summaryrefslogtreecommitdiffhomepage
path: root/webhook/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'webhook/pkg')
-rw-r--r--webhook/pkg/cli/BUILD17
-rw-r--r--webhook/pkg/cli/cli_state_autogen.go3
-rw-r--r--webhook/pkg/injector/BUILD34
-rw-r--r--webhook/pkg/injector/certs.go97
-rwxr-xr-xwebhook/pkg/injector/gencerts.sh71
-rw-r--r--webhook/pkg/injector/injector_state_autogen.go3
6 files changed, 103 insertions, 122 deletions
diff --git a/webhook/pkg/cli/BUILD b/webhook/pkg/cli/BUILD
deleted file mode 100644
index ac093c556..000000000
--- a/webhook/pkg/cli/BUILD
+++ /dev/null
@@ -1,17 +0,0 @@
-load("//tools:defs.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "cli",
- srcs = ["cli.go"],
- visibility = ["//:sandbox"],
- deps = [
- "//pkg/log",
- "//webhook/pkg/injector",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/util/net:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- "@io_k8s_client_go//rest:go_default_library",
- ],
-)
diff --git a/webhook/pkg/cli/cli_state_autogen.go b/webhook/pkg/cli/cli_state_autogen.go
new file mode 100644
index 000000000..e81991e0b
--- /dev/null
+++ b/webhook/pkg/cli/cli_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package cli
diff --git a/webhook/pkg/injector/BUILD b/webhook/pkg/injector/BUILD
deleted file mode 100644
index d296981be..000000000
--- a/webhook/pkg/injector/BUILD
+++ /dev/null
@@ -1,34 +0,0 @@
-load("//tools:defs.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "injector",
- srcs = [
- "certs.go",
- "webhook.go",
- ],
- visibility = ["//:sandbox"],
- deps = [
- "//pkg/log",
- "@com_github_mattbaird_jsonpatch//:go_default_library",
- "@io_k8s_api//admission/v1beta1:go_default_library",
- "@io_k8s_api//admissionregistration/v1beta1:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- ],
-)
-
-genrule(
- name = "certs",
- srcs = [":gencerts"],
- outs = ["certs.go"],
- cmd = "$$(cut -d ' ' -f 1 <<< \"$(locations :gencerts)\") $@",
-)
-
-sh_binary(
- name = "gencerts",
- srcs = ["gencerts.sh"],
-)
diff --git a/webhook/pkg/injector/certs.go b/webhook/pkg/injector/certs.go
new file mode 100644
index 000000000..440db30db
--- /dev/null
+++ b/webhook/pkg/injector/certs.go
@@ -0,0 +1,97 @@
+package injector
+
+// This file was generated using openssl by the gencerts.sh script.
+
+var caKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAu4AXM3ZOIR91/j0aHH0Xozn/0W0iYbIMy3AKUQGp687GBdjv
+pQEifm0mIfUh0C/K/edbkfkrPIk418ie6t+rZmdJPEySykIUEg9MXmDtc5ulIbmp
+DoUq1VuVmDfp/n0yBEIQ0HzSrelYBxSSCKbQkm1q5mikCnowBdncPpgJdcsp1llS
+id/WoneqYW9DYmGDDyzRgmmsr/Rt2bay7NNtex0PqjNlXD6vs+CRMrmPEHhwrFC3
+6XJ52M9ikd8mCiuDT41HnoLUeGl7QCMRq1RzbFmOjMCwHyz2RzzrxpUyWR9Rnlk9
+XoEOACUR6v81jtpTDgKoFAnbq0US0cmp32oLDwIDAQABAoIBAQCUmjdJJRlU7R9S
+CVE5hPcH+b7DV7BpJ3k2fyzd+OiYKIAPQFjmOJkDBDS1sxdCba5/Py726TkYOFVh
+x/ITioPInFGRxcqNHIPVsGRBZKas+o2Mxh2zkV1aTcSpKJ9+f/D1KPs0kclT5l1K
+90WqL7OcabXQuNxSJXcMHBePUGYnASt2IUIsztdZ+MLtcJAdP/OoTruDyHh5yYZZ
+wNN3KsCZIIC92gAYBMrMbxzke9k2aDWOhqWCsyRk/NgGwBdL6sbSyS2K3SWySMuN
+Jg342+DvgKE63i9XuFkIEaW//i6SVXXGnJWUG+Qit31JFH7nEg5mM1EshVPbzPTk
+/KNrWOf5AoGBANubGdUad7c3M4Nl3rMVkMBumHwA2ZYaxKWqxxJPLTonlbEFtIeZ
+wQafPj0lWE40cYy6w6TiJ5rYP36fizriSUG0F1iSVbU56UdRP8+XX3ksj/PKr6YK
+SZmc2vZkAIIfhewCLOgywH7p8gdkt/AoQ69yNdM1JTp15a9Tv1OF2b+7AoGBANqS
+5VpcyUBQWabRCuuKXonvuhz2PUK6QpWLedI/X2Bt23QUnTyqhLRWKUOJzO0y8SFp
+CSnK1EqyqczkbGdq2Cdeg0OjWtexSX2SmvLy14ojyPNIzK7A+qQsbp3CkmiW1GrM
+sbOYilZiYjfj3rbirsM6y6MOst41wgmWubeRY5q9AoGBAIf9AL8k97M9/KlGgOR2
+2z8+fTB0ukioZNON8F5XJ1OWxaxsMwGxZYV7QOhOYuNyuEoEMTi+TvYlKRR5KZea
+HvEP21EetPJXXSyrlI8xVo7L2IyIG8L/Jdp49mKTRHlPmfeu1S4ol2k/539KkFio
+JlnTqJ8Ujuwnq8apXpYTEecXAoGBAKp8FaUL5nXhtmvlda0O+nqAoBxi/JmFitX2
+OokBoTUnuxqp0ZM2NdgrtHfXjh4ds/MpaFpOuJOjE8qbCOsJbZwXni8txXej8vyd
+U3rYa8J18xG/4NcV8uoHNiibUXN+4iSDkL/S5WRHzPBnLppb6ZCh1aBToLSuHbE4
+/ZbvMk/JAoGAN7NkLVfR9XmzJe714jstC2buNqL6g0NMCHQ1i6IAkGgptzCduMSZ
+4MFB5lJPZKZkpWgTn+aM7LSawuz1xeYzoZvDP2yUyUyJCe8cAB68DkXBVXnG+CpG
+ASk03q8VJEhWVnV3jrXzm0MPBYmJaK4XcGkW7+0AnmtnBr1eprV57sk=
+-----END RSA PRIVATE KEY-----`)
+
+var caCert = []byte(`-----BEGIN CERTIFICATE-----
+MIICqzCCAZMCFGYzN5s8LzVSpR8+HpQpc4MxPCU5MA0GCSqGSIb3DQEBCwUAMBEx
+DzANBgNVBAMMBmUyZV9jYTAgFw0yMDEyMjkyMTA0MzZaGA8yMjk0MTAxNDIxMDQz
+NlowETEPMA0GA1UEAwwGZTJlX2NhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAu4AXM3ZOIR91/j0aHH0Xozn/0W0iYbIMy3AKUQGp687GBdjvpQEifm0m
+IfUh0C/K/edbkfkrPIk418ie6t+rZmdJPEySykIUEg9MXmDtc5ulIbmpDoUq1VuV
+mDfp/n0yBEIQ0HzSrelYBxSSCKbQkm1q5mikCnowBdncPpgJdcsp1llSid/Woneq
+YW9DYmGDDyzRgmmsr/Rt2bay7NNtex0PqjNlXD6vs+CRMrmPEHhwrFC36XJ52M9i
+kd8mCiuDT41HnoLUeGl7QCMRq1RzbFmOjMCwHyz2RzzrxpUyWR9Rnlk9XoEOACUR
+6v81jtpTDgKoFAnbq0US0cmp32oLDwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAf
+yZFwS/5b0L4H9nhR0WXuXwtecXrD0ll64AhmLF2RbSw8jx9SXM2iy70S+pIAs90z
+8kXk39D2tbLGW9cDHi64fONwLFFD68WnsmBL7+zIof+XBrBfQmmLlckKLnEINHRJ
+xu3kEz+OrBuK5e3oGTPUClTuAZVmNpeMymqEJRyz5OTgjcOgFQ+7zczCCfKBK0w7
+36dAs28XjYcF7EgXGDr/5XgDv0BFUQrKENc8kLQs6/F+PwADfqJfkn2M2Zm7BN7O
+P3lQVOLqgaCEhunP7xttGXRQEdr/c3ABGvg82jbxHXQa7/DM2cPEYcLe49AQ2kB9
+qVByW79BouDQY+15eZvf
+-----END CERTIFICATE-----`)
+
+var serverKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAnwbUnR9BgIr0gOCyuBojggmYojgxZgNsMFZX3ylXCEccLE/C
+aJnKthorhfA6u4Z1Vdr6w8s+uTd0KeA/QWDhRY3O2QGNI72Msd5MJH9EAbdnITRl
+zj3R0o4J1mxIo/QUA0oX4lj7FRrEUoGC6d9gH32GrYvc53sUgrF3XWHVS6k5OBMz
+LeSVJEqv1K+p5fq7zP7auzqTePTGCHixrmSUwBQfRP+1VS1FDWFVpKxka51EnJlh
+e6U1gv1dKUpITKuAXx+d4dDuGkTKXn360v8sixup30/vha2uJ5Tr12qr3UmQrSeh
+DblUBj5ml9olxPylCrDlZAr7RhHv5eEgIFxBkwIDAQABAoIBAQCLnLOMPaSD9Xoy
+qxI8Drads08NG8hChz60MRl0EhcWbVeOj3dd3abZuJ/9NqpZd/ILLfR5cDXg5Y5W
+NUlTXHppVdYDLhl7By49+atfX1uVJi6kOBwotJ1A/PImDWq4hdAME0Bktzm3jYhN
+5uXH7RO2kb1rHx8RGj0ngCYLFZjskoIhF7wTuUPUvLjH5F3TWGlH/qj4NDI+aBRg
+6qxzN4xRz6MTVHgMd8yRkGzm9cylf1SZT7SvNCAdtY+bYiweTWu7JQ6xn//YeSW8
+KV6+L/GoMY4L6t6RST8jBEW8QgRK7z49UuxFKsPzhI3K/lBJUA/hhehGXBxSVI7J
+KJIKccgBAoGBAMrECLXQvD59cVck3MIUasg3db7JmdX1QCdB4LtIS+373INbJwU0
+f8LnU7vt0sy0WbGrNHNWXei8cvXjUij4gzLCD+IXXTyA9avcUbZ7+BpYjmE3wpOA
+2PcngDUq1Scd331xiaiK3ce3YZ9/++rXr1ULETTipIw2sB3Esvc1od8xAoGBAMjH
+E3jmLMozzZxwei1WTebpE9rGNue3/AL4tzoJ9VfYmHon9kCjvVf2Xnq2shDnDO0a
+PQBgCtzJAc0kbkPGqPhukhw5TQfqNlpbF+3hpAvTSPwQqRO067UYRTnyUOOD9G2W
+qgfH87ZRYy3SngmhIH4xpQ5sBgfFIHaW0zM53+QDAoGASWpbQQF39yRSUlwtdjQQ
+SbgS8OZrxdVLyisHJKhTnbJwsDrj0PWmQLqjTcsZZTbztumnTw95Zxg8g50wFVeN
+oWY0fAc7ofmLehOGno0aUue3fanD0MZ5SFvMBvQgQ06EqhXe4uCM1pAmT6r2WpyH
+hkJAk6ZwL7hpYg3jQrDvkDECgYB7tp76+elTVoQ1BuFhmjI6PBft0AD42tdABXzx
+GD3CuUWKz6Dex4Xd84LX3kbuP1ApsOcxmfxXesvPWclPndNz8L27AlvCqsB/AG5I
+N6bbWn84QhPMfshWN/Q/9l19M0ujUxjF3qD/EDsqewLCMDRTTcfEkS9ODlsod1r/
+z4NzfQKBgBWYhkCQKHRvf1MHFdL3MoTpDA7ypmuU5KRUHlGtnxcgEVHxqG5zEp5w
+k7l9grx8VjM2Indn0eflGswGPSRd7YCtnZlaIWSMsZkhevA6wG2ii12ga03Bp2UN
+pBfLCKIkHfx7cLoPQGQTIgtaNVZuYFG98lNgfFPNBK22cz2u6UAo
+-----END RSA PRIVATE KEY-----`)
+
+var serverCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIUaV26BHvGsHHKp0uFKkXhqYGslhEwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZTJlX2NhMCAXDTIwMTIyOTIxMDQzNloYDzIyOTQxMDE0
+MjEwNDM2WjA1MTMwMQYDVQQDDCpndmlzb3ItaW5qZWN0aW9uLWFkbWlzc2lvbi13
+ZWJob29rLmUyZS5zdmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf
+BtSdH0GAivSA4LK4GiOCCZiiODFmA2wwVlffKVcIRxwsT8Jomcq2GiuF8Dq7hnVV
+2vrDyz65N3Qp4D9BYOFFjc7ZAY0jvYyx3kwkf0QBt2chNGXOPdHSjgnWbEij9BQD
+ShfiWPsVGsRSgYLp32AffYati9znexSCsXddYdVLqTk4EzMt5JUkSq/Ur6nl+rvM
+/tq7OpN49MYIeLGuZJTAFB9E/7VVLUUNYVWkrGRrnUScmWF7pTWC/V0pSkhMq4Bf
+H53h0O4aRMpeffrS/yyLG6nfT++Fra4nlOvXaqvdSZCtJ6ENuVQGPmaX2iXE/KUK
+sOVkCvtGEe/l4SAgXEGTAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAQzprGjKJMUf8aWaHId65uQv4CJUo0Gb5Jex8zdlFMcwKIt8FIuUwF3BiGCp2
+zB7Kd9ZX3AwIOsalZ043TuASweggu/mcCZ4qb+xhUHLO2UGp/uWGWSLV1207eQZD
+vg2pyltALnpL2NRJjTKkooIAAgvJSdq3kkCwK614VtY06CK8zbFfI77if/BvMkKC
+NSWRqmdUkRHXofmJty0rY6wN7tGfwj6jVnJAx98gTRhoW0mMC+toX+EYL3EDwGZS
+VZ+wVXRBYAAvNwKyNuDA+q5eYpPkuHCpv25MCX4fCVP18dnRPhcVsC4E2W1W+Ha3
+LddM4317tGMZVEZO4+OSdZbSgw==
+-----END CERTIFICATE-----`)
diff --git a/webhook/pkg/injector/gencerts.sh b/webhook/pkg/injector/gencerts.sh
deleted file mode 100755
index f7fda4b63..000000000
--- a/webhook/pkg/injector/gencerts.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-
-# Copyright 2020 The gVisor Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Generates the a CA cert, a server key, and a server cert signed by the CA.
-# reference:
-# https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testcerts/gencerts.sh
-set -euo pipefail
-
-# Do all the work in TMPDIR, then copy out generated code and delete TMPDIR.
-declare -r OUTDIR="$(readlink -e .)"
-declare -r TMPDIR="$(mktemp -d)"
-cd "${TMPDIR}"
-function cleanup() {
- cd "${OUTDIR}"
- rm -rf "${TMPDIR}"
-}
-trap cleanup EXIT
-
-declare -r CN_BASE="e2e"
-declare -r CN="gvisor-injection-admission-webhook.e2e.svc"
-
-cat > server.conf << EOF
-[req]
-req_extensions = v3_req
-distinguished_name = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, serverAuth
-EOF
-
-declare -r OUTFILE="${TMPDIR}/certs.go"
-
-# We depend on OpenSSL being present.
-
-# Create a certificate authority.
-openssl genrsa -out caKey.pem 2048
-openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=${CN_BASE}_ca" -config server.conf
-
-# Create a server certificate.
-openssl genrsa -out serverKey.pem 2048
-# Note the CN is the DNS name of the service of the webhook.
-openssl req -new -key serverKey.pem -out server.csr -subj "/CN=${CN}" -config server.conf
-openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf
-
-echo "package injector" > "${OUTFILE}"
-echo "" >> "${OUTFILE}"
-echo "// This file was generated using openssl by the gencerts.sh script." >> "${OUTFILE}"
-for file in caKey caCert serverKey serverCert; do
- DATA=$(cat "${file}.pem")
- echo "" >> "${OUTFILE}"
- echo "var $file = []byte(\`$DATA\`)" >> "${OUTFILE}"
-done
-
-# Copy generated code into the output directory.
-cp "${OUTFILE}" "${OUTDIR}/$1"
diff --git a/webhook/pkg/injector/injector_state_autogen.go b/webhook/pkg/injector/injector_state_autogen.go
new file mode 100644
index 000000000..2c994b7c9
--- /dev/null
+++ b/webhook/pkg/injector/injector_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package injector
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 14:02:20 +0000