kubernetes-webhook-haskell-0.1.0.0: Create Kubernetes Admission Webhooks in Haskell

Copyright(c) Earnest Research 2020
LicenseMIT
Maintaineramarrella@earnestresearch.com
Stabilityexperimental
PortabilityPOSIX
Safe HaskellNone
LanguageHaskell2010

Kubernetes.Webhook

Description

This module lets you create Kubernetes Admission Webhooks.

Example with Servant (note: webhooks in Kubernetes require TLS):

  module Kubernetes.Example
      ( startApp,
        app,
      )
    where

  import Control.Monad.IO.Class
  import qualified Data.Aeson as A
  import qualified Data.ByteString as BS
  import qualified Data.HashMap.Strict as HM
  import Data.Text
  import GHC.Generics
  import qualified Kubernetes.Webhook as W
  import Network.Wai
  import Network.Wai.Handler.Warp
  import Network.Wai.Handler.WarpTLS
  import Servant
  import System.Environment

  type API =
    "mutate" :> ReqBody '[JSON] W.AdmissionReviewRequest :> Post '[JSON] W.AdmissionReviewResponse

  data Toleration
    = Toleration
        { effect :: Maybe TolerationEffect,
          key :: Maybe Text,
          operator :: Maybe TolerationOperator,
          tolerationSeconds :: Maybe Integer,
          value :: Maybe Text
        }
    deriving (Generic, A.ToJSON)

  data TolerationEffect = NoSchedule | PreferNoSchedule | NoExecute deriving (Generic, A.ToJSON)

  data TolerationOperator = Exists | Equal deriving (Generic, A.ToJSON)

  testToleration :: Toleration
  testToleration =
    Toleration
      { effect = Just NoSchedule,
        key = Just "dedicated",
        operator = Just Equal,
        tolerationSeconds = Nothing,
        value = Just "test"
      }

  startApp :: IO ()
  startApp = do
    let tlsOpts = tlsSettings "certstls.crt" "certstls.key"
        warpOpts = setPort 8080 defaultSettings
    runTLS tlsOpts warpOpts app

  app :: Application
  app = serve api server

  api :: Proxy API
  api = Proxy

  server :: Server API
  server = mutate

  mutate :: W.AdmissionReviewRequest -> Handler W.AdmissionReviewResponse
  mutate req = pure $ W.mutatingWebhook req (_ -> Right W.Allowed) addToleration

  addToleration :: W.Patch
  addToleration = 
    W.Patch
      [ W.PatchOperation
          { op = W.Add,
            path = "spectolerations/-",
            from = Nothing,
            value = Just $ A.toJSON testToleration
          }
      ]
Synopsis

Documentation

mutatingWebhook Source #

Arguments

:: AdmissionReviewRequest

the request the webhook receives from Kubernetes

-> (AdmissionRequest -> Either Status Allowed)

logic to validate the request or reject it with an error

-> Patch

the change to apply to the object

-> AdmissionReviewResponse

the response sent back to Kubernetes

Lets you create a mutating admission webhook

validatingWebhook Source #

Arguments

:: AdmissionReviewRequest

the request the webhook receives from Kubernetes

-> (AdmissionRequest -> Either Status Allowed)

logic to validate the request or reject it with an error

-> AdmissionReviewResponse

the response sent back to Kubernetes

Lets you create a validating admission webhook

data Allowed Source #

Constructors

Allowed