Created
March 4, 2022 00:11
-
-
Save Yapcheekian/e6c0c94d4ed1f6dd5df1de77ec1761f4 to your computer and use it in GitHub Desktop.
Revisions
-
Yap created this gist
Mar 4, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,58 @@ package validate import ( "encoding/json" "log" "net/http" "regexp" admission "k8s.io/api/admission/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func Validation(w http.ResponseWriter, r *http.Request) { ar := new(admission.AdmissionReview) err := json.NewDecoder(r.Body).Decode(ar) if err != nil { handleError(w, nil, err) return } response := &admission.AdmissionResponse{ UID: ar.Request.UID, Allowed: true, } pod := &corev1.Pod{} if err := json.Unmarshal(ar.Request.Object.Raw, pod); err != nil { handleError(w, ar, err) return } re := regexp.MustCompile(`(?m)(nginx|nginx:\S+)`) for _, c := range pod.Spec.Containers { if !re.MatchString(c.Image) { response.Allowed = false break } } responseAR := &admission.AdmissionReview{ TypeMeta: metav1.TypeMeta{ Kind: "AdmissionReview", APIVersion: "admission.k8s.io/v1", }, Response: response, } json.NewEncoder(w).Encode(responseAR) } func handleError(w http.ResponseWriter, ar *admission.AdmissionReview, err error) { if err != nil { log.Println("[Error]", err.Error()) } response := &admission.AdmissionResponse{ Allowed: false, } if ar != nil { response.UID = ar.Request.UID } ar.Response = response json.NewEncoder(w).Encode(ar) }
Yap
created
this gist