Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Promote admissionreview to v1 #80231

Merged
merged 5 commits into from Aug 2, 2019

Conversation

@liggitt
Copy link
Member

commented Jul 16, 2019

What this PR does / why we need it:

  • Promotes the AdmissionReview API types to v1 with no schema changes
  • Updates the webhook dispatcher to be able to send/receive v1 AdmissionReview objects
  • Tightens response validation for v1 AdmissionReview objects to verify apiVersion/kind/response.patchType/response.uid
  • Adds integration tests to exercise registering for v1 webhooks receiving/returning v1 AdmissionReview objects

Which issue(s) this PR fixes:
Fixes #79893

Does this PR introduce a user-facing change?:

The `AdmissionReview` API sent to and received from admission webhooks has been promoted to `admission.k8s.io/v1`. Webhooks can specify a preference for receiving `v1` AdmissionReview objects with `admissionReviewVersions: ["v1","v1beta1"]`, and must respond with an API object in the same `apiVersion` they are sent. When webhooks use `admission.k8s.io/v1`, the following additional validation is performed on their responses:
* `response.patch` and `response.patchType` are not permitted from validating admission webhooks
* `apiVersion: "admission.k8s.io/v1"` is required
* `kind: "AdmissionReview"` is required
* `response.uid: "<value of request.uid>"` is required
* `response.patchType: "JSONPatch"` is required (if `response.patch` is set)

@liggitt liggitt changed the title WIP - Promote admissionreview to v1 **What type of PR is this?** /kind api-change /kind feature WIP - Promote admissionreview to v1 Jul 16, 2019

@liggitt

This comment has been minimized.

Copy link
Member Author

commented Jul 16, 2019

/kind feature
/kind api-change
/priority important-soon
/sig api-machinery
/milestone v1.16

@liggitt

This comment has been minimized.

Copy link
Member Author

commented Jul 27, 2019

/retest

@liggitt

This comment has been minimized.

Copy link
Member Author

commented Jul 27, 2019

This is ready for review now

@liggitt liggitt moved this from Unassigned to In progress in API Reviews Jul 29, 2019

pkg/apis/admission/install/install.go Outdated Show resolved Hide resolved
if err != nil {
return false, apierrors.NewInternalError(err)
switch patchType {
case string(admissionv1.PatchTypeJSONPatch):

This comment has been minimized.

Copy link
@jpbetz

jpbetz Aug 1, 2019

Contributor

Case is intended to match PatchTypeJSONPatch for both v1 and v1beta1? Maybe add a short comment clarifying that this is deliberate?

@liggitt liggitt force-pushed the liggitt:admissionreview-v1 branch from 6b7d1b7 to 308c23c Aug 1, 2019

@liggitt

This comment has been minimized.

@liggitt

This comment has been minimized.

Copy link
Member Author

commented Aug 1, 2019

/hold
for API ack from @smarterclayton

@smarterclayton

This comment has been minimized.

Copy link
Contributor

commented Aug 1, 2019

API LGTM

/approve
/lgtm

Unhold at your leisure

@k8s-ci-robot k8s-ci-robot added the lgtm label Aug 1, 2019

@jpbetz

This comment has been minimized.

Copy link
Contributor

commented Aug 1, 2019

/lgtm

@liggitt

This comment has been minimized.

Copy link
Member Author

commented Aug 1, 2019

/hold cancel

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Aug 1, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, smarterclayton

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit c981c65 into kubernetes:master Aug 2, 2019

23 checks passed

cla/linuxfoundation liggitt authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-conformance-image-test Skipped.
pull-kubernetes-cross Job succeeded.
Details
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-csi-serial Skipped.
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gce-iscsi Skipped.
pull-kubernetes-e2e-gce-iscsi-serial Skipped.
pull-kubernetes-e2e-gce-storage-slow Skipped.
pull-kubernetes-godeps Skipped.
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped.
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Skipped.
tide In merge pool.
Details

@liggitt liggitt moved this from Required for GA, in progress to Complete in Admission Webhooks Aug 2, 2019

@liggitt liggitt deleted the liggitt:admissionreview-v1 branch Aug 2, 2019

@liggitt liggitt moved this from In progress to API review completed, 1.16 in API Reviews Aug 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.