knative/pkg - pkg - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Ville Aikas	a6afcab5bd	Fix #2115 , allow selective verbs / subresources for webhooks. (#2547 ) * WIP: just one option exploration. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * Another option. New signature and new type for configuration. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * Use interfaces and type assertions. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * log custom config with debug. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> * Address PR feedback. Signed-off-by: Ville Aikas <vaikas@chainguard.dev> Signed-off-by: Ville Aikas <vaikas@chainguard.dev>	2022-08-24 01:10:17 +00:00
Matt Moore	4836f680bb	Split the resource semantic webhooks into separate AdmissionControllers (#848 ) By combining our validation logic into our mutating webhook we were previously allowing for mutating webhooks evaluated after our own to modify our resources into invalid shapes. There are no guarantees around ordering of mutating webhooks (that I could find), so the only way to remedy this properly is to split apart the two into separate webhook configurations: - `defaulting`: which runs during the mutating admission webhook phase - `validation`: which runs during the validating admission webhook phase. The diagram in [this post](https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/) is very helpful in illustrating the flow of webhooks. Fixes: https://github.com/knative/pkg/issues/847	2019-11-14 16:51:02 -08:00

Author

SHA1

Message

Date

Ville Aikas

a6afcab5bd

Fix #2115 , allow selective verbs / subresources for webhooks. (#2547 )

* WIP: just one option exploration.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

* Another option. New signature and new type for configuration.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

* Use interfaces and type assertions.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

* log custom config with debug.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

* Address PR feedback.

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

Signed-off-by: Ville Aikas <vaikas@chainguard.dev>

2022-08-24 01:10:17 +00:00

Matt Moore

4836f680bb

Split the resource semantic webhooks into separate AdmissionControllers (#848 )

By combining our validation logic into our mutating webhook we were previously allowing for mutating webhooks evaluated after our own to modify our resources into invalid shapes.  There are no guarantees around ordering of mutating webhooks (that I could find), so the only way to remedy this properly is to split apart the two into separate webhook configurations:
 - `defaulting`: which runs during the mutating admission webhook phase
 - `validation`: which runs during the validating admission webhook phase.

The diagram in [this post](https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/) is very helpful in illustrating the flow of webhooks.

Fixes: https://github.com/knative/pkg/issues/847

2019-11-14 16:51:02 -08:00

2 Commits