New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validating admission metrics integration #113475
Validating admission metrics integration #113475
Conversation
Skipping CI for Draft Pull Request. |
/triage accepted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs a rebase.
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/implementation.go
Outdated
Show resolved
Hide resolved
@cici37, @DangerOnTheRanger, Is this still targeting 1.26? |
72c6786
to
a82dc77
Compare
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/controller.go
Outdated
Show resolved
Hide resolved
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/controller.go
Outdated
Show resolved
Hide resolved
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/policy_decision.go
Outdated
Show resolved
Hide resolved
The changes look good. Could we have a follow-up task to rename the package |
Note: currently we use |
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/policy_decision.go
Outdated
Show resolved
Hide resolved
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/validator.go
Outdated
Show resolved
Hide resolved
82338ed
to
c2c886d
Compare
// this is important for metrics, since we want to differentiate between | ||
// a regular "admit" (no evaluation errors/expressions failing to validate) | ||
// versus an "admit" due to failure policy (some error/failure occurred, but | ||
// was ignored) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is extremely confusing.
Consider having two axes:
- evaluation: error, admit, block
- action: admit, block
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense - I'll rework policyDecisionKind
into policyDecisionAction
and then add a policyDecisionEvaluation
type and add that into policyDecision
and the other appropriate places.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Much clearer, thanks. Can you squash?
de0be04
to
588f03a
Compare
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
for vendor/modules.txt
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: BenTheElder, DangerOnTheRanger, jpbetz, lavalamp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Adding the v1.26 milestone since this was ready to merge before code freeze yesterday and was just waiting for CI to run /milestone v1.26 |
/retest |
588f03a
to
cc3cf20
Compare
(force push to fix CI, kubernetes/staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/validator_test.go Line 521 in c84e920
|
cc3cf20
to
99494e6
Compare
(force push again, fix some formatting issues) |
/lgtm |
/retest |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR is the additional PR mentioned in #112994; this PR integrates the merged metrics implementation with the rest of the work done for validation admission.
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: