Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make externalAdmissionHookConfigurationManager distinguish API disabled error #48576

Merged
merged 1 commit into from Jul 18, 2017
Merged

make externalAdmissionHookConfigurationManager distinguish API disabled error #48576

merged 1 commit into from Jul 18, 2017

Conversation

caesarxuchao
Copy link
Member

@caesarxuchao caesarxuchao commented Jul 7, 2017
edited

The externalAdmissionHookConfigurationManager does not return "DisabledErr" even if the API is disabled, so the GenericWebhook admission controller will not fail open.

The GenericWebhook admission controller is default to off, so the bug is hidden in most cases. To be safe, we should cherrypick it to 1.7.

Fix a bug where the GenericWebhook admission plugin does not fail open when the admissionregistration API is disabled

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 7, 2017
@k8s-github-robot k8s-github-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. release-note-label-needed labels Jul 7, 2017
@caesarxuchao caesarxuchao added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Jul 7, 2017
@lavalamp
Copy link
Member

lavalamp commented Jul 7, 2017

Thanks!

Unit test?

@caesarxuchao caesarxuchao force-pushed the fix-ExternalAdmissionHookConfigurationManager branch from 97f3fb4 to 6a1308d Compare July 7, 2017 19:39
@k8s-github-robot k8s-github-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 7, 2017
@caesarxuchao
Copy link
Member Author

Added unit tests.

@caesarxuchao caesarxuchao force-pushed the fix-ExternalAdmissionHookConfigurationManager branch from 6a1308d to 9eb065f Compare July 7, 2017 20:34
@caesarxuchao
Copy link
Member Author

@lavalamp PTAL. Thanks.

@caesarxuchao caesarxuchao added this to the v1.7 milestone Jul 11, 2017
@caesarxuchao
Copy link
Member Author

@wojtek-t this is a bug fix. Without this fix, apiserver enters crashloop if a user enables the GenericWebhook admission plugin but not the admissionregistration/v1alpha1 API.

@wojtek-t
Copy link
Member

@caesarxuchao - can you please add a release note - with that I'm obviously fine with cherrypicking it.

@caesarxuchao
Copy link
Member Author

Release note added.

@wojtek-t
Copy link
Member

@caesarxuchao - thanks! I will add "cherrypick-approved" label once this is lgtmed (and will create a cherrypick then - it's just easier for me to manage proposal this way).

@lavalamp
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 17, 2017
@caesarxuchao
Copy link
Member Author

@wojtek-t could you approve the cherrypick? Thanks.

@caesarxuchao
Copy link
Member Author

caesarxuchao commented Jul 17, 2017
edited

/test pull-kubernetes-kubemark-e2e-gce

@wojtek-t
Copy link
Member

/approve no-issue

@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: caesarxuchao, lavalamp, wojtek-t

Associated issue requirement bypassed by: wojtek-t

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 18, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 48576, 49010)

@k8s-github-robot k8s-github-robot merged commit f3dcf63 into kubernetes:master Jul 18, 2017
@wojtek-t
Copy link
Member

@caesarxuchao - cherrypicking it makes sense to me, but it's not possible to make automated cherrypick from it due to conflicts. Can you prepare a cherrypick if you want this in 1.7 branch?

@caesarxuchao caesarxuchao mentioned this pull request Jul 18, 2017
Merged
@caesarxuchao
Copy link
Member Author

Thanks. Cherrypicked in #49155

@wojtek-t wojtek-t added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jul 19, 2017
wojtek-t added a commit that referenced this pull request Jul 19, 2017
@wojtek-t
Merge pull request #49155 from caesarxuchao/automated-cherry-pick-of-…
ea1b420 
…#48576-upstream-release-1.7

Automated cherry pick of #48576
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.7" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lavalamp lavalamp

@smarterclayton smarterclayton

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.7
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@caesarxuchao @lavalamp @wojtek-t @k8s-github-robot @k8s-cherrypick-bot @smarterclayton @k8s-ci-robot