ada9fc3d08
extend ShouldCallHook benchmark to verify performance imporvement
...
Kubernetes-commit: 850a913ea98a070e26cc62cbf95508084e8cc66b
2020-07-28 10:09:37 +08:00
7e3b5e44da
skip mismatched webhookAccessor and object
...
Kubernetes-commit: c1d78f2619b69585713597e4ffdaeef12b6c20ec
2020-07-01 23:57:04 +08:00
3fab22a096
cleanup tempfiles in unit test
...
Signed-off-by: Li Zhijian <lizhijian@cn.fujitsu.com>
Kubernetes-commit: 02eaa4f354fd9abb4b11c5616ce8906684e2b4f5
2020-06-18 11:24:46 +08:00
97937c66f2
Revert nested trace PR#88936
...
Kubernetes-commit: 02cf58102a61b6d1e021e256381ff750573ce55d
2020-07-20 09:55:05 -07:00
7a467399ac
Enable nested tracing, add request filter chain tracing incl. authn/authz tracing
...
Kubernetes-commit: b12ac0abc64adb71d97fbde12f373b1424631f20
2020-03-06 16:11:21 -08:00
ff5372c83d
Add warnings capability for admission webhooks
...
Kubernetes-commit: 5eef60a00aeb18eda4238dbd8f6dc96930a6a05a
2020-06-30 16:27:56 -04:00
5879417a28
switch over k/k to use klog v2
...
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: 442a69c3bdf6fe8e525b05887e57d89db1e2f3a5
2020-04-17 15:25:06 -04:00
529b6da9bb
remove prometheus dependencies from k/k and add testcases for LabelsMatch
...
Kubernetes-commit: 6e986249ee4252f83037f229a8773869feaab15a
2020-04-22 14:07:53 +08:00
7adab84d8a
Adding IngressClass to networking/v1beta1
...
Co-authored-by: Christopher M. Luciano <cmluciano@us.ibm.com>
Kubernetes-commit: 132d2afca0794b4bcaedb6dbbefe4e9d66e80239
2020-02-24 21:20:45 -08:00
15ffd4d5c4
Remove global variable dependency from runtimeclass admission
...
Kubernetes-commit: 57ea7a11a646e5ad9b3f5c42ba42c0b1d279286b
2020-02-27 15:20:26 -05:00
337d7943db
generated: run refactor
...
Kubernetes-commit: 3aa59f7f3077642592dc8a864fcef8ba98699894
2020-02-07 18:16:47 -08:00
f7c2e26715
cleanup req.Context() and ResponseWrapper
...
Kubernetes-commit: 968adfa99362f733ef82f4aabb34a59dbbd6e56a
2020-01-27 18:52:27 -08:00
5737088b7f
refactor
...
Kubernetes-commit: d55d6175f8e2cfdab0b79aac72046a652c2eb515
2020-01-27 18:19:44 -08:00
b858bded65
Promote WebhookAdmissionConfiguration to v1
...
Kubernetes-commit: 71fad812caf6be07be3c5eabe9fdc39c29f7b2a9
2019-11-12 09:43:35 -05:00
4b9c976f43
AdmissionConfiguration v1
...
Kubernetes-commit: 1234290adfa11eb3dd34242c296e1f1dbe211c19
2019-11-11 11:57:29 -05:00
331894196f
add featuregate inspection as admission plugin initializer
...
Kubernetes-commit: 675c2fb924e82091f7ce4601e48daf4cc7030e72
2019-11-05 14:28:40 -05:00
3d42d38e70
namespace: Provide a special status cause when a namespace is terminating
...
Clients should be able to identify when a namespace is being terminated and
take special action such as backing off or giving up. Add a helper for
getting the cause of an error and then add a special cause to the forbidden
error that namespace lifecycle admission returns. We can't change the forbidden
reason without potentially breaking older clients and so cause is the
appropriate tool.
Add `StatusCause` and `HasStatusCause` to the errors package to make checking
for causes simpler. Add `NamespaceTerminatingCause` to the v1 API as a constant.
Kubernetes-commit: a62c5b282fda7c0832d329cde45e5e0a836924e8
2019-10-19 22:57:21 -04:00
630eda2c9b
eliminate direct references to prometheus
...
Kubernetes-commit: f99b4339681329779e44cd9f0c8ffdbabfeb6fcf
2019-10-10 11:18:52 +08:00
c51b9411f6
Switch admission webhook config manager to v1
...
Kubernetes-commit: f247e75980061d7cf83c63c0fb1f12c7060c599f
2019-08-01 21:57:39 -04:00
7400a466d2
Explicitly handle returned error values in admission metrics_test
...
Kubernetes-commit: 774641ebdbdc7fe89380e7e1e77f5ebbe843ecec
2019-08-21 12:13:33 -07:00
d1d66bda16
Propagate context to Authorize() calls
...
Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915
2019-09-24 10:06:32 -04:00
25bf5d3b30
Add integration test for webhook client auth
...
Kubernetes-commit: e734c70e037cf1311581eb61ae3e45adaa76771b
2019-09-02 22:37:07 -04:00
80b9dc503b
Plumb service port, URL port to webhook client auth resolution
...
Kubernetes-commit: d127042cb81cbf545332ec3124161525ef84183c
2019-09-02 22:38:36 -04:00
ce4eaaeeb3
Make webhook benchmarks parallel
...
Kubernetes-commit: 601b7d33a9cf0b724cdabb5de81b0bf2821f0fca
2019-08-28 13:27:38 -04:00
8d86fef522
wire up the webhook rejection metrics in webhook handlers
...
Kubernetes-commit: 620f5f2c587971be50cb27bb2a2d35209b3dc058
2019-08-28 17:32:07 -07:00
466e192e26
test
...
Kubernetes-commit: 71d7477c2187c0f956b90b7b55e8beee449229a2
2019-08-28 16:54:39 -07:00
c5bca07c6b
add webhook rejection metrics
...
Kubernetes-commit: 714dced0d1c7fbb703fa55c39a071a8a97db9176
2019-08-28 16:49:47 -07:00
e248b8b513
fix semantics of the rejected label in webhook metrics
...
when error calling webhook is ignored, do not log the request as
rejected
Kubernetes-commit: f3c793512b45ea3910d5e5a379292c13b62ab64b
2019-08-28 15:31:27 -07:00
58f780d1e2
Use cached selectors/client for webhooks
...
Kubernetes-commit: 8c10d929cac13dc50ca4ffaca83e7ae5c8e41292
2019-08-24 17:12:14 -04:00
b7340127c3
Add admission benchmarks
...
go test ./vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/validating -bench . -benchmem -run DoNotRun
go test ./vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating -bench . -benchmem -run DoNotRun
Kubernetes-commit: 27f535e26ad88fa30d5c0fcde4bc31897b9d521c
2019-08-24 17:40:07 -04:00
eb2a4467ba
Let webhook accessors construct client/selectors once
...
Kubernetes-commit: 14154c2345e7e467be0ff003c61cec9c0bd2be3e
2019-08-20 17:16:21 -04:00
b9084e350a
migrate kube-apiserver metrics to stability framework
...
Kubernetes-commit: 466980dd747e06e55451301c624eecccfa505123
2019-08-22 15:38:42 -07:00
db2bae4d84
tests
...
Kubernetes-commit: d35757c653893279df566985c3368f0277fe7c02
2019-05-31 16:22:55 -07:00
f4a47ec53f
mutating webhook: audit log mutation existence and actual patch
...
Kubernetes-commit: 7784353a69932a4e7b4dde55b78828abf5fa4ee6
2019-05-31 16:22:30 -07:00
70c200c6a0
audit & admission: associate annotation with audit level
...
Kubernetes-commit: 318226f3403f56aaf796af3f439c13674aa2b7ab
2019-05-31 15:36:29 -07:00
71ef46fa12
Use lesser of context or webhook-specific timeout in webhooks
...
Kubernetes-commit: c63284b1f3996e7830c1aca85281d349d0091c82
2019-08-19 11:23:05 -04:00
0c706a033c
Plumb context to admission Admit/Validate
...
Kubernetes-commit: 61774cd7176cae0c0324d23ab20e6c6b3038153f
2019-08-19 10:48:08 -04:00
f103fcda51
Replace string concatination with trace fields
...
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
2019-08-02 23:47:24 -07:00
81b56d7030
Add trace to webhook invocations
...
Kubernetes-commit: 31799ebe88534272d45c2a33396e343a5083c773
2019-05-31 16:50:54 -07:00
90d670a108
AdmissionReview: Allow webhook admission to dispatch v1 or v1beta1
...
Kubernetes-commit: dda9bcb082be058c30c83d45e757edbaac8dc65f
2019-07-12 08:44:24 -04:00
65ba1e64bc
Adding test cases to make sure objectSelector works for CRD
...
Kubernetes-commit: 58fa71d1ed375876a86fe5961ad5a87a0eb23fa2
2019-05-31 10:12:42 -07:00
3c6eb3805e
Fix admission metrics to use bucket sizes matching metric unit
...
Kubernetes-commit: 084c52551baa3dbf0aa47f193b3abddeb8e4d673
2019-05-31 16:17:24 -07:00
32d3c876b0
Flake fix: poll for webhook registration to complete in reinvocation integration tests
...
Kubernetes-commit: e51320f69d92e4d08bc25eec5a4b7a58d23184ab
2019-06-04 14:19:26 -07:00
ec622aa8bd
minor changes, propagating interface changes
...
Kubernetes-commit: 7738c7ee8fbbaa79aed2ca221141a6b3b4f826be
2019-05-29 17:20:43 -07:00
8658264258
object matcher
...
Kubernetes-commit: 6cf499db6c1dd464c6072706106dec6c5284dff7
2019-05-29 15:56:52 -07:00
b22ec2bd98
Add mutating admission webhook reinvocation
...
Kubernetes-commit: 95fa928ecb636e8d16af31ab613678c555fc76a3
2019-05-29 22:31:26 -07:00
b2b1ef14ec
split admissionregistration.v1beta1/Webhook into MutatingWebhook and ValidatingWebhook
...
Kubernetes-commit: 55ecc45455f191c404e355097bf1beae9c42f895
2019-05-29 21:30:45 -07:00
86ad7df5fb
Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent
...
Kubernetes-commit: cc2e3616f03518b1fe00c51b5226010df5f17cc7
2019-05-23 22:24:20 -07:00
0e6c33d9b7
Consider equivalent resources when calling webhook
...
Kubernetes-commit: f2abdcf43f5e0435824104fe6f1af9fb3871d455
2019-05-20 14:36:19 -04:00
d555b9c5d2
Move object conversion to webhook dispatch point
...
convert versionedattrs as needed
Allow per-webhook kind/version
Kubernetes-commit: fc495f457f8b7c58d062d12b03a96abd0879e4d2
2019-05-20 12:10:49 -04:00
6562ecd83a
Add GetResourceMapper to admission ObjectInterfaces
...
Kubernetes-commit: 92f735042e1cae38afe74364c036489fb7a81973
2019-05-13 11:24:20 -04:00
054e44a286
make ObjectInterfaces impl generic
...
Kubernetes-commit: 9071d21e3b1989ffeee4f533406e4fef6bf32aa8
2019-05-13 11:22:11 -04:00
afec0f3efa
Skip namespace selector evaluation for 'select all' selectors
...
Kubernetes-commit: e068a98f4fed7ad1fa92acc00c5d3210acd29675
2019-05-20 17:45:34 -04:00
f384b59525
Update tests for: Pass {Operation}Option to Webhooks
...
Kubernetes-commit: 900d652a9ac11e53293950b3d191295c21430215
2019-05-07 13:37:07 -07:00
19327df6d5
Pass {Operation}Option to Webhooks
...
Kubernetes-commit: 140c8c73a64deb102b528109138ca9fb7dbb2392
2019-05-07 13:34:18 -07:00
7c5dd5a07b
Ensure 4xx+ response codes from webhook rejections
...
Kubernetes-commit: 50076439fccb4ed6cf7b59f6f4add279ee7751aa
2019-04-24 15:27:19 -04:00
5ba3621283
webhook: respect the status error from webhook
...
today, apiserver generates an internal server error for any call
to mutatingwebhook if it gives allowed=false. this is not right as
it is really not an intenal error, it can be a forbidden as well
if the webhook wants it to be.
Kubernetes-commit: c2fcdc818be1441dd788cae22648c04b1650d3af
2019-01-09 14:28:33 -08:00
6c13576bf2
Add port to ServiceResolvers
...
Kubernetes-commit: 11f37d757fc0b710245446c80a8c9578ce2c02f1
2019-03-01 16:32:50 -08:00
1de9bb3580
remove the deprecated admission metrics
...
Kubernetes-commit: b31a3403c4b60d421900d9ddef3a27d23ea9c4c6
2019-03-12 14:06:38 +08:00
81939cee8f
Add AdmissionReviewVersions to admissionregistration and default it
...
Kubernetes-commit: f7dff4725f8dc694a852e7fdbdde2c8a6dd5b7d4
2019-03-04 20:52:57 -08:00
e63ca1e6d5
Add scope restrictions to webhook admission rules
...
Kubernetes-commit: 0797d812220be9b76716d366f13215b94b70bf5d
2019-02-24 15:18:05 -05:00
c2c5dfe9de
convert latencies in mertics name to duration
...
Kubernetes-commit: c525d329effc6c6460cda947d1bf8092a927c2d3
2019-02-22 22:19:57 +08:00
30a9fb6e25
honor timeout when dispatch
...
Kubernetes-commit: e1e9ee53113413a1038a3f12c87acc61baaf726b
2019-02-26 14:42:55 -08:00
3f0755b631
Explicitly set GVK when sending objects to webhooks
...
Kubernetes-commit: e752a48a3012e43e4471cce0412cd9beadd3be57
2019-02-23 00:19:47 -05:00
0fbb46dc25
Remove the propagated scheme from the Admission chain
...
Kubernetes-commit: cebb4ee2ac9e19fe90f78c3285978e585e67a3ac
2019-02-16 13:28:14 -08:00
792921debf
Mechanical changes due to signature change for Admit and Validate functions
...
Kubernetes-commit: d08bc3774dfd93ba9fa389062900a5ffb25768d6
2019-02-16 00:44:29 -08:00
87b5ac0c06
Add ObjectInterfaces to Admission and Validation
...
Kubernetes-commit: 513a87c7b25aa58f84fafe0dc170cee4c76e481b
2019-02-16 12:27:24 -08:00
77f09a96a5
remove unnecessary scheme from config struct
...
Kubernetes-commit: 5f911fd0486f79158c69b58faa1e747c7facd2f5
2019-02-18 14:05:45 -05:00
8f8d23605e
fix shellcheck in k8s.io/apiserver
...
Kubernetes-commit: 481c2d8e03508dba2c28aeb4bba48ce48904183b
2019-01-24 13:55:09 +08:00
ddce6d2b02
Add admission_latencies_milliseconds metrics for backward compatible
...
Kubernetes-commit: d9c57e74076ea8bacbba4628eb9c994c165270bf
2019-01-18 11:50:48 +08:00
ab09d1ac67
Return admission metrics with true units
...
Kubernetes-commit: c183646bafc66416e6d28764e37536ec1a35a065
2018-12-26 22:58:56 +08:00
123cf8011f
Remove alpha InitializerConfiguration types, Initializers admission plugin
...
Kubernetes-commit: dc1fa870bff65c20f48a83ea3af54adb3f526e28
2019-01-16 10:19:44 -05:00
d294e6b5b4
Update non-test code to use DefaultMutableFeatureGate
...
Kubernetes-commit: d440ecdd3b41a4fc4a207195e1bb976422d6d35e
2018-11-20 23:59:52 -05:00
2710b17b80
Move from glog to klog
...
- Move from the old github.com/golang/glog to k8s.io/klog
- klog as explicit InitFlags() so we add them as necessary
- we update the other repositories that we vendor that made a similar
change from glog to klog
* github.com/kubernetes/repo-infra
* k8s.io/gengo/
* k8s.io/kube-openapi/
* github.com/google/cadvisor
- Entirely remove all references to glog
- Fix some tests by explicit InitFlags in their init() methods
Change-Id: I92db545ff36fcec83afe98f550c9e630098b3135
Kubernetes-commit: 954996e231074dc7429f7be1256a579bedd8344c
2018-11-09 13:49:10 -05:00
26065df432
CRD Conversion
...
Kubernetes-commit: e2ca575d0f40d94578c7c0babce543ab5199d2d0
2018-11-09 14:55:06 -08:00
032ec9d79b
Switch to sigs.k8s.io/yaml from ghodss/yaml
...
Change-Id: Ic72b5131bf441d159012d67a6a3d87088d0e6d31
Kubernetes-commit: 43f523d405b012fa8d90dd95b667f520e036f6bc
2018-11-02 16:41:57 -04:00
7b71273ec8
Reduce cardinality of admission webhook metrics
...
Kubernetes-commit: 96034014f5fe08d7bb8b92b8f1679d9761c3f83d
2018-10-16 13:35:42 -07:00
8d99f185d1
fix some golint in staging/src/k8s.io/apiserver/pkg/admission/plugin/
...
Kubernetes-commit: 3de8767dc6ca8d47d29f99c2956a5fcf54df84d9
2018-09-26 14:30:50 +08:00
90f716757e
*: Remove comment tags in GoDoc
...
Adding blank line between comment tag and package name in doc.go. So
that the comment tags such as '+k8s:deepcopy-gen=package' do not show up
in GoDoc.
Kubernetes-commit: 61117761cd4a1b2e6ad9ff2d7eb915f3d2739dc6
2018-09-04 14:08:32 -07:00
0e8a1a0c6e
Modification: revise some errors about golint in some packages
...
1. pkg/client
2. staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testing
Related to: https://github.com/kubernetes/kubernetes/issues/68026
Kubernetes-commit: 1fbb8b20e20616e1a1e957c01b1bb595c7703433
2018-08-31 13:22:25 +08:00
21f6e2bcdd
Refactor addmission webhook hook client to a util package
...
Kubernetes-commit: 5652d5cffadcd8a2f107b6aecf5fc06c0fc473f1
2018-08-26 23:20:23 +10:00
817f61120c
Support dry run in admission webhooks
...
Kubernetes-commit: 2d0ec48f9beea6182a9a3bfdcc5eb98e50b44f77
2018-08-21 16:06:27 -07:00
9ee094cdf2
support annotations for admission webhook
...
Kubernetes-commit: 0ebfc3e07866494049f44cd008e5cbfe4d81d4af
2018-07-31 13:25:53 +08:00
fef02d6bec
Add test cases for webhook dry run
...
Kubernetes-commit: 3a506be626398f927049c3ce735fd29ac0efd5f1
2018-08-07 14:59:29 -07:00
53e7058d7c
Fix typo in webhook dry-run check
...
Kubernetes-commit: aa36dc94cd7a2e538ad5e6ef8999fbbe9dc0df78
2018-08-07 14:37:24 -07:00
dc1d8e7050
block dry run if a webhook would be called
...
Kubernetes-commit: e4c219df42c77ecb8f0588197072bef81bca7429
2018-08-07 09:27:18 -07:00
91278157f6
Support dry run in admission plugins
...
Kubernetes-commit: adafb1365e2b9f6c422c437e916e22a4fe1c2e3a
2018-08-06 10:37:44 -07:00
0511e4e41d
fix a TODO in ValidatingAdmissionWebhook
...
Kubernetes-commit: 162499515c0813f579770091dc30925207d063b2
2018-06-04 14:55:46 +08:00
a1b44cc72f
Do not attempt to convert nil object during DELETE webhook admission
...
Kubernetes-commit: aad0e2e15f789fc3768d6e5607b86e8b824b3917
2018-07-20 00:15:49 -04:00
7694cbf962
generated: Avoid use of reflect.Call in conversion code paths
...
Kubernetes-commit: ef561ba8b58a4427a51b2b5dbb9ad633e45f04a7
2018-07-03 16:17:14 -04:00
b90f482746
Fix TestWantsExternalKubeClientSet describe clientset typo
...
Signed-off-by: Yuanbin.Chen <cybing4@gmail.com>
Kubernetes-commit: a055a96791d5fab5e049c115b9d82db57978c73d
2018-06-04 18:32:56 +08:00
0f7bbcadfb
Add missing error handling in schema-related code
...
Kubernetes-commit: bfe313d5f351dfae086a85a97e7103183173e5b5
2018-06-03 14:59:58 +10:00
d51f943047
fix field removal in mutating admission webhooks
...
A mutating admission controller webhook doesn't remove object fields
when instructed to.
E.g. when the JSON patch
[
{"op": "remove", "path": "/spec/containers/0/resources/limits/fpga-arria10"},
{"op": "add", "path": "/spec/containers/0/resources/limits/fpga-interface-id-524abcf", "value": 1}
]
is applied to this pod
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
restartPolicy: Never
containers:
-
name: test-pod-container
image: ubuntu:bionic
imagePullPolicy: IfNotPresent
command: [ "ls", "-l", "/" ]
resources:
limits:
fpga-arria10: 1
in order to replace the resource name "fpga-arria10" with something understandable
by the device plugin the resulting pod spec still contains the old field plus
a new one. The resulting pod looks like
apiVersion: v1
kind: Pod
metadata:
name: test-pod
spec:
restartPolicy: Never
containers:
-
name: test-pod-container
image: ubuntu:bionic
imagePullPolicy: IfNotPresent
command: [ "ls", "-l", "/" ]
resources:
limits:
fpga-arria10: 1
fpga-interface-id-524abcf: 1
The patch unmarshals patched JSON into a new empty object instead of
existing one. Otherwise JSON unmarshaling reuses existing maps, keeping
existing entries as specified in the "encoding/json" standard package.
Kubernetes-commit: 4a72e17bd227b79ed89981735691af3601043bf9
2018-05-23 16:57:54 +03:00
8dcf051761
add WithAudit admission decorator
...
WithAudit admission decorator log annotations to audit events set by
the decorated admission controller
Kubernetes-commit: c38a704fb73af56841a709a199dafeb9580ca599
2018-04-13 18:27:08 +08:00
5d62a9c964
support AddAnnotation in admission attributes
...
Kubernetes-commit: 72ef2dc7248dbf055e1500938c627985175f63a4
2018-03-22 15:20:31 +08:00
5b356b15a2
Use Dial with context
...
Kubernetes-commit: 5e8e570dbda6ed89af9bc2e0a05e3d94bfdfcb61
2018-05-19 08:14:37 +10:00
c41d1d0993
simplify api registration
...
Kubernetes-commit: c5445d3c56e06ab366b9cca34bd69c5cc386ec47
2018-05-07 08:32:20 -04:00
0203b2aa93
Update all script to use /usr/bin/env bash in shebang
...
Kubernetes-commit: 9b15af19b22e91284eeb89827b2091caaec25bf6
2018-04-16 18:31:44 +02:00
88d943c0e6
eliminate indirection from type registration
...
Kubernetes-commit: e7fbbe0e3c91f34836b999e695aa133503cfdae5
2018-04-24 08:21:23 -04:00
62408eb418
Honor existing CA bundle and TLS server name in webhook client
...
Kubernetes-commit: 54c883f27bdb9ac1bd6602e34643296644e574f7
2018-04-17 01:01:30 -04:00
584fe98b64
admission/webhook: fix panic from empty response in mutating webhooks
...
Kubernetes-commit: 10969e1b8dcb89cc97d591df63be7464cefb454b
2018-02-12 14:58:57 +01:00
378bb80fc8
admission/webhook: refactor to webhook = generic-webhook + source + dispatcher
...
- unify test cases
- remove broken VersionedAttributes override abstraction
This overriding had no effect. The versioned.Attributes were never
used as admission.Attributes.Better make the versioned objects
explicit than hiding them under a wrong abstraction.
- remove wrapping of scheme.Convert
- internalize conversion package
Kubernetes-commit: 72f8a369d021037ca6179339d50ad595b5462a6c
2018-01-16 10:37:41 +01:00
716af975eb
regenerated all files and remove all YEAR fields
...
Kubernetes-commit: b49ef6531c11f1c834e0d7591f5c965f6193c711
2018-01-22 20:37:53 +08:00
e75ab8e707
log enabled admission controller in order
...
This change log enabled mutating and validating admission controller
in order.
Kubernetes-commit: 76aaba6d247fa479763fefa2d57c625077100d78
2018-03-10 16:20:12 +08:00
627fa76a8b
sync: initially remove files BUILD */BUILD BUILD.bazel */BUILD.bazel
2018-03-15 09:38:17 +00:00
f86f44d94d
Make admission webhooks work in custom apiservers.
...
Created a scheme that only understands admission/v1beta1 and use it to
encode/decode admissionReviews.
Also made the NegotiationSerializer setup static
Kubernetes-commit: 3ab516035d17c2b2798797eb8ee85522ccbc051e
2018-03-09 11:25:34 -08:00
c28dea8a20
Make admission webhooks not ignore scheme
...
Kubernetes-commit: 7d5696eb6d98a0ce76e4fe18c3e37aec05060b46
2018-03-08 11:35:13 -08:00
8779e14501
log enabled admission controller in order
...
Kubernetes-commit: 4c6db2516a7597bd0be5c1f3a3905b8894a18e6a
2018-03-06 17:40:34 +08:00
89e1aa5933
Prevent webhooks from affecting admission requests for webhooks
...
Kubernetes-commit: 58b43ad27d00191cf5291d8508dc346f1924b785
2018-03-05 16:35:52 -08:00
8e51703adb
remove unused function negotiate() and writeYAML()
...
Kubernetes-commit: 5f908c226c9df144dfc0e1665381b8ec534a60a4
2018-02-23 14:53:51 +08:00
9fa0aca343
Run hack/update-all.sh
...
Kubernetes-commit: c8dacd8e631f59ef158c79156d77a99fd2a632cc
2018-02-26 17:16:14 -08:00
1ab12b2dc8
Autogenerated: hack/update-bazel.sh
...
Kubernetes-commit: ef56a8d6bb3800ab7803713eafc4191e8202ad6e
2018-02-16 13:43:01 -08:00
bf5feefec3
add an admission decorator chain
...
Kubernetes-commit: 1ae856484b8a827b7ce6018ddfa103493a2cb97d
2018-02-14 09:27:25 -05:00
9535cc877f
run update bazel staging-dep
...
Kubernetes-commit: ea7a71301009fb3e0426ea93f070c27538e59f86
2017-11-29 23:28:53 +08:00
3dc2191ae3
add wait ready for mutating/validating webhook configuration
...
Kubernetes-commit: ec3925978511cc6b844c5b479c9b30ae21a0136a
2017-12-06 11:06:04 +08:00
3661bfee32
admission registration use shared informer instead of poll
...
Kubernetes-commit: f2875274423dac61293069f79eddf1c397e7376a
2017-11-29 23:12:19 +08:00
6f8c3a80da
fix typo in package apiserver
...
Kubernetes-commit: 0da91a8577ddfdeaff985cbb6c0da69d5a2ffc81
2018-02-01 03:04:33 +08:00
3db227c747
Split ClientConfigFor()
...
Kubernetes-commit: 05fbc22064b0502e3f66a60c82a34302850dcb41
2018-01-25 21:31:02 -08:00
907f1ed78c
Use SSH tunnel for webhook communication iff the webhook is deployed as a service
...
Kubernetes-commit: 454276c23ce39f261564e9cbebe0df8adab14a6d
2018-01-22 16:18:34 -08:00
fcee784ffb
Never let cluster-scoped resources skip webhooks
...
Kubernetes-commit: 0d717272ccbec12189946325594a8a5f29d6bd68
2018-01-11 18:05:54 -08:00
8e878f6f59
Surface error loading admission plugin config
...
Kubernetes-commit: ed53e8a25c154129eebb71b1a5816cee21889f70
2018-01-18 02:32:09 -05:00
2a2505e824
remove duplicated import
...
Kubernetes-commit: 4e7398b67b12390486012dd6f9d708dd64f961f3
2018-01-11 19:15:11 +08:00
f193a275c6
remove invalid and useless functions from unit test
...
Kubernetes-commit: eb1650ce567e0bf19f310817502a7a4fe3049a11
2018-01-12 17:22:33 +08:00
574b95f04b
admission: do not leak admission config types outside of the plugins
...
Kubernetes-commit: 1a552bbe149373c056ee004304d7e5abaa89f4c6
2017-11-27 14:44:04 +01:00
0055602f99
fix a typo
...
Kubernetes-commit: 9d1b687914226514992d9f47c639847930d315b2
2018-01-11 18:24:24 -08:00
b0adab5a27
Let mutating webhook defaults the object after applying the patch sent back by the webhook
...
Kubernetes-commit: 5029bb56c434c0099fd1d2e78de7531c69430753
2018-01-09 15:58:18 -08:00
e0f0630269
Regenerate all generated code
...
Kubernetes-commit: 80e344644e2b6222296f2f03551a8d0273c7cbce
2018-01-02 00:21:07 -08:00
c8a97ee31a
Autogenerate BUILD files
...
Kubernetes-commit: efee0704c60a2ee3049268a41535aaee7f661f6c
2017-12-23 13:06:26 -08:00
e9e963c6d2
Fix admission metrics tests
...
Kubernetes-commit: cca35ae141544e04cdf9e7c3ace201bc58091c5e
2017-12-13 15:45:24 -08:00
d14a5efcb8
remove dead code in lifecycle admission
...
Kubernetes-commit: 22398f8d3c0d71db5869eace174f5721f8499224
2017-12-05 19:40:31 +08:00
2d197ca9f2
fix typo and adjust import sequence
...
Kubernetes-commit: 185d5c1f3debec7f7c81cd713307134103038497
2017-11-08 11:43:56 +08:00
1f633a162d
Reduce memory footprint of admission metrics
...
Kubernetes-commit: 92dd8b50f304ce19d62b8acf23d1b8c4f9bae00b
2017-11-26 21:54:50 -08:00
6d575ed0c4
require webhook admission kubeconfigfile to be absolute
...
Kubernetes-commit: 7e6ce2a04ce8ede20e3bdbcb8a5680a8e54c47a2
2017-11-22 08:17:47 -05:00
e16244b0bc
Merge pull request #55812 from deads2k/admission-17-external
...
Automatic merge from submit-queue (batch tested with PRs 55812, 55752, 55447, 55848, 50984). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
Make versioned types for webhook admission config
Versioned webhook admission config type as promised in https://github.com/kubernetes/kubernetes/pull/54414 .
@kubernetes/sig-api-machinery-pr-reviews
@ericchiang as promised. fyi.
```yaml
kind: AdmissionConfiguration
apiVersion: apiserver.k8s.io/v1alpha1
plugins:
- name: GenericAdmissionWebhook
configuration:
kind: WebhookAdmission
apiVersion: apiserver.config.k8s.io/v1alpha1
kubeConfigFile: /path/to/my/file
```
`ADMISSION_CONTROL_CONFIG_FILE=../foo.yaml hack/local-up-cluster.sh`
Kubernetes-commit: 25ebf875b4235cb8f43be2aec699d62e78339cec
2017-12-07 04:34:43 +00:00
70de900800
update-all generated
...
Kubernetes-commit: fcf4f15c89c8faf3f23171ea50b9c460ea67a76b
2017-11-19 13:41:10 -08:00
98e2d6d11f
remove reference to v1alpha1
...
Kubernetes-commit: 7945ae68d0c7cffb070d60ad4d8bfe6ef585c279
2017-11-19 13:54:50 -08:00
2ee052ccdf
admission: make metrics compositional and move to metrics sub-package
...
Kubernetes-commit: baba0c827bfddfdc56b69c88e19406966ef900a2
2017-11-17 11:49:55 +01:00
f7181e20ae
#55183 follow up: Reinstate admission chain composition and ns test
...
Kubernetes-commit: d82ae45a4cf7e34cf02755b7eaa6e040da590d67
2017-11-16 21:20:14 -08:00
86dc6e7b4e
Update the validating webhook plugin to be a ValidatingInterface, rather than a MutatingInterface
...
Kubernetes-commit: cbfc9d33b7c6b9e767e4259910f783c047e83583
2017-11-20 14:57:07 -08:00
45dc4adcc3
admission/webhook: move webhook initializer into plugin
...
Kubernetes-commit: e19257f2ec87d8091defb7935bb3a161fbb229d0
2017-11-15 13:00:24 +01:00
8a572a63d4
Rename GenericAdmissionWebhook to ValidatingAdmissionWebhook
...
Kubernetes-commit: d3c0765780fed5576670d6624cc3cc8d691d6392
2017-11-17 21:05:11 -08:00
ed64135818
Rename the testdata package to testcerts.
...
`godep save` somehow fails if there is a testdata go package. See
https://github.com/kubernetes/kubernetes/pull/54892#issuecomment-345035489
Kubernetes-commit: 2052a7e2a3483e341a5a8d1fc5ae8510dd32b2c6
2017-11-17 13:24:48 -08:00
1b638a5be7
generated bazel
...
Kubernetes-commit: 6193360eb52b00727df08f67eb8fc364a8df85e9
2017-11-15 16:21:28 -08:00
cb8d15718f
Adding the mutating webhook
...
Kubernetes-commit: ea123f82aae5bc46b9a91c4543c8f742d0db52da
2017-11-14 16:36:28 -08:00
556a83dbf9
Admission request/response handling
...
AdmissionResponse allows mutating webhook to send apiserver a json patch
to mutate the object.
This reflects the imperative nature of AdmissionReview. It adds
AdmissionRequest and AdmissionResponse in place of status/spec.
The AdmissionResponse the allows the mutating webhook
to send back a json path with the mutated version of the requested
object.
Fixed the integration test to clean up properly.
Switched test image to 1.8v5 to reflect API changes.
Make sure to cache test framework client for cleaup test code.
Switched to pointer for patch type.
Factored in @liggitt's feedback.
Factored in @lavalamp's feedback.
Kubernetes-commit: dac3c2e168784bbcf1cbfef8bf5430101e191715
2017-11-06 15:41:26 -08:00
0159c24faf
generated bazel
...
Kubernetes-commit: 47ef9aaf2297829998eb1a0a804de9209c1008f1
2017-11-14 16:29:23 -08:00
da1d210644
Reorganize the code in webhook admission plugin.
...
Move the namespace selector code to package webhook/namespace
Move the conversion related code to package to webhook/versioned
Move errors related code to package webhook/errors
Move admission review related code to package webhook/request
Kubernetes-commit: 51774697b35314b078270e9da24fbe0ff843b981
2017-11-14 15:20:45 -08:00
f88f0f12a1
Reorganize the admission webhook code.
...
Moved client and kubeconfig related code to webhook/config;
Moved the rule matcher to webhook/rules;
Left TODOs saying we are going to move some other common utilities;
Other code is moved to webhook/validation.
Kubernetes-commit: 1adfacc7eb41da109e970a9c2985fd55b4cbbdfd
2017-11-05 18:11:47 -08:00
5f443f1654
Align admission metric names with prometheus guidelines
...
Kubernetes-commit: 369fd81ca151fe2ccb1ac0e6d44aad0eee99abf1
2017-11-14 11:18:31 -08:00
3773a59cf0
Remove is_system_ns from admission metrics
...
Kubernetes-commit: 375e2d03ab8c70c8c84676a7eee8b46646036bde
2017-11-13 12:34:36 -08:00
gongguan