Skip to content

Commit

Permalink
✨ add real healtchecks for the admission controller (#1041)
Browse files Browse the repository at this point in the history 
* add real healtchecks for the admission controller

Signed-off-by: Ivan Milchev <[email protected]>

* fix unit tests

Signed-off-by: Ivan Milchev <[email protected]>

---------

Signed-off-by: Ivan Milchev <[email protected]>
  • Loading branch information
@imilchev
imilchev authored Feb 28, 2024
1 parent 4156b63 commit 2f7053d
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 9 deletions.
5 changes: 2 additions & 3 deletions cmd/mondoo-operator/webhook/cmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"go.mondoo.com/mondoo-operator/pkg/version"
webhookhandler "go.mondoo.com/mondoo-operator/pkg/webhooks/handler"
"sigs.k8s.io/controller-runtime/pkg/client/config"
"sigs.k8s.io/controller-runtime/pkg/healthz"
"sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/manager"
"sigs.k8s.io/controller-runtime/pkg/manager/signals"
Expand Down Expand Up @@ -89,11 +88,11 @@ func init() {
}
hookServer.Register("/validate-k8s-mondoo-com", &webhook.Admission{Handler: webhookValidator})

if err := mgr.AddHealthzCheck("healthz", healthz.Ping); err != nil {
if err := mgr.AddHealthzCheck("healthz", webhookValidator.HealthChecker()); err != nil {
webhookLog.Error(err, "unable to set up health check")
return err
}
if err := mgr.AddReadyzCheck("readyz", healthz.Ping); err != nil {
if err := mgr.AddReadyzCheck("readyz", webhookValidator.HealthChecker()); err != nil {
webhookLog.Error(err, "unable to set up ready check")
return err
}
Expand Down
2 changes: 1 addition & 1 deletion controllers/admission/resources.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ func WebhookDeployment(ns, image string, m mondoov1alpha2.MondooAuditConfig, int
},
},
InitialDelaySeconds: int32(5),
PeriodSeconds: int32(10),
PeriodSeconds: int32(5),
},
Resources: corev1.ResourceRequirements{
Limits: corev1.ResourceList{
Expand Down
2 changes: 1 addition & 1 deletion pkg/client/scanapiclient/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ func NewClient(opts ScanApiClientOptions) (ScanApiClient, error) {
}

func (s *scanApiClient) HealthCheck(ctx context.Context, in *common.HealthCheckRequest) (*common.HealthCheckResponse, error) {
url := s.ApiEndpoint + common.HealthCheckEndpoint
url := s.ApiEndpoint + "/Scan/HealthCheck"

reqBodyBytes, err := json.Marshal(in)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion pkg/client/scanapiclient/fakeserver/fakeserver.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (

func FakeServer() *httptest.Server {
mux := http.NewServeMux()
mux.HandleFunc(common.HealthCheckEndpoint, func(w http.ResponseWriter, r *http.Request) {
mux.HandleFunc("/Scan/HealthCheck", func(w http.ResponseWriter, r *http.Request) {
result := &common.HealthCheckResponse{
Status: "SERVING",
}
Expand Down
19 changes: 16 additions & 3 deletions pkg/webhooks/handler/webhook.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package webhookhandler
import (
"context"
"fmt"
"net/http"
"reflect"

"google.golang.org/protobuf/types/known/structpb"
Expand All @@ -16,6 +17,7 @@ import (
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/healthz"
logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
"sigs.k8s.io/yaml"
Expand All @@ -24,6 +26,7 @@ import (

"go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory"
mondoov1alpha2 "go.mondoo.com/mondoo-operator/api/v1alpha2"
"go.mondoo.com/mondoo-operator/pkg/client/common"
"go.mondoo.com/mondoo-operator/pkg/client/scanapiclient"
"go.mondoo.com/mondoo-operator/pkg/constants"
"go.mondoo.com/mondoo-operator/pkg/feature_flags"
Expand Down Expand Up @@ -85,9 +88,14 @@ type NewWebhookValidatorOpts struct {
ExcludeNamespaces []string
}

type MondooWebhook interface {
admission.Handler
HealthChecker() healthz.Checker
}

// NewWebhookValidator will initialize a CoreValidator with the provided k8s Client and
// set it to the provided mode. Returns error if mode is invalid.
func NewWebhookValidator(opts *NewWebhookValidatorOpts) (admission.Handler, error) {
func NewWebhookValidator(opts *NewWebhookValidatorOpts) (MondooWebhook, error) {
webhookMode, err := wutils.ModeStringToAdmissionMode(opts.Mode)
if err != nil {
return nil, err
Expand All @@ -113,8 +121,6 @@ func NewWebhookValidator(opts *NewWebhookValidatorOpts) (admission.Handler, erro
}, nil
}

var _ admission.Handler = &webhookValidator{}

func (a *webhookValidator) Handle(ctx context.Context, req admission.Request) (response admission.Response) {
resource := fmt.Sprintf("%s/%s", req.Namespace, req.Name)
handlerlog.Info("Webhook triggered", "kind", req.Kind.Kind, "resource", resource)
Expand Down Expand Up @@ -251,6 +257,13 @@ func (a *webhookValidator) generateLabels(req admission.Request, obj runtime.Obj
return labels, nil
}

func (a *webhookValidator) HealthChecker() healthz.Checker {
return func(req *http.Request) error {
_, err := a.scanner.HealthCheck(req.Context(), &common.HealthCheckRequest{})
return err
}
}

func (a *webhookValidator) objFromRaw(rawObj runtime.RawExtension) (runtime.Object, error) {
obj, _, err := a.uniDecoder.Decode(rawObj.Raw, nil, nil)
if err != nil {
Expand Down

0 comments on commit 2f7053d

Please sign in to comment.