kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #55976 from caesarxuchao/move-mutating-to-last 

Automatic merge from submit-queue (batch tested with PRs 51321, 55969, 55039, 56183, 55976). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Move mutating to run last in the mutating admission plugin chain

ref: kubernetes/features#492

Follow up on #54892. (see https://github.com/kubernetes/kubernetes/pull/54892#discussion_r151333585)

Only the last commit is relevant.

The reasons are:
* Mutating webhooks are dynamic, they can always adjust according to the behavior of compiled-in admission plugins, but not the other-way around.
* We'll document that if user deploys mutating webhooks that over some built-in mutating plugins decision, user needs also to disable the built-in validating plugins, otherwise the cluster might block.

Kubernetes-commit: f8ffbd9d618324750a9f1bd9d0363fcef83786c1
This commit is contained in:
Kubernetes Publisher 2017-11-22 12:00:01 -08:00
parent a5cdb29c3c 53b8960359
commit cfc7b57cf2
2 changed files with 1748 additions and 1688 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3424
Godeps/Godeps.json generated
View File

File diff suppressed because it is too large Load Diff

12
pkg/server/options/admission.go
View File

@ -59,10 +59,14 @@ type AdmissionOptions struct {
// Servers that do care can overwrite/append that field after creation.
func NewAdmissionOptions() *AdmissionOptions {
options := &AdmissionOptions{
Plugins: admission.NewPlugins(),
PluginNames: []string{},
RecommendedPluginOrder: []string{mutatingwebhook.PluginName, lifecycle.PluginName, initialization.PluginName, validatingwebhook.PluginName},
DefaultOffPlugins: []string{mutatingwebhook.PluginName, initialization.PluginName, validatingwebhook.PluginName},
Plugins: admission.NewPlugins(),
PluginNames: []string{},
// This list is mix of mutating admission plugins and validating
// admission plugins. The apiserver always runs the validating ones
// after all the mutating ones, so their relative order in this list
// doesn't matter.
RecommendedPluginOrder: []string{lifecycle.PluginName, initialization.PluginName, mutatingwebhook.PluginName, validatingwebhook.PluginName},
DefaultOffPlugins: []string{initialization.PluginName, mutatingwebhook.PluginName, validatingwebhook.PluginName},
}
apiserverapi.AddToScheme(options.Plugins.ConfigScheme)
apiserverapiv1alpha1.AddToScheme(options.Plugins.ConfigScheme)