Skip to content

Commit 7a0eabf

Browse files
sharifelgamalsharifelgamal
committed
exclude kube-system from getting patches
1 parent 4a3da3d commit 7a0eabf

File tree

2 files changed

+76
-73
lines changed

2 files changed

+76
-73
lines changed

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
REGISTRY?=gcr.io/k8s-minikube
2-
VERSION=v0.0.2
2+
VERSION=v0.0.3-snapshot
33

44
build:
55
CGO_ENABLED=0 GOOS=linux go build -o out/gcp-auth-webhook -ldflags=$(PROVISIONER_LDFLAGS) server.go

server.go

Lines changed: 75 additions & 72 deletions
Original file line numberDiff line numberDiff line change
@@ -90,83 +90,86 @@ func mutateHandler(w http.ResponseWriter, r *http.Request) {
9090

9191
var patch []patchOperation
9292

93-
// Define the volume to mount in
94-
v := corev1.Volume{
95-
Name: "gcp-creds",
96-
VolumeSource: corev1.VolumeSource{
97-
HostPath: func() *corev1.HostPathVolumeSource {
98-
h := corev1.HostPathVolumeSource{
99-
Path: "/var/lib/minikube/google_application_credentials.json",
100-
Type: func() *corev1.HostPathType {
101-
hpt := corev1.HostPathFile
102-
return &hpt
103-
}(),
104-
}
105-
return &h
106-
}(),
107-
},
108-
}
93+
// Explicitly and silently exclude the kube-system namespace
94+
if pod.ObjectMeta.Namespace != metav1.NamespaceSystem {
95+
// Define the volume to mount in
96+
v := corev1.Volume{
97+
Name: "gcp-creds",
98+
VolumeSource: corev1.VolumeSource{
99+
HostPath: func() *corev1.HostPathVolumeSource {
100+
h := corev1.HostPathVolumeSource{
101+
Path: "/var/lib/minikube/google_application_credentials.json",
102+
Type: func() *corev1.HostPathType {
103+
hpt := corev1.HostPathFile
104+
return &hpt
105+
}(),
106+
}
107+
return &h
108+
}(),
109+
},
110+
}
109111

110-
// Mount the volume in
111-
mount := corev1.VolumeMount{
112-
Name: "gcp-creds",
113-
MountPath: "/google-app-creds.json",
114-
ReadOnly: true,
115-
}
112+
// Mount the volume in
113+
mount := corev1.VolumeMount{
114+
Name: "gcp-creds",
115+
MountPath: "/google-app-creds.json",
116+
ReadOnly: true,
117+
}
116118

117-
// Define the env var
118-
e := corev1.EnvVar{
119-
Name: "GOOGLE_APPLICATION_CREDENTIALS",
120-
Value: "/google-app-creds.json",
121-
}
122-
envVars := []corev1.EnvVar{e}
123-
124-
// If GOOGLE_CLOUD_PROJECT is set in the VM, set it for all GCP apps.
125-
if _, err := os.Stat("/var/lib/minikube/google_cloud_project"); err == nil {
126-
project, err := ioutil.ReadFile("/var/lib/minikube/google_cloud_project")
127-
if err == nil {
128-
// Set the project name for every variant of the project env var
129-
for _, a := range projectAliases {
130-
envVars = append(envVars, corev1.EnvVar{
131-
Name: a,
132-
Value: string(project),
133-
})
119+
// Define the env var
120+
e := corev1.EnvVar{
121+
Name: "GOOGLE_APPLICATION_CREDENTIALS",
122+
Value: "/google-app-creds.json",
123+
}
124+
envVars := []corev1.EnvVar{e}
125+
126+
// If GOOGLE_CLOUD_PROJECT is set in the VM, set it for all GCP apps.
127+
if _, err := os.Stat("/var/lib/minikube/google_cloud_project"); err == nil {
128+
project, err := ioutil.ReadFile("/var/lib/minikube/google_cloud_project")
129+
if err == nil {
130+
// Set the project name for every variant of the project env var
131+
for _, a := range projectAliases {
132+
envVars = append(envVars, corev1.EnvVar{
133+
Name: a,
134+
Value: string(project),
135+
})
136+
}
134137
}
135138
}
136-
}
137139

138-
patch = append(patch, patchOperation{
139-
Op: "add",
140-
Path: "/spec/volumes",
141-
Value: append(pod.Spec.Volumes, v),
142-
})
143-
144-
for i, c := range pod.Spec.Containers {
145-
if len(c.VolumeMounts) == 0 {
146-
patch = append(patch, patchOperation{
147-
Op: "add",
148-
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
149-
Value: []corev1.VolumeMount{mount},
150-
})
151-
} else {
152-
patch = append(patch, patchOperation{
153-
Op: "add",
154-
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
155-
Value: append(c.VolumeMounts, mount),
156-
})
157-
}
158-
if len(c.Env) == 0 {
159-
patch = append(patch, patchOperation{
160-
Op: "add",
161-
Path: fmt.Sprintf("/spec/containers/%d/env", i),
162-
Value: envVars,
163-
})
164-
} else {
165-
patch = append(patch, patchOperation{
166-
Op: "add",
167-
Path: fmt.Sprintf("/spec/containers/%d/env", i),
168-
Value: append(c.Env, envVars...),
169-
})
140+
patch = append(patch, patchOperation{
141+
Op: "add",
142+
Path: "/spec/volumes",
143+
Value: append(pod.Spec.Volumes, v),
144+
})
145+
146+
for i, c := range pod.Spec.Containers {
147+
if len(c.VolumeMounts) == 0 {
148+
patch = append(patch, patchOperation{
149+
Op: "add",
150+
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
151+
Value: []corev1.VolumeMount{mount},
152+
})
153+
} else {
154+
patch = append(patch, patchOperation{
155+
Op: "add",
156+
Path: fmt.Sprintf("/spec/containers/%d/volumeMounts", i),
157+
Value: append(c.VolumeMounts, mount),
158+
})
159+
}
160+
if len(c.Env) == 0 {
161+
patch = append(patch, patchOperation{
162+
Op: "add",
163+
Path: fmt.Sprintf("/spec/containers/%d/env", i),
164+
Value: envVars,
165+
})
166+
} else {
167+
patch = append(patch, patchOperation{
168+
Op: "add",
169+
Path: fmt.Sprintf("/spec/containers/%d/env", i),
170+
Value: append(c.Env, envVars...),
171+
})
172+
}
170173
}
171174
}
172175

0 commit comments

Comments
 (0)