Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use Request Object interfaces instead of static scheme that is more appropriate for CRDs #74154

Merged
merged 5 commits into from Feb 19, 2019

Conversation

@mbohlool
Copy link
Member

mbohlool commented Feb 16, 2019

The admission plugin implementation uses an static scheme (set by .SetScheme method of the Plugin). While this works for standard types, it does not work for CRDs and resulted in bugs such as #73752. This change remove the static schema, and added an ObjectInterfaces which implemented by RequestScope and passed to .Admit and .Validate calls.

fixes #73752

@parhamdoustdar @liggitt

Fixes use of webhook admission plugins with multi-version custom resources
@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Feb 16, 2019

Approach looks good overall. One compile issue, and a couple import order issues

@mbohlool

This comment has been minimized.

Copy link
Member Author

mbohlool commented Feb 16, 2019

/test pull-kubernetes-integration

@mbohlool mbohlool force-pushed the mbohlool:gimli branch from ca6177a to 3f915ec Feb 16, 2019

@mbohlool mbohlool force-pushed the mbohlool:gimli branch 5 times, most recently from 6886175 to 1b09deb Feb 16, 2019

*/

package admission

This comment has been minimized.

@liggitt

liggitt Feb 16, 2019

Member

name this something other than test.go. is there a reason to limit this impl to tests?

This comment has been minimized.

@mbohlool

mbohlool Feb 16, 2019

Author Member

It is only used in test now. I think I can just move it somewhere else.

This comment has been minimized.

@mbohlool

mbohlool Feb 16, 2019

Author Member

renamed to util.go

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Feb 16, 2019

One nit on the helper filename, and the comment about not making patcher use the admission interface to collect object methods (leaving as is or declaring its own interface would be ok… I'd probably leave as is for this PR)

@mbohlool mbohlool force-pushed the mbohlool:gimli branch from 1b09deb to b4685aa Feb 16, 2019

@mbohlool

This comment has been minimized.

Copy link
Member Author

mbohlool commented Feb 16, 2019

@liggitt PTAL. @deads2k for approval.

@mbohlool mbohlool force-pushed the mbohlool:gimli branch from b4685aa to 5854893 Feb 16, 2019

@mbohlool mbohlool force-pushed the mbohlool:gimli branch from 5854893 to 0f18632 Feb 16, 2019

@mbohlool

This comment has been minimized.

Copy link
Member Author

mbohlool commented Feb 17, 2019

All green. Ready to go! @liggitt

// ObjectInterfaces is an interface used by AdmissionController to get object interfaces
// such as Converter or Defaulter. These interfaces are normally coming from Request Scope
// to handle special cases like CRDs.
type ObjectInterfaces interface {

This comment has been minimized.

@yue9944882

yue9944882 Feb 18, 2019

Member

@mbohlool @liggitt adding this as a parameter to all admission controller would widely change all the admissions' interface. how about injecting a dynamic scheme getter func from the initializers instead a fixed scheme? sth like func GetScheme(gvk), if the gvk's not registered in the legacy scheme(which is, the requesting resource is not standard), it returns the extension scheme.

This comment has been minimized.

@liggitt

liggitt Feb 19, 2019

Member

how about injecting a dynamic scheme getter func from the initializers instead a fixed scheme? sth like func GetScheme(gvk), if the gvk's not registered in the legacy scheme(which is, the requesting resource is not standard), it returns the extension scheme.

That seems more complex and error-prone. The choice is not between the legacy scheme and the extensions scheme, but between the legacy scheme and a per-resource converter/typer/defaulter for each custom resource. The object interfaces for the object being handled are in the rest handler, and fit much more naturally as a parameter to admit/validate.

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Feb 19, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Feb 19, 2019

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Feb 19, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, mbohlool

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 0ffd59e into kubernetes:master Feb 19, 2019

17 checks passed

cla/linuxfoundation mbohlool authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-cross Skipped
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-godeps Job succeeded.
Details
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped
pull-kubernetes-local-e2e-containerized Skipped
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Skipped
tide In merge pool.
Details

kanatohodets added a commit to kanatohodets/kubernetes that referenced this pull request Mar 8, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.