summaryrefslogtreecommitdiffhomepage
path: root/webhook
diff options
context:
space:
mode:
Diffstat (limited to 'webhook')
-rw-r--r--webhook/BUILD28
-rw-r--r--webhook/pkg/cli/BUILD17
-rw-r--r--webhook/pkg/cli/cli_state_autogen.go3
-rw-r--r--webhook/pkg/injector/BUILD34
-rw-r--r--webhook/pkg/injector/certs.go97
-rwxr-xr-xwebhook/pkg/injector/gencerts.sh71
-rw-r--r--webhook/pkg/injector/injector_state_autogen.go3
7 files changed, 103 insertions, 150 deletions
diff --git a/webhook/BUILD b/webhook/BUILD
deleted file mode 100644
index 33c585504..000000000
--- a/webhook/BUILD
+++ /dev/null
@@ -1,28 +0,0 @@
-load("//images:defs.bzl", "docker_image")
-load("//tools:defs.bzl", "go_binary", "pkg_tar")
-
-package(licenses = ["notice"])
-
-docker_image(
- name = "webhook_image",
- data = ":files",
- statements = ['ENTRYPOINT ["/webhook"]'],
-)
-
-# files is the full file system of the webhook container. It is simply:
-# /
-# └─ webhook
-pkg_tar(
- name = "files",
- srcs = [":webhook"],
- extension = "tgz",
- strip_prefix = "/third_party/gvisor/webhook",
-)
-
-go_binary(
- name = "webhook",
- srcs = ["main.go"],
- pure = "on",
- static = "on",
- deps = ["//webhook/pkg/cli"],
-)
diff --git a/webhook/pkg/cli/BUILD b/webhook/pkg/cli/BUILD
deleted file mode 100644
index ac093c556..000000000
--- a/webhook/pkg/cli/BUILD
+++ /dev/null
@@ -1,17 +0,0 @@
-load("//tools:defs.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "cli",
- srcs = ["cli.go"],
- visibility = ["//:sandbox"],
- deps = [
- "//pkg/log",
- "//webhook/pkg/injector",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/util/net:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- "@io_k8s_client_go//rest:go_default_library",
- ],
-)
diff --git a/webhook/pkg/cli/cli_state_autogen.go b/webhook/pkg/cli/cli_state_autogen.go
new file mode 100644
index 000000000..e81991e0b
--- /dev/null
+++ b/webhook/pkg/cli/cli_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package cli
diff --git a/webhook/pkg/injector/BUILD b/webhook/pkg/injector/BUILD
deleted file mode 100644
index d296981be..000000000
--- a/webhook/pkg/injector/BUILD
+++ /dev/null
@@ -1,34 +0,0 @@
-load("//tools:defs.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "injector",
- srcs = [
- "certs.go",
- "webhook.go",
- ],
- visibility = ["//:sandbox"],
- deps = [
- "//pkg/log",
- "@com_github_mattbaird_jsonpatch//:go_default_library",
- "@io_k8s_api//admission/v1beta1:go_default_library",
- "@io_k8s_api//admissionregistration/v1beta1:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- ],
-)
-
-genrule(
- name = "certs",
- srcs = [":gencerts"],
- outs = ["certs.go"],
- cmd = "$$(cut -d ' ' -f 1 <<< \"$(locations :gencerts)\") $@",
-)
-
-sh_binary(
- name = "gencerts",
- srcs = ["gencerts.sh"],
-)
diff --git a/webhook/pkg/injector/certs.go b/webhook/pkg/injector/certs.go
new file mode 100644
index 000000000..d237d5354
--- /dev/null
+++ b/webhook/pkg/injector/certs.go
@@ -0,0 +1,97 @@
+package injector
+
+// This file was generated using openssl by the gencerts.sh script.
+
+var caKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAzSQsvx5GdE42kwGrZO1WgEGTsR42S+9/BHi0cyElEpgyGwHt
+smJdmU1eDed73+Hy23Yy+Pz/WgaroinE65WrV3CeNKCYpvz4EqXF5R4VfGuXaBu7
+79+B98yH6L2UK18MNsTUcrQEvT1lJYHH6s/Zoc0kJFR9j956MPbjc3evKpREEOEO
+NYM0SJaUSJgoxoGDxB1ym035m9kDtv5sfogW+jevwVncYPcGcBBl4W9ccdRYG+UW
+AR9ZqlW2EaluzxkEMunvVH+gDlH0ZBkpOnIyEIGo998C/xT5bXnb6BmcCu+f++gM
+h6lxpkj5FxBYClMfDIZ92lGJWOy3yGg8J3LxZwIDAQABAoIBAB2NRYjuspWUotYA
+mpE6g4iMadtND+NWiAS74rrnHnEUTbuIRpa5BuTLuW3lV/oDkbm9yFAIGjz80wLU
+Y5LQh9Nb3N6V+AeuT4pYKS79a3j2AuSzghpnJ1DsPPPxQ4QP+DF3n2c6uagNTSHf
+FU6lTKO7aqZ1KXVtRksBdfivWCOY4CAd76j/CExzNWxmWhJg2ds3aRsGeZrQxeWI
++OgHqo40qRNAtEqs1x1lLa3oLGM4KCVDAKeACMdFHhYfPLsdc3WciEnIS8eZinkW
+q9f+CyrwFJzUTc++NuNSDcQ+hmXIZlUv7rNMNVCOlEdFyxqMr3wa2ZkphRNaxVtf
+K9c++bkCgYEA9EujEEwJSDuDi6U2ceBVCoH8w2PopQqC28T5p+c9KQarsyNdFkqK
+bn0CzQCKJR5tjl7Ai/yv/nddSYDoDszYYifo5MiUPlGBrcRKqo0K7MN7NuYWWyVQ
+Ody9cLdYkjoc2oYkFgYo32EbQSUf7F/aotPBnXhBFMMioBx4sR5xzT0CgYEA1vhM
+quKmw3kJHOCPm9FZ1P04IX9fWQiwnz8Vz9Edd7P0WQewzsgOWEZ0Cd4bP/cOu7Vp
+JPF2XyZWV+yBoT1jFOBnyRuQHzmzO6AS6OYh9V004UYQtkZkxLrgILjy3BcV9gka
++wA3ek5mnKS9FIib1+D1h73EQO7XftfgRWrsq3MCgYASOlqOar3+j8I+9zLayFxQ
+DmbnxVqkheZBs67VImHj38WL9kWJ1kICAH3nAfVM07pk9xjy2QXgvNNPGrk18X7r
+xAKSn4zAIaDFcHIJy8BW7jcRX5Wnc19LEfdoo6WOM5vXik7C/e6qzDoWYEjDgFt1
+7srxjvl8LRs2SymOPbFMGQKBgFxxpM6r71kKOMABVeCFE+ODDVtiYgdwtDuXLnMT
+E2ABtCeBJiiWYYzWp1oC+Kb2QJC6P8ASUnwyiVkALPLA6lX09szGHKFA9/HBMcCU
+DrBsZ6wkrFUmSnlLf8yynEXHa7tFSSP9gN4Izxm3wlQNNy+L3yqDkdz2mRdEEH7p
+r2M/AoGAUsuARMasHYJJESeftpMKXrLb7bDmMC7xgCEpavUpjHRfF1r2aaHlpzGt
+H60/NFiSmSagMu+hZnplWIlrVMLwhq8+w+WRf00C3ZtiD2Ute/Gc+UZOVeO+4dqX
+nyi/78KzitotjV0rTmaT6GKvP1QFuMuVEQ98UWgPRQFjb7gwvaE=
+-----END RSA PRIVATE KEY-----`)
+
+var caCert = []byte(`-----BEGIN CERTIFICATE-----
+MIICqzCCAZMCFCdriGGzKjFvuwFvDkgT70JT+SuoMA0GCSqGSIb3DQEBCwUAMBEx
+DzANBgNVBAMMBmUyZV9jYTAgFw0yMDEwMzAxOTA1NDFaGA8yMjk0MDgxNTE5MDU0
+MVowETEPMA0GA1UEAwwGZTJlX2NhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAzSQsvx5GdE42kwGrZO1WgEGTsR42S+9/BHi0cyElEpgyGwHtsmJdmU1e
+Ded73+Hy23Yy+Pz/WgaroinE65WrV3CeNKCYpvz4EqXF5R4VfGuXaBu779+B98yH
+6L2UK18MNsTUcrQEvT1lJYHH6s/Zoc0kJFR9j956MPbjc3evKpREEOEONYM0SJaU
+SJgoxoGDxB1ym035m9kDtv5sfogW+jevwVncYPcGcBBl4W9ccdRYG+UWAR9ZqlW2
+EaluzxkEMunvVH+gDlH0ZBkpOnIyEIGo998C/xT5bXnb6BmcCu+f++gMh6lxpkj5
+FxBYClMfDIZ92lGJWOy3yGg8J3LxZwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBf
+SSBuUjYn/YrffCPsAmQgk9kIZgGg2ByE3A4veIS+rm8yiBhchpRWgRdJoDAqixKJ
+6J9Tw9vHZZlfE8lNDrgGCKoIBS1zxZDqY2PVsvE2X+L+q3+US+GuvCBLNdI8Etcx
+ElJ10F3UZtOKwCoAPvq7+jM/jGZs7Tp2qQPamS1l0ToghxLYagLNeXC3Id70CPVF
+rUS5Kk9HNiLUTmoRnePH9fE0kQl7DUTPictNMSCsThm9B9KBZGDFURUmLeSnmwzC
+0DwW4HtPfNShzGswxjhXd/WSvS4PwGevUJtIeEHjpFlU6gN+YmYhr3CxgqQJhC2F
+uA1eJQ0tw1wePtiULOdW
+-----END CERTIFICATE-----`)
+
+var serverKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAyyHmOyiRpsoGBSKgA6THeRDlqxJj3hNpkpQQZAw98+ZRbpJ+
+AigPJ3ju9/c28KwhxKb7bmSAk0JqlK/VCkO98ZqaUadYvkrjg5yncKqKs48Rx8ld
+KOJbTeZPCgwxuzpJguFpTU7gzeY2Ws623/j9VWwCjKOt27ggN1JXw0cgoRDS9Jgj
+9TluE1UNfPLty/F32HyWb3NCgjSRW//3Sj/vCAVnbwJop639+lXskjljA/Zcx6ju
+JvVF/mhLl58H22NTWz28+qdCxeCypCDLIXOSDuQIXTvmSU5MkHMAxxdZEagAP7ZW
+mk9RtCAAmFsSdY1Gs929kSsqNSw380kVoJFM7wIDAQABAoIBAGnK2fFti43mIYSD
+J/s90nWHC1YxWbnLOmyQmIjCp3FjPn3r5ZyR6HKSVULnicGGpH+ax9ASn7QSHxgZ
+C0cxSLeP4VctZNaWgi+FYt8Wsu4ZURVQFii42vyTOg7tkukDzk1PwFv2/LW/dAeP
+KUc0khvvCNTeWinYl064n+SgIqo+/w8kFNRf1FS1JbTbXcxy+dvRBbGhKZ+wcpEO
+qSBCFAbbA+M8e1eyu51TAvz3yxhil2csFaRJaLloXmsCB82aqditdo2mJolD8aIf
+pkz/HLxEDRDtte231rC7UrbeFP68wyfI688PudndAPnW8qm9SSonBp4yA6BjOEgA
+h/xewkECgYEA72o76NqLHaAemcZRQUh0m9lJtMdC6beaaAFyP6rc9g1T4pRbiXfB
+X4QVDcmH2qG8xcYTuPMXZJYMBwlGVKy7XQ9BCbGcKD/y818M7odQAgLUoxr9gtFO
+5a0RnaCpxEpW63RAjXghCX1KjD7Yt1P1hhHvmtsrqj2IGwZVxun7omcCgYEA2TQ7
+vWVZUM5YXX9cgFLCkJU+NekPWeUjP/5KcDKrF9+cDCwpiZ9c8tMlt4M4TCuFKha1
+H3qd2bTLks3D/jfJt7B3WdQX8VX/i81kroP1G54Ci4hs9X0dVwsWPQ/r076xdfbm
+tpAby2W79lLKHXGTh9CFRpVKwleIkSA/D352PDkCgYBIQzNj/BrDTWIPHgnGf50a
+sUIK+53Zt142iEE4sFTTO4CXQhpC6s+GCfLk33BO8ERvGXM4fr8P0C4/LXB5/Ezt
+ML57s40jpPGqvYTEtjjS8pHFzU65Xn3G2y8W+bhkE+AaX1Ngn+Kw341RuWJmK0RP
+PDiq7/5E+x+KsKXRTSxzfwKBgF6GXc1B0wnYkxo1eCMcYTIc0RMTFywvDRUnbGvB
+kTX1iWq+uWD8Kq4+d7aSc6iqc+xqL27ApPt+s+1ygO4chzvan0ZHiBfuLiVAQKW2
+JbBcJo1k1M5NIbykxYvTZvUikwZcafFfa8krwA4l33HK4MKFW8ro470J7RQDbY4n
+ofr5AoGBAKCpQC0Lue7PeH5aTBKFO4G3CpSutvjdH1A3kJ8NPsO1pfC0Ye4ep45n
+4X4NM1xLjS4h5YltrL2dTCBQcwZTHmOmmNAt5d349XclrYYwnBlOi8FV9QgsPglY
+hwbWUeiHC7gUdYXfkcXWKb7C84uXNJVy2u0YP0HQh2PA84XFzeET
+-----END RSA PRIVATE KEY-----`)
+
+var serverCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIUSwGRpMB/h++K/U2elCgWnjYl89MwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZTJlX2NhMCAXDTIwMTAzMDE5MDU0MVoYDzIyOTQwODE1
+MTkwNTQxWjA1MTMwMQYDVQQDDCpndmlzb3ItaW5qZWN0aW9uLWFkbWlzc2lvbi13
+ZWJob29rLmUyZS5zdmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL
+IeY7KJGmygYFIqADpMd5EOWrEmPeE2mSlBBkDD3z5lFukn4CKA8neO739zbwrCHE
+pvtuZICTQmqUr9UKQ73xmppRp1i+SuODnKdwqoqzjxHHyV0o4ltN5k8KDDG7OkmC
+4WlNTuDN5jZazrbf+P1VbAKMo63buCA3UlfDRyChENL0mCP1OW4TVQ188u3L8XfY
+fJZvc0KCNJFb//dKP+8IBWdvAminrf36VeySOWMD9lzHqO4m9UX+aEuXnwfbY1Nb
+Pbz6p0LF4LKkIMshc5IO5AhdO+ZJTkyQcwDHF1kRqAA/tlaaT1G0IACYWxJ1jUaz
+3b2RKyo1LDfzSRWgkUzvAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAlvnL1PjLGvv0IgMlWJVPj4c+g3jgg0j6fiK6+7oKSf2Y6wk/7DFRKL4yd23b
+BTOzBkAJ0i5J0BQxOSEX0I8qX5b7FxCxwkHVZue3h13//zeFbPqaywwk9uVEkhbR
+BKevOaSHjqcC7ci3W0ksl+icBEEmMYvgYqBIB5cZt/Dueam84a1voIZaa32rIOQe
+Sivy4NvBGryJPNHs2VmjNdA6g3Zre+tsymwlBLxN03RQ0VWZf+eE3yjuBnKBRyua
+rSf8GvwoJrWLl0Q71p8JGG8cPTjHmTwaR8D63yN2QTmINAfXS15zG/PuHsFQ9rpW
+JDNmoyI0GR9zyL1M1ZtIZpRuNQ==
+-----END CERTIFICATE-----`)
diff --git a/webhook/pkg/injector/gencerts.sh b/webhook/pkg/injector/gencerts.sh
deleted file mode 100755
index f7fda4b63..000000000
--- a/webhook/pkg/injector/gencerts.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-
-# Copyright 2020 The gVisor Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Generates the a CA cert, a server key, and a server cert signed by the CA.
-# reference:
-# https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testcerts/gencerts.sh
-set -euo pipefail
-
-# Do all the work in TMPDIR, then copy out generated code and delete TMPDIR.
-declare -r OUTDIR="$(readlink -e .)"
-declare -r TMPDIR="$(mktemp -d)"
-cd "${TMPDIR}"
-function cleanup() {
- cd "${OUTDIR}"
- rm -rf "${TMPDIR}"
-}
-trap cleanup EXIT
-
-declare -r CN_BASE="e2e"
-declare -r CN="gvisor-injection-admission-webhook.e2e.svc"
-
-cat > server.conf << EOF
-[req]
-req_extensions = v3_req
-distinguished_name = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, serverAuth
-EOF
-
-declare -r OUTFILE="${TMPDIR}/certs.go"
-
-# We depend on OpenSSL being present.
-
-# Create a certificate authority.
-openssl genrsa -out caKey.pem 2048
-openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=${CN_BASE}_ca" -config server.conf
-
-# Create a server certificate.
-openssl genrsa -out serverKey.pem 2048
-# Note the CN is the DNS name of the service of the webhook.
-openssl req -new -key serverKey.pem -out server.csr -subj "/CN=${CN}" -config server.conf
-openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf
-
-echo "package injector" > "${OUTFILE}"
-echo "" >> "${OUTFILE}"
-echo "// This file was generated using openssl by the gencerts.sh script." >> "${OUTFILE}"
-for file in caKey caCert serverKey serverCert; do
- DATA=$(cat "${file}.pem")
- echo "" >> "${OUTFILE}"
- echo "var $file = []byte(\`$DATA\`)" >> "${OUTFILE}"
-done
-
-# Copy generated code into the output directory.
-cp "${OUTFILE}" "${OUTDIR}/$1"
diff --git a/webhook/pkg/injector/injector_state_autogen.go b/webhook/pkg/injector/injector_state_autogen.go
new file mode 100644
index 000000000..2c994b7c9
--- /dev/null
+++ b/webhook/pkg/injector/injector_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package injector
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 18:37:38 +0000