kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update admission_control.md 

I tested out a Limit Ranger, and it seems like the admission happens *before* Validation. Please correct me if I'm wrong though, I didn't look at the code in detail. In any case, I think it makes sense for admission to happen before validation because code in admission can change containers.

By the way I think it's pretty hard to find flows like this in the code, so it's useful if we add links to code in the design docs (for prospective developers) :)
This commit is contained in:
Ananya Kumar 2015-07-30 20:02:06 -07:00
parent e7f04f73e8
commit 4a1dcd958e
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
admission_control.md
View File

@ -104,9 +104,9 @@ will ensure the following:
1. Incoming request 1. Incoming request
2. Authenticate user 2. Authenticate user
3. Authorize user 3. Authorize user
4. If operation=create|update, then validate(object) 4. If operation=create|update|delete, then admission.Admit(requestAttributes)
5. If operation=create|update|delete, then admission.Admit(requestAttributes) a. invoke each admission.Interface object in sequence
a. invoke each admission.Interface object in sequence 5. If operation=create|update, then validate(object)
6. Object is persisted 6. Object is persisted
If at any step, there is an error, the request is canceled. If at any step, there is an error, the request is canceled.