Allow shareable resources for admission control plugins. #26709
Conversation
k8s-github-robot
added
size/L
|
@hodovska could you please fill in the description with some information about what this does? |
hodovska
force-pushed
the
master
branch
2 times, most recently
from
0457113
to
5016de4
Compare
|
FYI @smarterclayton |
| // Validator should be implemented by admission plugins that can validate themselves | ||
| // after initialization has happened. | ||
| type Validator interface { | ||
| Validate() error |
hodovska
force-pushed
the
master
branch
2 times, most recently
from
9601abc
to
6300d70
Compare
k8s-github-robot
added
the
needs-rebase
|
We found a Contributor License Agreement for you (the sender of this pull request) and all commit authors, but as best as we can tell these commits were authored by someone else. If that's the case, please add them to this pull request and have them confirm that they're okay with these commits being contributed to Google. If we're mistaken and you did author these commits, just reply here to confirm. |
k8s-github-robot
added
kind/design
|
CLAs look good, thanks! |
k8s-github-robot
removed
the
needs-rebase
hodovska
force-pushed
the
master
branch
2 times, most recently
from
5aeea93
to
30db68d
Compare
| @@ -119,8 +121,13 @@ func Run(s *genericoptions.ServerRunOptions) error { | |||
| if err != nil { | |||
| glog.Errorf("Failed to create clientset: %v", err) | |||
| } | |||
| admissionController := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile) | |||
| sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) | |||
There was a problem hiding this comment.
spawn an issue to make this somethign on struct that we can pass in.
There was a problem hiding this comment.
You mean on ServerRunOptions?
Hrm, now I remember why we're unable to use these paths to build the server downstream. We have come in a layer deeper to provide a completely separate admission chain.
|
I must be missing where you're calling If @ncdc sees it, this looks like a good starting point to me. I'd like to see followup issues. |
|
You should start the informers just befor you launch the server |
|
@deads2k Start() calls added |
| @@ -59,7 +60,7 @@ func (p *provision) Admit(a admission.Attributes) (err error) { | |||
| }, | |||
| Status: api.NamespaceStatus{}, | |||
| } | |||
| _, exists, err := p.store.Get(namespace) | |||
| _, exists, err := p.informerFactory.Namespaces().Informer().GetStore().Get(namespace) | |||
There was a problem hiding this comment.
Followup issue to wait for the cache to sync. This is a pre-existing bug.
ncdc
removed
the
do-not-merge
|
It's a good starting point (functionally equivalent), lets merge it and follow up with issues and fixes for:
|
deads2k
added
the
lgtm
|
Not sure why the e2e is listed as failed because the gs bucket only shows started.json and no artifacts. @ixdy @spxtr @pwittrock ? @k8s-bot e2e test this issue: #IGNORE |
|
GKE smoke e2e failure is #27462 (again!) |
|
GCE e2e build/test passed for commit 037d116. |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
GCE e2e build/test passed for commit 037d116. |
|
Automatic merge from submit-queue |
Automatic merge from submit-queue SharedInformerFactory: usage and fixes Follow-up for #26709
Changes allow admission control plugins to share resources. This is done via new PluginInitialization structure. The structure can be extended for other resources, for now it is an shared informer for namespace plugins (NamespiceLifecycle, NamespaceAutoProvisioning, NamespaceExists).
If a plugins needs some kind of shared resource e.g. client, the client shall be added to PluginInitializer and Wants methods implemented to every plugin which will use it.