From c77459c1cc578d434e5088208094004b0bfb6018 Mon Sep 17 00:00:00 2001 From: Lucas Caparelli Date: Tue, 18 May 2021 18:08:40 -0300 Subject: [PATCH] Make as much info available to templating as possible By ensuring the pod's namespace is present and passing the req's entire pod to the template, providing users with more options to what sort of info is available at injection time. Signed-off-by: Lucas Caparelli --- pkg/injectionwebhook/webhook.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/pkg/injectionwebhook/webhook.go b/pkg/injectionwebhook/webhook.go index 6f8fe01..70dd0fb 100644 --- a/pkg/injectionwebhook/webhook.go +++ b/pkg/injectionwebhook/webhook.go @@ -122,14 +122,11 @@ func (whsvr *WebhookServer) mutate(ar *v1beta1.AdmissionReview) (admissionRespon glog.Errorf("api=mutate, message=new AdmissionReview, Kind=%v, Namespace=%v, Name=%v (%v), UID=%v, patchOperation=%v, UserInfo=%v", req.Kind, req.Namespace, req.Name, pod.Name, req.UID, req.Operation, req.UserInfo) - sidecarConfig, err := sidecarconfig.RenderTemplate(corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ - Annotations: pod.Annotations, - }, - Spec: corev1.PodSpec{ - ServiceAccountName: pod.Spec.ServiceAccountName, - }, - }, whsvr.sidecarConfigTemplate) + // the pod might not have its namespace defined since it's still in admission, + // let's insert it from the req to expose as much data to templating as possible + pod.Namespace = req.Namespace + + sidecarConfig, err := sidecarconfig.RenderTemplate(pod, whsvr.sidecarConfigTemplate) if err != nil { glog.Errorf("api=mutate, reason=sidecarconfig.RenderTemplate, message=failed to render from template, err=%v", err) return &v1beta1.AdmissionResponse{