today, apiserver generates an internal server error for any call
to mutatingwebhook if it gives allowed=false. this is not right as
it is really not an intenal error, it can be a forbidden as well
if the webhook wants it to be.
Kubernetes-commit: c2fcdc818be1441dd788cae22648c04b1650d3af
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
A mutating admission controller webhook doesn't remove object fields
when instructed to.
E.g. when the JSON patch
[
{"op": "remove", "path": "/spec/containers/0/resources/limits/fpga-arria10"},
{"op": "add", "path": "/spec/containers/0/resources/limits/fpga-interface-id-524abcf", "value": 1}
]
is applied to this pod
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
restartPolicy: Never
containers:
-
name: test-pod-container
image: ubuntu:bionic
imagePullPolicy: IfNotPresent
command: [ "ls", "-l", "/" ]
resources:
limits:
fpga-arria10: 1
in order to replace the resource name "fpga-arria10" with something understandable
by the device plugin the resulting pod spec still contains the old field plus
a new one. The resulting pod looks like
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
restartPolicy: Never
containers:
-
name: test-pod-container
image: ubuntu:bionic
imagePullPolicy: IfNotPresent
command: [ "ls", "-l", "/" ]
resources:
limits:
fpga-arria10: 1
fpga-interface-id-524abcf: 1
The patch unmarshals patched JSON into a new empty object instead of
existing one. Otherwise JSON unmarshaling reuses existing maps, keeping
existing entries as specified in the "encoding/json" standard package.
Kubernetes-commit: 4a72e17bd227b79ed89981735691af3601043bf9
- unify test cases
- remove broken VersionedAttributes override abstraction
This overriding had no effect. The versioned.Attributes were never
used as admission.Attributes.Better make the versioned objects
explicit than hiding them under a wrong abstraction.
- remove wrapping of scheme.Convert
- internalize conversion package
Kubernetes-commit: 72f8a369d021037ca6179339d50ad595b5462a6c
Created a scheme that only understands admission/v1beta1 and use it to
encode/decode admissionReviews.
Also made the NegotiationSerializer setup static
Kubernetes-commit: 3ab516035d17c2b2798797eb8ee85522ccbc051e
Jordan Liggitt