) == null) { throw new NotAllowedException("Missing label: " + APP_NAME_LABEL_KEY); } }); } ``` 可以在 endpoint 中直接使用： ``` @POST @Path(MUTATE_PATH) @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public AdmissionReview mutate(AdmissionReview admissionReview) { return mutationController.handle(admissionReview); } @POST @Path(VALIDATE_PATH) @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public AdmissionReview validate(AdmissionReview admissionReview) { return validationController.handle(admissionReview); } ``` 详情请参阅示例。 ### Conversion Hooks Conversion hooks 遵循 [Kuberbuilder](https://book.kubebuilder.io/multiversion-tutorial/conversion-concepts.html) 中描述的相同模式，因此首先将 custom resource 从当前版本转换为 hub，下一步再从 hub 转换为目标资源版本。 要创建控制器，请注册 [mappers](https://github.com/java-operator-sdk/kubernetes-webhooks-framework/blob/main/core/src/main/java/io/javaoperatorsdk/webhook/conversion/Mapper.java)： ``` @Singleton public ConversionController conversionController() { var controller = new ConversionController(); controller.registerMapper(new V1Mapper()); controller.registerMapper(new V2Mapper()); return controller; } ``` 并在 endpoint 中使用这些控制器： ``` @PostMapping(CONVERSION_PATH) @ResponseBody public ConversionReview convert(@RequestBody ConversionReview conversionReview) { return conversionController.handle(conversionReview); } ```

标签：API安全, JSON输出, JS文件枚举, Operator, Quarkus, Spring Boot, Streamlit, T1098.001, Webhook, 力导向图, 动态准入控制, 后端开发, 子域名突变, 数据科学, 校验控制器, 编程框架, 自定义资源, 访问控制, 资源变更, 资源验证, 转换钩子