为什么 admission webhook 在 kubebuilder 书中的 CronJob 示例中不起作用
why admission webhook is not working in the CronJob example from kubebuilder book
我正在关注 KubeBuilder 书中的 CronJob 示例:https://book.kubebuilder.io/cronjob-tutorial/cronjob-tutorial.html
中的代码
在 运行 make run 之后,显示了这样的日志:
INFO controller-runtime.metrics metrics server is starting to listen {"addr": ":8080"}
INFO controller-runtime.builder Registering a mutating webhook {"GVK": "batch.tutorial.kubebuilder.io/v1, Kind=CronJob", "path": "/ilder-io-v1-cronjob"}
INFO controller-runtime.webhook registering webhook {"path": "/mutate-batch-tutorial-kubebuilder-io-v1-cronjob"}
INFO controller-runtime.builder Registering a validating webhook {"GVK": "batch.tutorial.kubebuilder.io/v1, Kind=CronJob", "path": "/builder-io-v1-cronjob"}
INFO controller-runtime.webhook registering webhook {"path": "/validate-batch-tutorial-kubebuilder-io-v1-cronjob"}
INFO setup starting manager
INFO controller-runtime.manager starting metrics server {"path": "/metrics"}
INFO controller-runtime.webhook.webhooks starting webhook server
INFO controller-runtime.controller Starting EventSource {"controller": "cronjob", "source": "kind source: /, Kind="}
INFO controller-runtime.certwatcher Updated current TLS certificate
INFO controller-runtime.webhook serving webhook server {"host": "", "port": 9443}
INFO controller-runtime.certwatcher Starting certificate watcher
INFO controller-runtime.controller Starting EventSource {"controller": "cronjob", "source": "kind source: /, Kind="}
INFO controller-runtime.controller Starting Controller {"controller": "cronjob"}
INFO controller-runtime.controller Starting workers {"controller": "cronjob", "worker count": 1}
从日志中可以很容易看出,controller 和 admission webhook 都已按预期成功启动。
为了测试 admissionWebhook 是否正常工作,我使 CronJob 计划无效,如下所示:
-*- * * * *,
应用配置后:kubectl apply -f config/samples/batch_v1_cronjob.yaml,
没有显示来自 webhook 的日志,唯一显示 cronjob 计划无效的日志来自控制器的代码:
2020-02-22T15:45:17.665+0800 ERROR controllers.Captain unable to figure out CronJob schedule {"cronjob": "default/cronjob-sample", "error": "Unparseable schedule \"-*- * * * *\": Failed to parse int from : strconv.Atoi: parsing \"\": invalid syntax"}
github.com/go-logr/zapr.(*zapLogger).Error
/Users/my-name/.go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
tutorial.kubebuilder.io/project/controllers.(*CronJobReconciler).Reconcile
/Users/my-name/tmp/kubebuilder/docs/book/src/cronjob-tutorial/testdata/project/controllers/cronjob_controller.go:380
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:256
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
/Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
/Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
/Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
/Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:88
为什么 webhook 不起作用?
您必须创建 ValidatingWebhookConfiguration 才能配置 apiserver 以将验证请求转发到您的 webhook。您可以在这里找到它:https://github.com/kubernetes-sigs/kubebuilder/blob/master/docs/book/src/cronjob-tutorial/testdata/project/config/webhook/manifests.yaml
我正在关注 KubeBuilder 书中的 CronJob 示例:https://book.kubebuilder.io/cronjob-tutorial/cronjob-tutorial.html
中的代码在 运行 make run 之后,显示了这样的日志:
INFO controller-runtime.metrics metrics server is starting to listen {"addr": ":8080"}
INFO controller-runtime.builder Registering a mutating webhook {"GVK": "batch.tutorial.kubebuilder.io/v1, Kind=CronJob", "path": "/ilder-io-v1-cronjob"}
INFO controller-runtime.webhook registering webhook {"path": "/mutate-batch-tutorial-kubebuilder-io-v1-cronjob"}
INFO controller-runtime.builder Registering a validating webhook {"GVK": "batch.tutorial.kubebuilder.io/v1, Kind=CronJob", "path": "/builder-io-v1-cronjob"}
INFO controller-runtime.webhook registering webhook {"path": "/validate-batch-tutorial-kubebuilder-io-v1-cronjob"}
INFO setup starting manager
INFO controller-runtime.manager starting metrics server {"path": "/metrics"}
INFO controller-runtime.webhook.webhooks starting webhook server
INFO controller-runtime.controller Starting EventSource {"controller": "cronjob", "source": "kind source: /, Kind="}
INFO controller-runtime.certwatcher Updated current TLS certificate
INFO controller-runtime.webhook serving webhook server {"host": "", "port": 9443}
INFO controller-runtime.certwatcher Starting certificate watcher
INFO controller-runtime.controller Starting EventSource {"controller": "cronjob", "source": "kind source: /, Kind="}
INFO controller-runtime.controller Starting Controller {"controller": "cronjob"}
INFO controller-runtime.controller Starting workers {"controller": "cronjob", "worker count": 1}
从日志中可以很容易看出,controller 和 admission webhook 都已按预期成功启动。
为了测试 admissionWebhook 是否正常工作,我使 CronJob 计划无效,如下所示:
-*- * * * *,
应用配置后:kubectl apply -f config/samples/batch_v1_cronjob.yaml,
没有显示来自 webhook 的日志,唯一显示 cronjob 计划无效的日志来自控制器的代码:
2020-02-22T15:45:17.665+0800 ERROR controllers.Captain unable to figure out CronJob schedule {"cronjob": "default/cronjob-sample", "error": "Unparseable schedule \"-*- * * * *\": Failed to parse int from : strconv.Atoi: parsing \"\": invalid syntax"}
github.com/go-logr/zapr.(*zapLogger).Error
/Users/my-name/.go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
tutorial.kubebuilder.io/project/controllers.(*CronJobReconciler).Reconcile
/Users/my-name/tmp/kubebuilder/docs/book/src/cronjob-tutorial/testdata/project/controllers/cronjob_controller.go:380
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:256
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
/Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
/Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
/Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
/Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:88
为什么 webhook 不起作用?
您必须创建 ValidatingWebhookConfiguration 才能配置 apiserver 以将验证请求转发到您的 webhook。您可以在这里找到它:https://github.com/kubernetes-sigs/kubebuilder/blob/master/docs/book/src/cronjob-tutorial/testdata/project/config/webhook/manifests.yaml