Kubernetes 为什么webhook在kubebuilder书中的CronJob示例中不起作用_Kubernetes_Webhooks_Kubebuilder

Kubernetes 为什么webhook在kubebuilder书中的CronJob示例中不起作用

kubernetes

Kubernetes 为什么webhook在kubebuilder书中的CronJob示例中不起作用,kubernetes,webhooks,kubebuilder,Kubernetes,Webhooks,Kubebuilder,我遵循KubeBuilder书中的CronJob示例：我直接使用来自的代码运行make run后，会显示如下日志： INFO controller-runtime.metrics metrics server is starting to listen {"addr": ":8080"} INFO controller-runtime.builder Registering a mutating webhook {"GVK": "batch.tutorial.kube

我遵循KubeBuilder书中的CronJob示例：

我直接使用来自的代码

运行

make run

后，会显示如下日志：

INFO    controller-runtime.metrics  metrics server is starting to listen    {"addr": ":8080"}
INFO    controller-runtime.builder  Registering a mutating webhook  {"GVK": "batch.tutorial.kubebuilder.io/v1, Kind=CronJob", "path": "/ilder-io-v1-cronjob"}
INFO    controller-runtime.webhook  registering webhook {"path": "/mutate-batch-tutorial-kubebuilder-io-v1-cronjob"}
INFO    controller-runtime.builder  Registering a validating webhook    {"GVK": "batch.tutorial.kubebuilder.io/v1, Kind=CronJob", "path": "/builder-io-v1-cronjob"}
INFO    controller-runtime.webhook  registering webhook {"path": "/validate-batch-tutorial-kubebuilder-io-v1-cronjob"}
INFO    setup   starting manager
INFO    controller-runtime.manager  starting metrics server {"path": "/metrics"}
INFO    controller-runtime.webhook.webhooks starting webhook server
INFO    controller-runtime.controller   Starting EventSource    {"controller": "cronjob", "source": "kind source: /, Kind="}
INFO    controller-runtime.certwatcher  Updated current TLS certificate
INFO    controller-runtime.webhook  serving webhook server  {"host": "", "port": 9443}
INFO    controller-runtime.certwatcher  Starting certificate watcher
INFO    controller-runtime.controller   Starting EventSource    {"controller": "cronjob", "source": "kind source: /, Kind="}
INFO    controller-runtime.controller   Starting Controller {"controller": "cronjob"}
INFO    controller-runtime.controller   Starting workers    {"controller": "cronjob", "worker count": 1}

从日志中很容易看出，控制器和准入webhook都已按预期成功启动

为了测试admissionWebhook是否工作，我将CronJob计划设置为无效，如下所示：

-***-***

应用配置后：

kubectl apply-f config/samples/batch\u v1\u cronjob.yaml

未显示来自webhook的日志，显示cronjob计划无效的唯一日志来自控制器代码：

2020-02-22T15:45:17.665+0800    ERROR   controllers.Captain unable to figure out CronJob schedule   {"cronjob": "default/cronjob-sample", "error": "Unparseable schedule \"-*- * * * *\": Failed to parse int from : strconv.Atoi: parsing \"\": invalid syntax"}
github.com/go-logr/zapr.(*zapLogger).Error
    /Users/my-name/.go/pkg/mod/github.com/go-logr/zapr@v0.1.0/zapr.go:128
tutorial.kubebuilder.io/project/controllers.(*CronJobReconciler).Reconcile
    /Users/my-name/tmp/kubebuilder/docs/book/src/cronjob-tutorial/testdata/project/controllers/cronjob_controller.go:380
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
    /Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:256
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
    /Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
    /Users/my-name/.go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
    /Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
    /Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
    /Users/my-name/.go/pkg/mod/k8s.io/apimachinery@v0.0.0-20190913080033-27d36303b655/pkg/util/wait/wait.go:88

那么为什么webhook不起作用呢？

您必须创建

验证webhook配置

，以便将apiserver配置为将验证请求转发到您的webhook。您可以在这里找到它：

也可以在这里找到相关的讨论：