Address PR review feedback: Set RecoverPanic to true for Gardener web…

…hooks
gardener · Sep 13, 2022 · a232723 · a232723
1 parent 0f8f8b0
commit a232723
Show file tree

Hide file tree

Showing 9 changed files with 21 additions and 14 deletions.
diff --git a/cmd/gardener-admission-controller/app/gardener_admission_controller.go b/cmd/gardener-admission-controller/app/gardener_admission_controller.go
@@ -187,12 +187,12 @@ func (o *options) run(ctx context.Context) error {
 
 	logSeedAuth := webhookLogger.WithName(seedauthorizer.AuthorizerName)
 	server.Register(seedauthorizer.WebhookPath, seedauthorizer.NewHandler(logSeedAuth, seedauthorizer.NewAuthorizer(logSeedAuth, graph)))
-	server.Register(seedrestriction.WebhookPath, &webhook.Admission{Handler: seedRestrictionHandler})
-	server.Register(namespacedeletion.WebhookPath, &webhook.Admission{Handler: namespaceValidationHandler})
-	server.Register(kubeconfigsecret.WebhookPath, &webhook.Admission{Handler: kubeconfigsecret.New(webhookLogger.WithName(kubeconfigsecret.HandlerName))})
-	server.Register(resourcesize.WebhookPath, &webhook.Admission{Handler: resourcesize.New(webhookLogger.WithName(resourcesize.HandlerName), o.config.Server.ResourceAdmissionConfiguration)})
-	server.Register(auditpolicy.WebhookPath, &webhook.Admission{Handler: auditpolicy.New(webhookLogger.WithName(auditpolicy.HandlerName))})
-	server.Register(internaldomainsecret.WebhookPath, &webhook.Admission{Handler: internaldomainsecret.New(webhookLogger.WithName(internaldomainsecret.HandlerName))})
+	server.Register(seedrestriction.WebhookPath, &webhook.Admission{Handler: seedRestrictionHandler, RecoverPanic: true})
+	server.Register(namespacedeletion.WebhookPath, &webhook.Admission{Handler: namespaceValidationHandler, RecoverPanic: true})
+	server.Register(kubeconfigsecret.WebhookPath, &webhook.Admission{Handler: kubeconfigsecret.New(webhookLogger.WithName(kubeconfigsecret.HandlerName)), RecoverPanic: true})
+	server.Register(resourcesize.WebhookPath, &webhook.Admission{Handler: resourcesize.New(webhookLogger.WithName(resourcesize.HandlerName), o.config.Server.ResourceAdmissionConfiguration), RecoverPanic: true})
+	server.Register(auditpolicy.WebhookPath, &webhook.Admission{Handler: auditpolicy.New(webhookLogger.WithName(auditpolicy.HandlerName)), RecoverPanic: true})
+	server.Register(internaldomainsecret.WebhookPath, &webhook.Admission{Handler: internaldomainsecret.New(webhookLogger.WithName(internaldomainsecret.HandlerName)), RecoverPanic: true})
 
 	if pointer.BoolDeref(o.config.Server.EnableDebugHandlers, false) {
 		log.Info("Registering debug handlers")

diff --git a/cmd/gardener-seed-admission-controller/app/gardener_seed_admission_controller.go b/cmd/gardener-seed-admission-controller/app/gardener_seed_admission_controller.go
@@ -183,8 +183,8 @@ func (o *Options) Run(ctx context.Context) error {
 	if err := extensionresources.AddWebhooks(mgr); err != nil {
 		return err
 	}
-	server.Register(extensioncrds.WebhookPath, &webhook.Admission{Handler: extensioncrds.New(webhookLogger.WithName(extensioncrds.HandlerName))})
-	server.Register(podschedulername.WebhookPath, &webhook.Admission{Handler: admission.HandlerFunc(podschedulername.DefaultShootControlPlanePodsSchedulerName)})
+	server.Register(extensioncrds.WebhookPath, &webhook.Admission{Handler: extensioncrds.New(webhookLogger.WithName(extensioncrds.HandlerName)), RecoverPanic: true})
+	server.Register(podschedulername.WebhookPath, &webhook.Admission{Handler: admission.HandlerFunc(podschedulername.DefaultShootControlPlanePodsSchedulerName), RecoverPanic: true})
 
 	log.Info("Starting manager")
 	return mgr.Start(ctx)

diff --git a/pkg/resourcemanager/webhook/podschedulername/add.go b/pkg/resourcemanager/webhook/podschedulername/add.go
@@ -44,7 +44,8 @@ type WebhookConfig struct {
 func AddToManagerWithOptions(mgr manager.Manager, conf WebhookConfig) error {
 	server := mgr.GetWebhookServer()
 	server.Register(WebhookPath, &webhook.Admission{
-		Handler: NewHandler(conf.SchedulerName),
+		Handler:      NewHandler(conf.SchedulerName),
+		RecoverPanic: true,
 	})
 	return nil
 }

diff --git a/pkg/resourcemanager/webhook/podzoneaffinity/add.go b/pkg/resourcemanager/webhook/podzoneaffinity/add.go
@@ -43,7 +43,8 @@ type WebhookConfig struct {
 func AddToManagerWithOptions(mgr manager.Manager, _ WebhookConfig) error {
 	server := mgr.GetWebhookServer()
 	server.Register(WebhookPath, &webhook.Admission{
-		Handler: NewHandler(mgr.GetLogger().WithName("webhook").WithName(HandlerName)),
+		Handler:      NewHandler(mgr.GetLogger().WithName("webhook").WithName(HandlerName)),
+		RecoverPanic: true,
 	})
 	return nil
 }

diff --git a/pkg/resourcemanager/webhook/projectedtokenmount/add.go b/pkg/resourcemanager/webhook/projectedtokenmount/add.go
@@ -50,6 +50,7 @@ func AddToManagerWithOptions(mgr manager.Manager, conf WebhookConfig) error {
 			conf.TargetCluster.GetCache(),
 			conf.ExpirationSeconds,
 		),
+		RecoverPanic: true,
 	})
 	return nil
 }

diff --git a/pkg/resourcemanager/webhook/seccompprofile/add.go b/pkg/resourcemanager/webhook/seccompprofile/add.go
@@ -43,7 +43,8 @@ type WebhookConfig struct {
 func AddToManagerWithOptions(mgr manager.Manager, conf WebhookConfig) error {
 	server := mgr.GetWebhookServer()
 	server.Register(WebhookPath, &webhook.Admission{
-		Handler: &Handler{logger: mgr.GetLogger().WithName("webhook").WithName(HandlerName)},
+		Handler:      &Handler{logger: mgr.GetLogger().WithName("webhook").WithName(HandlerName)},
+		RecoverPanic: true,
 	})
 	return nil
 }

diff --git a/pkg/resourcemanager/webhook/tokeninvalidator/add.go b/pkg/resourcemanager/webhook/tokeninvalidator/add.go
@@ -29,6 +29,9 @@ const (
 // AddToManager adds the webhook handler to the manager.
 func AddToManager(mgr manager.Manager) error {
 	server := mgr.GetWebhookServer()
-	server.Register(WebhookPath, &webhook.Admission{Handler: NewHandler(mgr.GetLogger().WithName("webhook").WithName(HandlerName))})
+	server.Register(WebhookPath, &webhook.Admission{
+		Handler:      NewHandler(mgr.GetLogger().WithName("webhook").WithName(HandlerName)),
+		RecoverPanic: true,
+	})
 	return nil
 }
diff --git a/test/integration/seedadmissioncontroller/extensioncrds/extensioncrds_suite_test.go b/test/integration/seedadmissioncontroller/extensioncrds/extensioncrds_suite_test.go
@@ -119,7 +119,7 @@ var _ = BeforeSuite(func() {
 	By("registering webhooks")
 	server := mgr.GetWebhookServer()
 	Expect(extensionresources.AddWebhooks(mgr)).To(Succeed())
-	server.Register(extensioncrds.WebhookPath, &webhook.Admission{Handler: extensioncrds.New(log)})
+	server.Register(extensioncrds.WebhookPath, &webhook.Admission{Handler: extensioncrds.New(log), RecoverPanic: true})
 
 	By("starting manager")
 	mgrContext, mgrCancel := context.WithCancel(ctx)

diff --git a/test/integration/seedadmissioncontroller/podschedulername/podschedulername_suite_test.go b/test/integration/seedadmissioncontroller/podschedulername/podschedulername_suite_test.go
@@ -119,7 +119,7 @@ var _ = BeforeSuite(func() {
 	Expect(err).NotTo(HaveOccurred())
 
 	By("registering webhooks")
-	mgr.GetWebhookServer().Register(podschedulername.WebhookPath, &webhook.Admission{Handler: admission.HandlerFunc(podschedulername.DefaultShootControlPlanePodsSchedulerName)})
+	mgr.GetWebhookServer().Register(podschedulername.WebhookPath, &webhook.Admission{Handler: admission.HandlerFunc(podschedulername.DefaultShootControlPlanePodsSchedulerName), RecoverPanic: true})
 
 	By("starting manager")
 	mgrContext, mgrCancel := context.WithCancel(ctx)