summaryrefslogtreecommitdiffhomepage
path: root/webhook
diff options
context:
space:
mode:
Diffstat (limited to 'webhook')
-rw-r--r--webhook/BUILD28
-rw-r--r--webhook/pkg/cli/BUILD17
-rw-r--r--webhook/pkg/cli/cli_state_autogen.go3
-rw-r--r--webhook/pkg/injector/BUILD34
-rw-r--r--webhook/pkg/injector/certs.go97
-rwxr-xr-xwebhook/pkg/injector/gencerts.sh71
-rw-r--r--webhook/pkg/injector/injector_state_autogen.go3
7 files changed, 103 insertions, 150 deletions
diff --git a/webhook/BUILD b/webhook/BUILD
deleted file mode 100644
index 33c585504..000000000
--- a/webhook/BUILD
+++ /dev/null
@@ -1,28 +0,0 @@
-load("//images:defs.bzl", "docker_image")
-load("//tools:defs.bzl", "go_binary", "pkg_tar")
-
-package(licenses = ["notice"])
-
-docker_image(
- name = "webhook_image",
- data = ":files",
- statements = ['ENTRYPOINT ["/webhook"]'],
-)
-
-# files is the full file system of the webhook container. It is simply:
-# /
-# └─ webhook
-pkg_tar(
- name = "files",
- srcs = [":webhook"],
- extension = "tgz",
- strip_prefix = "/third_party/gvisor/webhook",
-)
-
-go_binary(
- name = "webhook",
- srcs = ["main.go"],
- pure = "on",
- static = "on",
- deps = ["//webhook/pkg/cli"],
-)
diff --git a/webhook/pkg/cli/BUILD b/webhook/pkg/cli/BUILD
deleted file mode 100644
index ac093c556..000000000
--- a/webhook/pkg/cli/BUILD
+++ /dev/null
@@ -1,17 +0,0 @@
-load("//tools:defs.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "cli",
- srcs = ["cli.go"],
- visibility = ["//:sandbox"],
- deps = [
- "//pkg/log",
- "//webhook/pkg/injector",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/util/net:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- "@io_k8s_client_go//rest:go_default_library",
- ],
-)
diff --git a/webhook/pkg/cli/cli_state_autogen.go b/webhook/pkg/cli/cli_state_autogen.go
new file mode 100644
index 000000000..e81991e0b
--- /dev/null
+++ b/webhook/pkg/cli/cli_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package cli
diff --git a/webhook/pkg/injector/BUILD b/webhook/pkg/injector/BUILD
deleted file mode 100644
index d296981be..000000000
--- a/webhook/pkg/injector/BUILD
+++ /dev/null
@@ -1,34 +0,0 @@
-load("//tools:defs.bzl", "go_library")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "injector",
- srcs = [
- "certs.go",
- "webhook.go",
- ],
- visibility = ["//:sandbox"],
- deps = [
- "//pkg/log",
- "@com_github_mattbaird_jsonpatch//:go_default_library",
- "@io_k8s_api//admission/v1beta1:go_default_library",
- "@io_k8s_api//admissionregistration/v1beta1:go_default_library",
- "@io_k8s_api//core/v1:go_default_library",
- "@io_k8s_apimachinery//pkg/api/errors:go_default_library",
- "@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
- "@io_k8s_client_go//kubernetes:go_default_library",
- ],
-)
-
-genrule(
- name = "certs",
- srcs = [":gencerts"],
- outs = ["certs.go"],
- cmd = "$$(cut -d ' ' -f 1 <<< \"$(locations :gencerts)\") $@",
-)
-
-sh_binary(
- name = "gencerts",
- srcs = ["gencerts.sh"],
-)
diff --git a/webhook/pkg/injector/certs.go b/webhook/pkg/injector/certs.go
new file mode 100644
index 000000000..18fd0d6dc
--- /dev/null
+++ b/webhook/pkg/injector/certs.go
@@ -0,0 +1,97 @@
+package injector
+
+// This file was generated using openssl by the gencerts.sh script.
+
+var caKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA3cyvyg1gJD049FMCKtSpeCjIxoFfNevkZa55PcEhoqE5cEVW
+135SFY3HGTk8T5u1k9pJ9slD5CB25lI+9Z6nC7JSZNgi8HTgsDkQ1q4j8q0KJyuK
+0HkU9JJKGrobCcvPnYm4FPq1uFlKa1Wyrmh6873AHtgcRPMC8an0rNssFT5He1Hy
+u3afM2NVOiX41Nj5n8PFPLBpBaXM3pzAafnA+pMC5QDQHxNsoQvi9o22UDfs0rxX
+Y5Seb60bSqMLTpSUgm/djN8t/AoSJ5UsPQ7ZuK2ztoM3yg+rlnPKKS62aab8pGwO
+6+AVsMcCckFZAmxyevHOf5jo75FWl74szLUr1wIDAQABAoIBAGM3IJt9iDgtusBw
+MVP/dR9u/wDs9i4kqzJg7ZMWRXl+LTdvjP0wYH+LwDgkRjpGKN9Oki92sIvnichV
+mhw9L/QnfHvnwxlU7v1lSYb+ts3jYdtLuviucRVGKyfxgA7NwL1z0Yhw7cDdEFEb
+MKabzgQiKUKi4WJmYjbAE9cO45VMRUZgaDVFevmaNZmsjsARqU2NQF6CEFP5mx9/
+9UpgF57JhKCfgVpkab3+eJXcm4BEwwrZSAq/xP9v33X77WfQJQDs0l3SYwGt1wPe
+hzLT24vmn+eS9FnXx2xHR3K0GxYNc9qG8V1QIScZ+uUGX6vEulkJCBw0gkfqPBSM
+4bY5J8ECgYEA+H0NCcuUKTU0nAwM9Jff9aBqKXPlib4QbHo6V6cGMJc5Gk+I0Q9N
+FbhoG+DrWYrx0rMAOsr4yMeA1x4F7Sop8JAepWWduHF7N+8irQew5dOt9ArXeqZJ
+YlPukD0MoPRQ0+bZzucZwMkx/BTob0KetDTQCnwc9wUUL5ByCwKb34kCgYEA5IEZ
+7Hw3r/MHkvfMTqIORp2GRFKIubZdHNQQEqyehxJW1v7Zv1VN737n1UxJ8X5mLG44
+FkYJV22Ert5OfwoiyGdiwqBrnLJny4AKK4FHDZHqyuYVVQHbTYVRQNI4G93Xc83/
+r5T8jlX3uAakAYSGQjAqoLlJurA4uaOibHEteF8CgYEA2CGUtJ9g2FLR1qTYo+px
+vyhvDm0jCqLJkEDj/Bdn193AqjThkM1ZQ/ooe48vxauH2LcfDQQ8Tg7Q7srLZtSU
+tAv2y+/Ntn7mKOmT5KJa6BwtIqZHdAOsspzEVKr1EA5RO26Apmj2Smv1UQgyf4uX
+lLCW/3eijezZ+OEPgKodP9kCgYAuVYNVMab1FZmekoKqGzA732s/ZWD2D2V4GAQe
+VURb7TsQo2Kx6nFANAJ8fNitkEzVi4/x7Eeuo7V44/kUx5BgBJ7BClhn0ME9QXxO
+cAthVApBFECVGShH4tWkCDx6YhRzFf1XtCU2E3aEqUwORroWp7+tEYVCxsLp2aVw
+yc5HjwKBgDCkQwiSrpPC8rcPCeKSGpJgC1st3ThuqItqDATY4cGxjV3fpnAxpr5J
+XRCTIxyrqfJ8lGq+okUbkYdfYCqXKsvuwifM2pum0V97YInpEJGEAuFFI5Mzwuo6
+uZXHBnX6cA593DXpJ4F7y5qyCuJvQ8Wtezlw0QAgb4AhO6/WGP8a
+-----END RSA PRIVATE KEY-----`)
+
+var caCert = []byte(`-----BEGIN CERTIFICATE-----
+MIICqzCCAZMCFB8Qu5Q4ML3PmZKR6B+bXUpf64gDMA0GCSqGSIb3DQEBCwUAMBEx
+DzANBgNVBAMMBmUyZV9jYTAgFw0yMDEyMjgyMjA1MjJaGA8yMjk0MTAxMzIyMDUy
+MlowETEPMA0GA1UEAwwGZTJlX2NhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEA3cyvyg1gJD049FMCKtSpeCjIxoFfNevkZa55PcEhoqE5cEVW135SFY3H
+GTk8T5u1k9pJ9slD5CB25lI+9Z6nC7JSZNgi8HTgsDkQ1q4j8q0KJyuK0HkU9JJK
+GrobCcvPnYm4FPq1uFlKa1Wyrmh6873AHtgcRPMC8an0rNssFT5He1Hyu3afM2NV
+OiX41Nj5n8PFPLBpBaXM3pzAafnA+pMC5QDQHxNsoQvi9o22UDfs0rxXY5Seb60b
+SqMLTpSUgm/djN8t/AoSJ5UsPQ7ZuK2ztoM3yg+rlnPKKS62aab8pGwO6+AVsMcC
+ckFZAmxyevHOf5jo75FWl74szLUr1wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA8
+SlIIe0hzGpBSJKk0BvRSeZdWaK98hGUtEVprbKnDiQoDSnMigDmR3y+zylt2BHTD
+dYs6GnQKfPnYoG/QoYWbKDZn4+/SxWzHuv/EiDWCBn1VgcEbCWaZ5Wj+xwAkh0xX
+YJxXNHV4LdsAnNakLGy93nLS7nCbv9aFut/h9eoJwol6P8lgwQt/8pFEXg3KoWwp
+hNykxf98fBO5Ne/4iJYZBW5wtGvNrL37Mm9lMqxbE9j/cg+/WFuNqGpsOEVEHDeB
++2AKpu257qLi/49P8oCDxc6GjtezSMdJF4WHsCqPo1llhshggH9veSg616jYg0JZ
+qt7afvXmpgI4NR3VGykF
+-----END CERTIFICATE-----`)
+
+var serverKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAui25Ry5pLUnBnTwvq2CNSYJ6eI0R3judLIvYC5Aks3l5WaNb
+t0VHwC4FO7uFfI3oMnmEkmrtNseoUBWuYRjx0CNaX+fxpu3gjktdRzz1L4OVw6y5
+DMk7BggvCJZiRa8TmICWhc9kygzeP8w4u8ALMyvbrdY1J3VS9CAdJ4UDWiIfOTd5
+buWIswkD8dBKPm8ReF/71Wx0kAumP+FZcZuQFmCd1GQtnFCwECo5h+u+JT2G8HxS
+RUaPqUlv+/Cwsg9Poz4T0ZjKcJ5TuNy9IrPOQMKvSQOxGhSLvoJoXxFU5Zl3G0l/
+3101jNDkUztFcq9ZFdBQH4+mQC4Pm1qs0BExWQIDAQABAoIBAGgmZ/1v8xqIpi0F
+nE0syB0VRtnlYNeHVdezq3pceouEKuSARDB0Kz1RAVB3CKey4vBJlmYqNuVsL7YN
+Su26fJvJCyeXo1GUxQgVFOtjKG4aGE/McgC7Ga+4KEePiQ4ecMHhPVNBv8pgBHyA
+DETLm/hWUqAessGOGofC50xSVpu2gppbOSdFWhg8J7xXH/pM2Sfu1nPUSoXj2dbv
+NJqzYfSb8yLNcEUyDD1idc7foSyiR2MpIUD5Emt5BblfRn+IxkwWbl7rGiiV/eDb
+cqJ35FYrH/dSLdAOQZcbTl7XU7QahCHVy9h1ZnCYdCdzs5jaRed++7hKgf0gb12/
+Tgcr9eECgYEA31upQa9bs350NnG7R4nIEjlZPDA3qCtvkHCZ3WeYsjFas+bqdafZ
+gemTyF4ame1yQUjYHDhM1jdLreuNox+IBaiB2MhLUncgS9ACOPOpCzBE5/nkvLcQ
+V2AmXOU4PgvS9aNWftuKH7K6zEwzM+9za2IIzWHirVxqHqhN/JCedm0CgYEA1WMY
+EuPYTxWeQe0wFlhVzlHkyDOUFPvk+PrGMimoK7lTc5frWP/qOzZdGw6ofOHsrV2t
+UE4Q5bKnrkzZpfF/lMzTbIjIV8IwLzdfMPp4+K1eWv1996cuXl32Vp9x7EYsZU/T
+vNWBrLhlPp1UDAGiznMD+PMCDC2yAZS49BMUgx0CgYAHeHlgyQy4JDKe3470BZe7
+hE+Hw9UYutswaZO75Asnap8uBTsyVDriLX3T5dHd9CMuK9GOoBNx1sehOY+zNQrH
+pasyJQDf8TwTTRHF9eBhj2u+lo0gAr95LK4bzU7kRGD59kyeUZl9Fe1JiALuacPi
+g5Tnya5bPgwOmnKBUBT8wQKBgF373EGNqtsCOYbt8e0VkQ1jUnG/DezEGVB0G1FC
+ubgwUwopklXLuZ3EzvM43IrMcxLUnJ4vFBAnROVnIcGOAVRHdqNqB1tnwxM4vyty
+Vk+pBFLtLUsjji+wEOyMI4AeVDV3GFoma4voV2dhof/7xHpLfCds2K0Gf01k9KVD
+thgdAoGBAMRnY2IA8RToEtopYY1SuQDwtBH0gzlijqVD6WN0DiaRhK5d7Xx9PlU6
+jFLsAHj7Oztle6yT5lm1mRgASl0jLdMZTZZSexpe7LePojB6Zdn34UHyvM5DMEUM
+1JIFLvceR/E/WMM1H81xaaNB79ltU1v8i/Cx42maqrRrLTbvcznC
+-----END RSA PRIVATE KEY-----`)
+
+var serverCert = []byte(`-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIUNrCSHg2blnKqaMVGNO+HRNZ7QlYwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGZTJlX2NhMCAXDTIwMTIyODIyMDUyMloYDzIyOTQxMDEz
+MjIwNTIyWjA1MTMwMQYDVQQDDCpndmlzb3ItaW5qZWN0aW9uLWFkbWlzc2lvbi13
+ZWJob29rLmUyZS5zdmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+LblHLmktScGdPC+rYI1Jgnp4jRHeO50si9gLkCSzeXlZo1u3RUfALgU7u4V8jegy
+eYSSau02x6hQFa5hGPHQI1pf5/Gm7eCOS11HPPUvg5XDrLkMyTsGCC8IlmJFrxOY
+gJaFz2TKDN4/zDi7wAszK9ut1jUndVL0IB0nhQNaIh85N3lu5YizCQPx0Eo+bxF4
+X/vVbHSQC6Y/4Vlxm5AWYJ3UZC2cULAQKjmH674lPYbwfFJFRo+pSW/78LCyD0+j
+PhPRmMpwnlO43L0is85Awq9JA7EaFIu+gmhfEVTlmXcbSX/fXTWM0ORTO0Vyr1kV
+0FAfj6ZALg+bWqzQETFZAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEA205iWv792e2gWOpF07/Xn8AW4NAZCR/AvqJjq0AwtQCTpM1yaiFNW30X0/2T
+sXHW2o/C7KS0eeDn2cBPWelYxSxs/+on636M5ftMDLUOLxWlbisFwul6TBwHSAt8
+V1XjA7OtRtEGAkH9F5e1KIKt5A4vxtQZG14n8JIZFLe1FOPekyWb6eEotTjd3QX6
+9XuIemhMNed+6Oa00aNfZfrAv/HU+opk2fRQuY1n07F8Iyf8UiH42W5Pys9OAXWA
+7kIggfMDV8kjFrnSokjMR8sNOwNn5/UsEhTnk6sdRhtQXMRYvZb/agYd1ApvyfTG
+SdmZhIvl56IGkmJ8UiKrPeP0AQ==
+-----END CERTIFICATE-----`)
diff --git a/webhook/pkg/injector/gencerts.sh b/webhook/pkg/injector/gencerts.sh
deleted file mode 100755
index f7fda4b63..000000000
--- a/webhook/pkg/injector/gencerts.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-
-# Copyright 2020 The gVisor Authors.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-# Generates the a CA cert, a server key, and a server cert signed by the CA.
-# reference:
-# https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testcerts/gencerts.sh
-set -euo pipefail
-
-# Do all the work in TMPDIR, then copy out generated code and delete TMPDIR.
-declare -r OUTDIR="$(readlink -e .)"
-declare -r TMPDIR="$(mktemp -d)"
-cd "${TMPDIR}"
-function cleanup() {
- cd "${OUTDIR}"
- rm -rf "${TMPDIR}"
-}
-trap cleanup EXIT
-
-declare -r CN_BASE="e2e"
-declare -r CN="gvisor-injection-admission-webhook.e2e.svc"
-
-cat > server.conf << EOF
-[req]
-req_extensions = v3_req
-distinguished_name = req_distinguished_name
-[req_distinguished_name]
-[ v3_req ]
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-extendedKeyUsage = clientAuth, serverAuth
-EOF
-
-declare -r OUTFILE="${TMPDIR}/certs.go"
-
-# We depend on OpenSSL being present.
-
-# Create a certificate authority.
-openssl genrsa -out caKey.pem 2048
-openssl req -x509 -new -nodes -key caKey.pem -days 100000 -out caCert.pem -subj "/CN=${CN_BASE}_ca" -config server.conf
-
-# Create a server certificate.
-openssl genrsa -out serverKey.pem 2048
-# Note the CN is the DNS name of the service of the webhook.
-openssl req -new -key serverKey.pem -out server.csr -subj "/CN=${CN}" -config server.conf
-openssl x509 -req -in server.csr -CA caCert.pem -CAkey caKey.pem -CAcreateserial -out serverCert.pem -days 100000 -extensions v3_req -extfile server.conf
-
-echo "package injector" > "${OUTFILE}"
-echo "" >> "${OUTFILE}"
-echo "// This file was generated using openssl by the gencerts.sh script." >> "${OUTFILE}"
-for file in caKey caCert serverKey serverCert; do
- DATA=$(cat "${file}.pem")
- echo "" >> "${OUTFILE}"
- echo "var $file = []byte(\`$DATA\`)" >> "${OUTFILE}"
-done
-
-# Copy generated code into the output directory.
-cp "${OUTFILE}" "${OUTDIR}/$1"
diff --git a/webhook/pkg/injector/injector_state_autogen.go b/webhook/pkg/injector/injector_state_autogen.go
new file mode 100644
index 000000000..2c994b7c9
--- /dev/null
+++ b/webhook/pkg/injector/injector_state_autogen.go
@@ -0,0 +1,3 @@
+// automatically generated by stateify.
+
+package injector
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-01 03:14:20 +0000