Merge pull request #80883 from liggitt/admission-v1

Switch admission webhook config manager to v1

staging/src/k8s.io/apiserver/pkg/admission/configuration/BUILD

@@ -15,7 +15,7 @@ go_test(
     ],
     embed = [":go_default_library"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/wait:go_default_library",
@@ -34,7 +34,7 @@ go_library(
     importmap = "k8s.io/kubernetes/vendor/k8s.io/apiserver/pkg/admission/configuration",
     importpath = "k8s.io/apiserver/pkg/admission/configuration",
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
@@ -42,7 +42,7 @@ go_library(
         "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic:go_default_library",
         "//staging/src/k8s.io/client-go/informers:go_default_library",
-        "//staging/src/k8s.io/client-go/listers/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/client-go/listers/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/client-go/tools/cache:go_default_library",
     ],
 )

staging/src/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager.go

@@ -21,13 +21,13 @@ import (
 	"sort"
 	"sync/atomic"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/generic"
 	"k8s.io/client-go/informers"
-	admissionregistrationlisters "k8s.io/client-go/listers/admissionregistration/v1beta1"
+	admissionregistrationlisters "k8s.io/client-go/listers/admissionregistration/v1"
 	"k8s.io/client-go/tools/cache"
 )
 
@@ -41,7 +41,7 @@ type mutatingWebhookConfigurationManager struct {
 var _ generic.Source = &mutatingWebhookConfigurationManager{}
 
 func NewMutatingWebhookConfigurationManager(f informers.SharedInformerFactory) generic.Source {
-	informer := f.Admissionregistration().V1beta1().MutatingWebhookConfigurations()
+	informer := f.Admissionregistration().V1().MutatingWebhookConfigurations()
 	manager := &mutatingWebhookConfigurationManager{
 		configuration: &atomic.Value{},
 		lister:        informer.Lister(),
@@ -79,7 +79,7 @@ func (m *mutatingWebhookConfigurationManager) updateConfiguration() {
 	m.configuration.Store(mergeMutatingWebhookConfigurations(configurations))
 }
 
-func mergeMutatingWebhookConfigurations(configurations []*v1beta1.MutatingWebhookConfiguration) []webhook.WebhookAccessor {
+func mergeMutatingWebhookConfigurations(configurations []*v1.MutatingWebhookConfiguration) []webhook.WebhookAccessor {
 	// The internal order of webhooks for each configuration is provided by the user
 	// but configurations themselves can be in any order. As we are going to run these
 	// webhooks in serial, they are sorted here to have a deterministic order.
@@ -99,7 +99,7 @@ func mergeMutatingWebhookConfigurations(configurations []*v1beta1.MutatingWebhoo
 	return accessors
 }
 
-type MutatingWebhookConfigurationSorter []*v1beta1.MutatingWebhookConfiguration
+type MutatingWebhookConfigurationSorter []*v1.MutatingWebhookConfiguration
 
 func (a MutatingWebhookConfigurationSorter) ByName(i, j int) bool {
 	return a[i].Name < a[j].Name

staging/src/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager_test.go

@@ -20,7 +20,7 @@ import (
 	"reflect"
 	"testing"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes/fake"
@@ -43,12 +43,12 @@ func TestGetMutatingWebhookConfig(t *testing.T) {
 		t.Errorf("expected empty webhooks, but got %v", configurations)
 	}
 
-	webhookConfiguration := &v1beta1.MutatingWebhookConfiguration{
+	webhookConfiguration := &v1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{Name: "webhook1"},
-		Webhooks:   []v1beta1.MutatingWebhook{{Name: "webhook1.1"}},
+		Webhooks:   []v1.MutatingWebhook{{Name: "webhook1.1"}},
 	}
 
-	mutatingInformer := informerFactory.Admissionregistration().V1beta1().MutatingWebhookConfigurations()
+	mutatingInformer := informerFactory.Admissionregistration().V1().MutatingWebhookConfigurations()
 	mutatingInformer.Informer().GetIndexer().Add(webhookConfiguration)
 	configManager.updateConfiguration()
 

staging/src/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager.go

@@ -21,13 +21,13 @@ import (
 	"sort"
 	"sync/atomic"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook"
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/generic"
 	"k8s.io/client-go/informers"
-	admissionregistrationlisters "k8s.io/client-go/listers/admissionregistration/v1beta1"
+	admissionregistrationlisters "k8s.io/client-go/listers/admissionregistration/v1"
 	"k8s.io/client-go/tools/cache"
 )
 
@@ -41,7 +41,7 @@ type validatingWebhookConfigurationManager struct {
 var _ generic.Source = &validatingWebhookConfigurationManager{}
 
 func NewValidatingWebhookConfigurationManager(f informers.SharedInformerFactory) generic.Source {
-	informer := f.Admissionregistration().V1beta1().ValidatingWebhookConfigurations()
+	informer := f.Admissionregistration().V1().ValidatingWebhookConfigurations()
 	manager := &validatingWebhookConfigurationManager{
 		configuration: &atomic.Value{},
 		lister:        informer.Lister(),
@@ -80,7 +80,7 @@ func (v *validatingWebhookConfigurationManager) updateConfiguration() {
 	v.configuration.Store(mergeValidatingWebhookConfigurations(configurations))
 }
 
-func mergeValidatingWebhookConfigurations(configurations []*v1beta1.ValidatingWebhookConfiguration) []webhook.WebhookAccessor {
+func mergeValidatingWebhookConfigurations(configurations []*v1.ValidatingWebhookConfiguration) []webhook.WebhookAccessor {
 	sort.SliceStable(configurations, ValidatingWebhookConfigurationSorter(configurations).ByName)
 	accessors := []webhook.WebhookAccessor{}
 	for _, c := range configurations {
@@ -97,7 +97,7 @@ func mergeValidatingWebhookConfigurations(configurations []*v1beta1.ValidatingWe
 	return accessors
 }
 
-type ValidatingWebhookConfigurationSorter []*v1beta1.ValidatingWebhookConfiguration
+type ValidatingWebhookConfigurationSorter []*v1.ValidatingWebhookConfiguration
 
 func (a ValidatingWebhookConfigurationSorter) ByName(i, j int) bool {
 	return a[i].Name < a[j].Name

staging/src/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager_test.go

@@ -20,7 +20,7 @@ import (
 	"reflect"
 	"testing"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes/fake"
@@ -44,12 +44,12 @@ func TestGetValidatingWebhookConfig(t *testing.T) {
 		t.Errorf("expected empty webhooks, but got %v", configurations)
 	}
 
-	webhookConfiguration := &v1beta1.ValidatingWebhookConfiguration{
+	webhookConfiguration := &v1.ValidatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{Name: "webhook1"},
-		Webhooks:   []v1beta1.ValidatingWebhook{{Name: "webhook1.1"}},
+		Webhooks:   []v1.ValidatingWebhook{{Name: "webhook1.1"}},
 	}
 
-	validatingInformer := informerFactory.Admissionregistration().V1beta1().ValidatingWebhookConfigurations()
+	validatingInformer := informerFactory.Admissionregistration().V1().ValidatingWebhookConfigurations()
 	validatingInformer.Informer().GetIndexer().Add(webhookConfiguration)
 	if validatingConfig, ok := manager.(*validatingWebhookConfigurationManager); ok {
 		validatingConfig.updateConfiguration()

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/BUILD

@@ -7,7 +7,7 @@ go_library(
     importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook",
     visibility = ["//visibility:public"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/labels:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
@@ -49,7 +49,7 @@ go_test(
     srcs = ["accessors_test.go"],
     embed = [":go_default_library"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
         "//vendor/github.com/google/gofuzz:go_default_library",
     ],

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors.go

@@ -19,7 +19,7 @@ package webhook
 import (
 	"sync"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
@@ -46,37 +46,37 @@ type WebhookAccessor interface {
 	// needed, use GetUID.
 	GetName() string
 	// GetClientConfig gets the webhook ClientConfig field.
-	GetClientConfig() v1beta1.WebhookClientConfig
+	GetClientConfig() v1.WebhookClientConfig
 	// GetRules gets the webhook Rules field.
-	GetRules() []v1beta1.RuleWithOperations
+	GetRules() []v1.RuleWithOperations
 	// GetFailurePolicy gets the webhook FailurePolicy field.
-	GetFailurePolicy() *v1beta1.FailurePolicyType
+	GetFailurePolicy() *v1.FailurePolicyType
 	// GetMatchPolicy gets the webhook MatchPolicy field.
-	GetMatchPolicy() *v1beta1.MatchPolicyType
+	GetMatchPolicy() *v1.MatchPolicyType
 	// GetNamespaceSelector gets the webhook NamespaceSelector field.
 	GetNamespaceSelector() *metav1.LabelSelector
 	// GetObjectSelector gets the webhook ObjectSelector field.
 	GetObjectSelector() *metav1.LabelSelector
 	// GetSideEffects gets the webhook SideEffects field.
-	GetSideEffects() *v1beta1.SideEffectClass
+	GetSideEffects() *v1.SideEffectClass
 	// GetTimeoutSeconds gets the webhook TimeoutSeconds field.
 	GetTimeoutSeconds() *int32
 	// GetAdmissionReviewVersions gets the webhook AdmissionReviewVersions field.
 	GetAdmissionReviewVersions() []string
 
 	// GetMutatingWebhook if the accessor contains a MutatingWebhook, returns it and true, else returns false.
-	GetMutatingWebhook() (*v1beta1.MutatingWebhook, bool)
+	GetMutatingWebhook() (*v1.MutatingWebhook, bool)
 	// GetValidatingWebhook if the accessor contains a ValidatingWebhook, returns it and true, else returns false.
-	GetValidatingWebhook() (*v1beta1.ValidatingWebhook, bool)
+	GetValidatingWebhook() (*v1.ValidatingWebhook, bool)
 }
 
 // NewMutatingWebhookAccessor creates an accessor for a MutatingWebhook.
-func NewMutatingWebhookAccessor(uid, configurationName string, h *v1beta1.MutatingWebhook) WebhookAccessor {
+func NewMutatingWebhookAccessor(uid, configurationName string, h *v1.MutatingWebhook) WebhookAccessor {
 	return &mutatingWebhookAccessor{uid: uid, configurationName: configurationName, MutatingWebhook: h}
 }
 
 type mutatingWebhookAccessor struct {
-	*v1beta1.MutatingWebhook
+	*v1.MutatingWebhook
 	uid               string
 	configurationName string
 
@@ -126,19 +126,19 @@ func (m *mutatingWebhookAccessor) GetName() string {
 	return m.Name
 }
 
-func (m *mutatingWebhookAccessor) GetClientConfig() v1beta1.WebhookClientConfig {
+func (m *mutatingWebhookAccessor) GetClientConfig() v1.WebhookClientConfig {
 	return m.ClientConfig
 }
 
-func (m *mutatingWebhookAccessor) GetRules() []v1beta1.RuleWithOperations {
+func (m *mutatingWebhookAccessor) GetRules() []v1.RuleWithOperations {
 	return m.Rules
 }
 
-func (m *mutatingWebhookAccessor) GetFailurePolicy() *v1beta1.FailurePolicyType {
+func (m *mutatingWebhookAccessor) GetFailurePolicy() *v1.FailurePolicyType {
 	return m.FailurePolicy
 }
 
-func (m *mutatingWebhookAccessor) GetMatchPolicy() *v1beta1.MatchPolicyType {
+func (m *mutatingWebhookAccessor) GetMatchPolicy() *v1.MatchPolicyType {
 	return m.MatchPolicy
 }
 
@@ -150,7 +150,7 @@ func (m *mutatingWebhookAccessor) GetObjectSelector() *metav1.LabelSelector {
 	return m.ObjectSelector
 }
 
-func (m *mutatingWebhookAccessor) GetSideEffects() *v1beta1.SideEffectClass {
+func (m *mutatingWebhookAccessor) GetSideEffects() *v1.SideEffectClass {
 	return m.SideEffects
 }
 
@@ -162,21 +162,21 @@ func (m *mutatingWebhookAccessor) GetAdmissionReviewVersions() []string {
 	return m.AdmissionReviewVersions
 }
 
-func (m *mutatingWebhookAccessor) GetMutatingWebhook() (*v1beta1.MutatingWebhook, bool) {
+func (m *mutatingWebhookAccessor) GetMutatingWebhook() (*v1.MutatingWebhook, bool) {
 	return m.MutatingWebhook, true
 }
 
-func (m *mutatingWebhookAccessor) GetValidatingWebhook() (*v1beta1.ValidatingWebhook, bool) {
+func (m *mutatingWebhookAccessor) GetValidatingWebhook() (*v1.ValidatingWebhook, bool) {
 	return nil, false
 }
 
 // NewValidatingWebhookAccessor creates an accessor for a ValidatingWebhook.
-func NewValidatingWebhookAccessor(uid, configurationName string, h *v1beta1.ValidatingWebhook) WebhookAccessor {
+func NewValidatingWebhookAccessor(uid, configurationName string, h *v1.ValidatingWebhook) WebhookAccessor {
 	return &validatingWebhookAccessor{uid: uid, configurationName: configurationName, ValidatingWebhook: h}
 }
 
 type validatingWebhookAccessor struct {
-	*v1beta1.ValidatingWebhook
+	*v1.ValidatingWebhook
 	uid               string
 	configurationName string
 
@@ -226,19 +226,19 @@ func (v *validatingWebhookAccessor) GetName() string {
 	return v.Name
 }
 
-func (v *validatingWebhookAccessor) GetClientConfig() v1beta1.WebhookClientConfig {
+func (v *validatingWebhookAccessor) GetClientConfig() v1.WebhookClientConfig {
 	return v.ClientConfig
 }
 
-func (v *validatingWebhookAccessor) GetRules() []v1beta1.RuleWithOperations {
+func (v *validatingWebhookAccessor) GetRules() []v1.RuleWithOperations {
 	return v.Rules
 }
 
-func (v *validatingWebhookAccessor) GetFailurePolicy() *v1beta1.FailurePolicyType {
+func (v *validatingWebhookAccessor) GetFailurePolicy() *v1.FailurePolicyType {
 	return v.FailurePolicy
 }
 
-func (v *validatingWebhookAccessor) GetMatchPolicy() *v1beta1.MatchPolicyType {
+func (v *validatingWebhookAccessor) GetMatchPolicy() *v1.MatchPolicyType {
 	return v.MatchPolicy
 }
 
@@ -250,7 +250,7 @@ func (v *validatingWebhookAccessor) GetObjectSelector() *metav1.LabelSelector {
 	return v.ObjectSelector
 }
 
-func (v *validatingWebhookAccessor) GetSideEffects() *v1beta1.SideEffectClass {
+func (v *validatingWebhookAccessor) GetSideEffects() *v1.SideEffectClass {
 	return v.SideEffects
 }
 
@@ -262,11 +262,11 @@ func (v *validatingWebhookAccessor) GetAdmissionReviewVersions() []string {
 	return v.AdmissionReviewVersions
 }
 
-func (v *validatingWebhookAccessor) GetMutatingWebhook() (*v1beta1.MutatingWebhook, bool) {
+func (v *validatingWebhookAccessor) GetMutatingWebhook() (*v1.MutatingWebhook, bool) {
 	return nil, false
 }
 
-func (v *validatingWebhookAccessor) GetValidatingWebhook() (*v1beta1.ValidatingWebhook, bool) {
+func (v *validatingWebhookAccessor) GetValidatingWebhook() (*v1.ValidatingWebhook, bool) {
 	return v.ValidatingWebhook, true
 }
 

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/accessors_test.go

@@ -22,7 +22,7 @@ import (
 	"testing"
 
 	fuzz "github.com/google/gofuzz"
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	"k8s.io/apimachinery/pkg/util/diff"
 )
 
@@ -30,7 +30,7 @@ func TestMutatingWebhookAccessor(t *testing.T) {
 	f := fuzz.New()
 	for i := 0; i < 100; i++ {
 		t.Run(fmt.Sprintf("Run %d/100", i), func(t *testing.T) {
-			orig := &v1beta1.MutatingWebhook{}
+			orig := &v1.MutatingWebhook{}
 			f.Fuzz(orig)
 
 			// zero out any accessor type specific fields not included in the accessor
@@ -51,7 +51,7 @@ func TestMutatingWebhookAccessor(t *testing.T) {
 			if _, ok := accessor.GetValidatingWebhook(); ok {
 				t.Errorf("expected GetValidatingWebhook to be nil for mutating webhook accessor")
 			}
-			copy := &v1beta1.MutatingWebhook{
+			copy := &v1.MutatingWebhook{
 				Name:                    accessor.GetName(),
 				ClientConfig:            accessor.GetClientConfig(),
 				Rules:                   accessor.GetRules(),
@@ -74,7 +74,7 @@ func TestValidatingWebhookAccessor(t *testing.T) {
 	f := fuzz.New()
 	for i := 0; i < 100; i++ {
 		t.Run(fmt.Sprintf("Run %d/100", i), func(t *testing.T) {
-			orig := &v1beta1.ValidatingWebhook{}
+			orig := &v1.ValidatingWebhook{}
 			f.Fuzz(orig)
 			uid := fmt.Sprintf("test.configuration.admission/%s/0", orig.Name)
 			accessor := NewValidatingWebhookAccessor(uid, "test.configuration.admission", orig)
@@ -91,7 +91,7 @@ func TestValidatingWebhookAccessor(t *testing.T) {
 			if _, ok := accessor.GetMutatingWebhook(); ok {
 				t.Errorf("expected GetMutatingWebhook to be nil for validating webhook accessor")
 			}
-			copy := &v1beta1.ValidatingWebhook{
+			copy := &v1.ValidatingWebhook{
 				Name:                    accessor.GetName(),
 				ClientConfig:            accessor.GetClientConfig(),
 				Rules:                   accessor.GetRules(),

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/BUILD

@@ -13,7 +13,7 @@ go_library(
     deps = [
         "//staging/src/k8s.io/api/admission/v1:go_default_library",
         "//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
@@ -52,7 +52,7 @@ go_test(
     ],
     embed = [":go_default_library"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook.go

@@ -23,7 +23,7 @@ import (
 
 	admissionv1 "k8s.io/api/admission/v1"
 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/admission"
@@ -155,7 +155,7 @@ func (a *Webhook) ShouldCallHook(h webhook.WebhookAccessor, attr admission.Attri
 			break
 		}
 	}
-	if invocation == nil && h.GetMatchPolicy() != nil && *h.GetMatchPolicy() == v1beta1.Equivalent {
+	if invocation == nil && h.GetMatchPolicy() != nil && *h.GetMatchPolicy() == v1.Equivalent {
 		attrWithOverride := &attrWithResourceOverride{Attributes: attr}
 		equivalents := o.GetEquivalentResourceMapper().EquivalentResourcesFor(attr.GetResource(), attr.GetSubresource())
 		// honor earlier rules first

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic/webhook_test.go

@@ -21,7 +21,7 @@ import (
 	"strings"
 	"testing"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -34,9 +34,9 @@ import (
 func TestShouldCallHook(t *testing.T) {
 	a := &Webhook{namespaceMatcher: &namespace.Matcher{}, objectMatcher: &object.Matcher{}}
 
-	allScopes := v1beta1.AllScopes
+	allScopes := v1.AllScopes
-	exactMatch := v1beta1.Exact
+	exactMatch := v1.Exact
-	equivalentMatch := v1beta1.Equivalent
+	equivalentMatch := v1.Equivalent
 
 	mapper := runtime.NewEquivalentResourceRegistryWithIdentity(func(resource schema.GroupResource) string {
 		if resource.Resource == "deployments" {
@@ -64,7 +64,7 @@ func TestShouldCallHook(t *testing.T) {
 	testcases := []struct {
 		name string
 
-		webhook *v1beta1.ValidatingWebhook
+		webhook *v1.ValidatingWebhook
 		attrs   admission.Attributes
 
 		expectCall            bool
@@ -75,19 +75,19 @@ func TestShouldCallHook(t *testing.T) {
 	}{
 		{
 			name:       "no rules (just write)",
-			webhook:    &v1beta1.ValidatingWebhook{Rules: []v1beta1.RuleWithOperations{}},
+			webhook:    &v1.ValidatingWebhook{Rules: []v1.RuleWithOperations{}},
 			attrs:      admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall: false,
 		},
 		{
 			name: "invalid kind lookup",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
 				MatchPolicy:       &equivalentMatch,
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"example.com"}, APIVersions: []string{"v1"}, Resources: []string{"widgets"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"example.com"}, APIVersions: []string{"v1"}, Resources: []string{"widgets"}, Scope: &allScopes},
 				}}},
 			attrs:      admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"example.com", "v2", "Widget"}, "ns", "name", schema.GroupVersionResource{"example.com", "v2", "widgets"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall: false,
@@ -95,12 +95,12 @@ func TestShouldCallHook(t *testing.T) {
 		},
 		{
 			name: "wildcard rule, match as requested",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,
@@ -110,18 +110,18 @@ func TestShouldCallHook(t *testing.T) {
 		},
 		{
 			name: "specific rules, prefer exact match",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,
@@ -131,47 +131,47 @@ func TestShouldCallHook(t *testing.T) {
 		},
 		{
 			name: "specific rules, match miss",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}}},
 			attrs:      admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall: false,
 		},
 		{
 			name: "specific rules, exact match miss",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				MatchPolicy:       &exactMatch,
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}}},
 			attrs:      admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall: false,
 		},
 		{
 			name: "specific rules, equivalent match, prefer extensions",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				MatchPolicy:       &equivalentMatch,
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,
@@ -181,16 +181,16 @@ func TestShouldCallHook(t *testing.T) {
 		},
 		{
 			name: "specific rules, equivalent match, prefer apps",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				MatchPolicy:       &equivalentMatch,
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"apps", "v1", "Deployment"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,
@@ -201,18 +201,18 @@ func TestShouldCallHook(t *testing.T) {
 
 		{
 			name: "specific rules, subresource prefer exact match",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,
@@ -222,47 +222,47 @@ func TestShouldCallHook(t *testing.T) {
 		},
 		{
 			name: "specific rules, subresource match miss",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}}},
 			attrs:      admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall: false,
 		},
 		{
 			name: "specific rules, subresource exact match miss",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				MatchPolicy:       &exactMatch,
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}}},
 			attrs:      admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall: false,
 		},
 		{
 			name: "specific rules, subresource equivalent match, prefer extensions",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				MatchPolicy:       &equivalentMatch,
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,
@@ -272,16 +272,16 @@ func TestShouldCallHook(t *testing.T) {
 		},
 		{
 			name: "specific rules, subresource equivalent match, prefer apps",
-			webhook: &v1beta1.ValidatingWebhook{
+			webhook: &v1.ValidatingWebhook{
 				MatchPolicy:       &equivalentMatch,
 				NamespaceSelector: &metav1.LabelSelector{},
 				ObjectSelector:    &metav1.LabelSelector{},
-				Rules: []v1beta1.RuleWithOperations{{
+				Rules: []v1.RuleWithOperations{{
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"apps"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}, {
-					Operations: []v1beta1.OperationType{"*"},
+					Operations: []v1.OperationType{"*"},
-					Rule:       v1beta1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
+					Rule:       v1.Rule{APIGroups: []string{"extensions"}, APIVersions: []string{"v1beta1"}, Resources: []string{"deployments", "deployments/scale"}, Scope: &allScopes},
 				}}},
 			attrs:                 admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{"autoscaling", "v1", "Scale"}, "ns", "name", schema.GroupVersionResource{"apps", "v1", "deployments"}, "scale", admission.Create, &metav1.CreateOptions{}, false, nil),
 			expectCall:            true,

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD

@@ -13,7 +13,7 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//staging/src/k8s.io/api/admission/v1:go_default_library",
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/equality:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go

@@ -28,7 +28,7 @@ import (
 	"k8s.io/klog"
 
 	admissionv1 "k8s.io/api/admission/v1"
-	"k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -103,7 +103,7 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
 		}
 		hook, ok := invocation.Webhook.GetMutatingWebhook()
 		if !ok {
-			return fmt.Errorf("mutating webhook dispatch requires v1beta1.MutatingWebhook, but got %T", hook)
+			return fmt.Errorf("mutating webhook dispatch requires v1.MutatingWebhook, but got %T", hook)
 		}
 		// This means that during reinvocation, a webhook will not be
 		// called for the first time. For example, if the webhook is
@@ -133,7 +133,7 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
 			round = 1
 		}
 		changed, err := a.callAttrMutatingHook(ctx, hook, invocation, versionedAttr, o, round, i)
-		ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
+		ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == admissionregistrationv1.Ignore
 		rejected := false
 		if err != nil {
 			switch err := err.(type) {
@@ -156,7 +156,7 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
 			webhookReinvokeCtx.RequireReinvokingPreviouslyInvokedPlugins()
 			reinvokeCtx.SetShouldReinvoke()
 		}
-		if hook.ReinvocationPolicy != nil && *hook.ReinvocationPolicy == v1beta1.IfNeededReinvocationPolicy {
+		if hook.ReinvocationPolicy != nil && *hook.ReinvocationPolicy == admissionregistrationv1.IfNeededReinvocationPolicy {
 			webhookReinvokeCtx.AddReinvocableWebhookToPreviouslyInvoked(invocation.Webhook.GetUID())
 		}
 		if err == nil {
@@ -196,7 +196,7 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
 
 // note that callAttrMutatingHook updates attr
 
-func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *v1beta1.MutatingWebhook, invocation *generic.WebhookInvocation, attr *generic.VersionedAttributes, o admission.ObjectInterfaces, round, idx int) (bool, error) {
+func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admissionregistrationv1.MutatingWebhook, invocation *generic.WebhookInvocation, attr *generic.VersionedAttributes, o admission.ObjectInterfaces, round, idx int) (bool, error) {
 	configurationName := invocation.Webhook.GetConfigurationName()
 	annotator := newWebhookAnnotator(attr, round, idx, h.Name, configurationName)
 	changed := false
@@ -205,7 +205,7 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *v1beta
 		if h.SideEffects == nil {
 			return false, &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil")}
 		}
-		if !(*h.SideEffects == v1beta1.SideEffectClassNone || *h.SideEffects == v1beta1.SideEffectClassNoneOnDryRun) {
+		if !(*h.SideEffects == admissionregistrationv1.SideEffectClassNone || *h.SideEffects == admissionregistrationv1.SideEffectClassNoneOnDryRun) {
 			return false, webhookerrors.NewDryRunUnsupportedErr(h.Name)
 		}
 	}

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/namespace/BUILD

@@ -27,7 +27,7 @@ go_test(
     srcs = ["matcher_test.go"],
     embed = [":go_default_library"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/namespace/matcher_test.go

@@ -20,7 +20,7 @@ import (
 	"reflect"
 	"testing"
 
-	registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	registrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -115,7 +115,7 @@ func TestGetNamespaceLabels(t *testing.T) {
 }
 
 func TestNotExemptClusterScopedResource(t *testing.T) {
-	hook := &registrationv1beta1.ValidatingWebhook{
+	hook := &registrationv1.ValidatingWebhook{
 		NamespaceSelector: &metav1.LabelSelector{},
 	}
 	attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, &metav1.CreateOptions{}, false, nil)

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/object/BUILD

@@ -39,7 +39,7 @@ go_test(
     srcs = ["matcher_test.go"],
     embed = [":go_default_library"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/object/matcher_test.go

@@ -19,7 +19,7 @@ package object
 import (
 	"testing"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -52,7 +52,7 @@ func TestObjectSelector(t *testing.T) {
 		},
 	}
 	matcher := &Matcher{}
-	allScopes := v1beta1.AllScopes
+	allScopes := v1.AllScopes
 	testcases := []struct {
 		name string
 
@@ -106,12 +106,12 @@ func TestObjectSelector(t *testing.T) {
 	}
 
 	for _, testcase := range testcases {
-		hook := &v1beta1.ValidatingWebhook{
+		hook := &v1.ValidatingWebhook{
 			NamespaceSelector: &metav1.LabelSelector{},
 			ObjectSelector:    testcase.objectSelector,
-			Rules: []v1beta1.RuleWithOperations{{
+			Rules: []v1.RuleWithOperations{{
-				Operations: []v1beta1.OperationType{"*"},
+				Operations: []v1.OperationType{"*"},
-				Rule:       v1beta1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*"}, Scope: &allScopes},
+				Rule:       v1.Rule{APIGroups: []string{"*"}, APIVersions: []string{"*"}, Resources: []string{"*"}, Scope: &allScopes},
 			}}}
 
 		t.Run(testcase.name, func(t *testing.T) {

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/BUILD

@@ -42,7 +42,7 @@ go_test(
     deps = [
         "//staging/src/k8s.io/api/admission/v1:go_default_library",
         "//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/api/apps/v1:go_default_library",
         "//staging/src/k8s.io/api/authentication/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview_test.go

@@ -25,7 +25,7 @@ import (
 
 	admissionv1 "k8s.io/api/admission/v1"
 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -486,14 +486,14 @@ func TestCreateAdmissionObjects(t *testing.T) {
 		{
 			name: "no supported versions",
 			invocation: &generic.WebhookInvocation{
-				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1beta1.MutatingWebhook{}),
+				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1.MutatingWebhook{}),
 			},
 			expectErr: "webhook does not accept known AdmissionReview versions",
 		},
 		{
 			name: "no known supported versions",
 			invocation: &generic.WebhookInvocation{
-				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1beta1.MutatingWebhook{
+				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1.MutatingWebhook{
 					AdmissionReviewVersions: []string{"vX"},
 				}),
 			},
@@ -510,7 +510,7 @@ func TestCreateAdmissionObjects(t *testing.T) {
 				Resource:    schema.GroupVersionResource{Group: "extensions", Version: "v1beta1", Resource: "deployments"},
 				Subresource: "",
 				Kind:        schema.GroupVersionKind{Group: "extensions", Version: "v1beta1", Kind: "Deployment"},
-				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1beta1.MutatingWebhook{
+				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1.MutatingWebhook{
 					AdmissionReviewVersions: []string{"v1", "v1beta1"},
 				}),
 			},
@@ -553,7 +553,7 @@ func TestCreateAdmissionObjects(t *testing.T) {
 				Resource:    schema.GroupVersionResource{Group: "extensions", Version: "v1beta1", Resource: "deployments"},
 				Subresource: "",
 				Kind:        schema.GroupVersionKind{Group: "extensions", Version: "v1beta1", Kind: "Deployment"},
-				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1beta1.MutatingWebhook{
+				Webhook: webhook.NewMutatingWebhookAccessor("mywebhook", "mycfg", &admissionregistrationv1.MutatingWebhook{
 					AdmissionReviewVersions: []string{"v1beta1", "v1"},
 				}),
 			},

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/BUILD

@@ -7,7 +7,7 @@ go_library(
     importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/rules",
     visibility = ["//visibility:public"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//staging/src/k8s.io/apiserver/pkg/admission:go_default_library",
@@ -19,7 +19,7 @@ go_test(
     srcs = ["rules_test.go"],
     embed = [":go_default_library"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/rules.go

@@ -19,7 +19,7 @@ package rules
 import (
 	"strings"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/admission"
@@ -27,7 +27,7 @@ import (
 
 // Matcher determines if the Attr matches the Rule.
 type Matcher struct {
-	Rule v1beta1.RuleWithOperations
+	Rule v1.RuleWithOperations
 	Attr admission.Attributes
 }
 
@@ -56,15 +56,15 @@ func exactOrWildcard(items []string, requested string) bool {
 var namespaceResource = schema.GroupVersionResource{Group: "", Version: "v1", Resource: "namespaces"}
 
 func (r *Matcher) scope() bool {
-	if r.Rule.Scope == nil || *r.Rule.Scope == v1beta1.AllScopes {
+	if r.Rule.Scope == nil || *r.Rule.Scope == v1.AllScopes {
 		return true
 	}
 	// attr.GetNamespace() is set to the name of the namespace for requests of the namespace object itself.
 	switch *r.Rule.Scope {
-	case v1beta1.NamespacedScope:
+	case v1.NamespacedScope:
 		// first make sure that we are not requesting a namespace object (namespace objects are cluster-scoped)
 		return r.Attr.GetResource() != namespaceResource && r.Attr.GetNamespace() != metav1.NamespaceNone
-	case v1beta1.ClusterScope:
+	case v1.ClusterScope:
 		// also return true if the request is for a namespace object (namespace objects are cluster-scoped)
 		return r.Attr.GetResource() == namespaceResource || r.Attr.GetNamespace() == metav1.NamespaceNone
 	default:
@@ -83,12 +83,12 @@ func (r *Matcher) version() bool {
 func (r *Matcher) operation() bool {
 	attrOp := r.Attr.GetOperation()
 	for _, op := range r.Rule.Operations {
-		if op == v1beta1.OperationAll {
+		if op == v1.OperationAll {
 			return true
 		}
 		// The constants are the same such that this is a valid cast (and this
 		// is tested).
-		if op == v1beta1.OperationType(attrOp) {
+		if op == v1.OperationType(attrOp) {
 			return true
 		}
 	}

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/rules_test.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"testing"
 
-	adreg "k8s.io/api/admissionregistration/v1beta1"
+	adreg "k8s.io/api/admissionregistration/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testing/BUILD

@@ -13,7 +13,7 @@ go_library(
     visibility = ["//visibility:public"],
     deps = [
         "//staging/src/k8s.io/api/admission/v1beta1:go_default_library",
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/testing/testcase.go

@@ -24,7 +24,7 @@ import (
 	"strings"
 	"sync"
 
-	registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	registrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -39,25 +39,25 @@ import (
 	fakeclientset "k8s.io/client-go/kubernetes/fake"
 )
 
-var matchEverythingRules = []registrationv1beta1.RuleWithOperations{{
+var matchEverythingRules = []registrationv1.RuleWithOperations{{
-	Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
+	Operations: []registrationv1.OperationType{registrationv1.OperationAll},
-	Rule: registrationv1beta1.Rule{
+	Rule: registrationv1.Rule{
 		APIGroups:   []string{"*"},
 		APIVersions: []string{"*"},
 		Resources:   []string{"*/*"},
 	},
 }}
 
-var sideEffectsUnknown = registrationv1beta1.SideEffectClassUnknown
+var sideEffectsUnknown = registrationv1.SideEffectClassUnknown
-var sideEffectsNone = registrationv1beta1.SideEffectClassNone
+var sideEffectsNone = registrationv1.SideEffectClassNone
-var sideEffectsSome = registrationv1beta1.SideEffectClassSome
+var sideEffectsSome = registrationv1.SideEffectClassSome
-var sideEffectsNoneOnDryRun = registrationv1beta1.SideEffectClassNoneOnDryRun
+var sideEffectsNoneOnDryRun = registrationv1.SideEffectClassNoneOnDryRun
 
-var reinvokeNever = registrationv1beta1.NeverReinvocationPolicy
+var reinvokeNever = registrationv1.NeverReinvocationPolicy
-var reinvokeIfNeeded = registrationv1beta1.IfNeededReinvocationPolicy
+var reinvokeIfNeeded = registrationv1.IfNeededReinvocationPolicy
 
 // NewFakeValidatingDataSource returns a mock client and informer returning the given webhooks.
-func NewFakeValidatingDataSource(name string, webhooks []registrationv1beta1.ValidatingWebhook, stopCh <-chan struct{}) (clientset kubernetes.Interface, factory informers.SharedInformerFactory) {
+func NewFakeValidatingDataSource(name string, webhooks []registrationv1.ValidatingWebhook, stopCh <-chan struct{}) (clientset kubernetes.Interface, factory informers.SharedInformerFactory) {
 	var objs = []runtime.Object{
 		&corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
@@ -68,7 +68,7 @@ func NewFakeValidatingDataSource(name string, webhooks []registrationv1beta1.Val
 			},
 		},
 	}
-	objs = append(objs, &registrationv1beta1.ValidatingWebhookConfiguration{
+	objs = append(objs, &registrationv1.ValidatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "test-webhooks",
 		},
@@ -82,7 +82,7 @@ func NewFakeValidatingDataSource(name string, webhooks []registrationv1beta1.Val
 }
 
 // NewFakeMutatingDataSource returns a mock client and informer returning the given webhooks.
-func NewFakeMutatingDataSource(name string, webhooks []registrationv1beta1.MutatingWebhook, stopCh <-chan struct{}) (clientset kubernetes.Interface, factory informers.SharedInformerFactory) {
+func NewFakeMutatingDataSource(name string, webhooks []registrationv1.MutatingWebhook, stopCh <-chan struct{}) (clientset kubernetes.Interface, factory informers.SharedInformerFactory) {
 	var objs = []runtime.Object{
 		&corev1.Namespace{
 			ObjectMeta: metav1.ObjectMeta{
@@ -93,7 +93,7 @@ func NewFakeMutatingDataSource(name string, webhooks []registrationv1beta1.Mutat
 			},
 		},
 	}
-	objs = append(objs, &registrationv1beta1.MutatingWebhookConfiguration{
+	objs = append(objs, &registrationv1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "test-webhooks",
 		},
@@ -199,11 +199,11 @@ type urlConfigGenerator struct {
 	baseURL *url.URL
 }
 
-func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1beta1.WebhookClientConfig {
+func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1.WebhookClientConfig {
 	u2 := *c.baseURL
 	u2.Path = urlPath
 	urlString := u2.String()
-	return registrationv1beta1.WebhookClientConfig{
+	return registrationv1.WebhookClientConfig{
 		URL:      &urlString,
 		CABundle: testcerts.CACert,
 	}
@@ -212,7 +212,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1beta1.WebhookC
 // ValidatingTest is a validating webhook test case.
 type ValidatingTest struct {
 	Name                   string
-	Webhooks               []registrationv1beta1.ValidatingWebhook
+	Webhooks               []registrationv1.ValidatingWebhook
 	Path                   string
 	IsCRD                  bool
 	IsDryRun               bool
@@ -229,7 +229,7 @@ type ValidatingTest struct {
 // MutatingTest is a mutating webhook test case.
 type MutatingTest struct {
 	Name                   string
-	Webhooks               []registrationv1beta1.MutatingWebhook
+	Webhooks               []registrationv1.MutatingWebhook
 	Path                   string
 	IsCRD                  bool
 	IsDryRun               bool
@@ -260,7 +260,7 @@ func ConvertToMutatingTestCases(tests []ValidatingTest, configurationName string
 				t.ExpectAnnotations[key] = value
 			}
 			// Break if the converted webhook is intended to fail close
-			if strings.Contains(hook.Name, "internalErr") && (hook.FailurePolicy == nil || *hook.FailurePolicy == registrationv1beta1.Fail) {
+			if strings.Contains(hook.Name, "internalErr") && (hook.FailurePolicy == nil || *hook.FailurePolicy == registrationv1.Fail) {
 				break
 			}
 		}
@@ -270,10 +270,10 @@ func ConvertToMutatingTestCases(tests []ValidatingTest, configurationName string
 }
 
 // ConvertToMutatingWebhooks converts a validating webhook to a mutating one for test purposes.
-func ConvertToMutatingWebhooks(webhooks []registrationv1beta1.ValidatingWebhook) []registrationv1beta1.MutatingWebhook {
+func ConvertToMutatingWebhooks(webhooks []registrationv1.ValidatingWebhook) []registrationv1.MutatingWebhook {
-	mutating := make([]registrationv1beta1.MutatingWebhook, len(webhooks))
+	mutating := make([]registrationv1.MutatingWebhook, len(webhooks))
 	for i, h := range webhooks {
-		mutating[i] = registrationv1beta1.MutatingWebhook{h.Name, h.ClientConfig, h.Rules, h.FailurePolicy, h.MatchPolicy, h.NamespaceSelector, h.ObjectSelector, h.SideEffects, h.TimeoutSeconds, h.AdmissionReviewVersions, nil}
+		mutating[i] = registrationv1.MutatingWebhook{h.Name, h.ClientConfig, h.Rules, h.FailurePolicy, h.MatchPolicy, h.NamespaceSelector, h.ObjectSelector, h.SideEffects, h.TimeoutSeconds, h.AdmissionReviewVersions, nil}
 	}
 	return mutating
 }
@@ -283,18 +283,18 @@ func ConvertToMutatingWebhooks(webhooks []registrationv1beta1.ValidatingWebhook)
 // AdmissionResponse. The test cases are used by both MutatingAdmissionWebhook
 // and ValidatingAdmissionWebhook.
 func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
-	policyFail := registrationv1beta1.Fail
+	policyFail := registrationv1.Fail
-	policyIgnore := registrationv1beta1.Ignore
+	policyIgnore := registrationv1.Ignore
 	ccfgURL := urlConfigGenerator{url}.ccfgURL
 
 	return []ValidatingTest{
 		{
 			Name: "no match",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:         "nomatch",
 				ClientConfig: ccfgSVC("disallow"),
-				Rules: []registrationv1beta1.RuleWithOperations{{
+				Rules: []registrationv1.RuleWithOperations{{
-					Operations: []registrationv1beta1.OperationType{registrationv1beta1.Create},
+					Operations: []registrationv1.OperationType{registrationv1.Create},
 				}},
 				NamespaceSelector:       &metav1.LabelSelector{},
 				ObjectSelector:          &metav1.LabelSelector{},
@@ -304,7 +304,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & allow",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow.example.com",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -317,7 +317,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & disallow",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "disallow",
 				ClientConfig:            ccfgSVC("disallow"),
 				Rules:                   matchEverythingRules,
@@ -330,7 +330,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & disallow ii",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "disallowReason",
 				ClientConfig:            ccfgSVC("disallowReason"),
 				Rules:                   matchEverythingRules,
@@ -343,7 +343,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & disallow & but allowed because namespaceSelector exempt the ns",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:         "disallow",
 				ClientConfig: ccfgSVC("disallow"),
 				Rules:        newMatchEverythingRules(),
@@ -362,7 +362,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & disallow & but allowed because namespaceSelector exempt the ns ii",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:         "disallow",
 				ClientConfig: ccfgSVC("disallow"),
 				Rules:        newMatchEverythingRules(),
@@ -380,7 +380,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & fail (but allow because fail open)",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "internalErr A",
 				ClientConfig:            ccfgSVC("internalErr"),
 				Rules:                   matchEverythingRules,
@@ -411,7 +411,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & fail (but disallow because fail close on nil FailurePolicy)",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "internalErr A",
 				ClientConfig:            ccfgSVC("internalErr"),
 				NamespaceSelector:       &metav1.LabelSelector{},
@@ -438,7 +438,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & fail (but fail because fail closed)",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "internalErr A",
 				ClientConfig:            ccfgSVC("internalErr"),
 				Rules:                   matchEverythingRules,
@@ -468,7 +468,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & allow (url)",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow.example.com",
 				ClientConfig:            ccfgURL("allow"),
 				Rules:                   matchEverythingRules,
@@ -481,7 +481,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match & disallow (url)",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "disallow",
 				ClientConfig:            ccfgURL("disallow"),
 				Rules:                   matchEverythingRules,
@@ -493,7 +493,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 			ErrorContains:    "without explanation",
 		}, {
 			Name: "absent response and fail open",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "nilResponse",
 				ClientConfig:            ccfgURL("nilResponse"),
 				FailurePolicy:           &policyIgnore,
@@ -507,7 +507,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "absent response and fail closed",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "nilResponse",
 				ClientConfig:            ccfgURL("nilResponse"),
 				FailurePolicy:           &policyFail,
@@ -521,11 +521,11 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "no match dry run",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:         "nomatch",
 				ClientConfig: ccfgSVC("allow"),
-				Rules: []registrationv1beta1.RuleWithOperations{{
+				Rules: []registrationv1.RuleWithOperations{{
-					Operations: []registrationv1beta1.OperationType{registrationv1beta1.Create},
+					Operations: []registrationv1.OperationType{registrationv1.Create},
 				}},
 				NamespaceSelector:       &metav1.LabelSelector{},
 				ObjectSelector:          &metav1.LabelSelector{},
@@ -537,7 +537,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match dry run side effects Unknown",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -552,7 +552,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match dry run side effects None",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -567,7 +567,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match dry run side effects Some",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -582,7 +582,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "match dry run side effects NoneOnDryRun",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -597,7 +597,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "illegal annotation format",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "invalidAnnotation",
 				ClientConfig:            ccfgURL("invalidAnnotation"),
 				Rules:                   matchEverythingRules,
@@ -609,7 +609,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "skip webhook whose objectSelector does not match",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow.example.com",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -633,7 +633,7 @@ func NewNonMutatingTestCases(url *url.URL) []ValidatingTest {
 		},
 		{
 			Name: "skip webhook whose objectSelector does not match CRD's labels",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "allow.example.com",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   matchEverythingRules,
@@ -676,7 +676,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 	return []MutatingTest{
 		{
 			Name: "match & remove label",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "removelabel.example.com",
 				ClientConfig:            ccfgSVC("removeLabel"),
 				Rules:                   matchEverythingRules,
@@ -695,7 +695,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match & add label",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "addLabel",
 				ClientConfig:            ccfgSVC("addLabel"),
 				Rules:                   matchEverythingRules,
@@ -712,7 +712,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match CRD & add label",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "addLabel",
 				ClientConfig:            ccfgSVC("addLabel"),
 				Rules:                   matchEverythingRules,
@@ -730,7 +730,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match CRD & remove label",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "removelabel.example.com",
 				ClientConfig:            ccfgSVC("removeLabel"),
 				Rules:                   matchEverythingRules,
@@ -750,7 +750,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match & invalid mutation",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "invalidMutation",
 				ClientConfig:            ccfgSVC("invalidMutation"),
 				Rules:                   matchEverythingRules,
@@ -766,7 +766,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match & remove label dry run unsupported",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "removeLabel",
 				ClientConfig:            ccfgSVC("removeLabel"),
 				Rules:                   matchEverythingRules,
@@ -784,7 +784,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "first webhook remove labels, second webhook shouldn't be called",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:              "removelabel.example.com",
 				ClientConfig:      ccfgSVC("removeLabel"),
 				Rules:             matchEverythingRules,
@@ -818,7 +818,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "first webhook remove labels from CRD, second webhook shouldn't be called",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:              "removelabel.example.com",
 				ClientConfig:      ccfgSVC("removeLabel"),
 				Rules:             matchEverythingRules,
@@ -855,7 +855,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		// connection is different.
 		{
 			Name: "match & reinvoke if needed policy",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "addLabel",
 				ClientConfig:            ccfgSVC("addLabel"),
 				Rules:                   matchEverythingRules,
@@ -884,7 +884,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match & never reinvoke policy",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "addLabel",
 				ClientConfig:            ccfgSVC("addLabel"),
 				Rules:                   matchEverythingRules,
@@ -902,7 +902,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match & never reinvoke policy (by default)",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "addLabel",
 				ClientConfig:            ccfgSVC("addLabel"),
 				Rules:                   matchEverythingRules,
@@ -919,7 +919,7 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 		},
 		{
 			Name: "match & no reinvoke",
-			Webhooks: []registrationv1beta1.MutatingWebhook{{
+			Webhooks: []registrationv1.MutatingWebhook{{
 				Name:                    "noop",
 				ClientConfig:            ccfgSVC("noop"),
 				Rules:                   matchEverythingRules,
@@ -938,20 +938,20 @@ func NewMutatingTestCases(url *url.URL, configurationName string) []MutatingTest
 // CachedTest is a test case for the client manager.
 type CachedTest struct {
 	Name            string
-	Webhooks        []registrationv1beta1.ValidatingWebhook
+	Webhooks        []registrationv1.ValidatingWebhook
 	ExpectAllow     bool
 	ExpectCacheMiss bool
 }
 
 // NewCachedClientTestcases returns a set of client manager test cases.
 func NewCachedClientTestcases(url *url.URL) []CachedTest {
-	policyIgnore := registrationv1beta1.Ignore
+	policyIgnore := registrationv1.Ignore
 	ccfgURL := urlConfigGenerator{url}.ccfgURL
 
 	return []CachedTest{
 		{
 			Name: "uncached: service webhook, path 'allow'",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "cache1",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   newMatchEverythingRules(),
@@ -965,7 +965,7 @@ func NewCachedClientTestcases(url *url.URL) []CachedTest {
 		},
 		{
 			Name: "uncached: service webhook, path 'internalErr'",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "cache2",
 				ClientConfig:            ccfgSVC("internalErr"),
 				Rules:                   newMatchEverythingRules(),
@@ -979,7 +979,7 @@ func NewCachedClientTestcases(url *url.URL) []CachedTest {
 		},
 		{
 			Name: "cached: service webhook, path 'allow'",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "cache3",
 				ClientConfig:            ccfgSVC("allow"),
 				Rules:                   newMatchEverythingRules(),
@@ -993,7 +993,7 @@ func NewCachedClientTestcases(url *url.URL) []CachedTest {
 		},
 		{
 			Name: "uncached: url webhook, path 'allow'",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "cache4",
 				ClientConfig:            ccfgURL("allow"),
 				Rules:                   newMatchEverythingRules(),
@@ -1007,7 +1007,7 @@ func NewCachedClientTestcases(url *url.URL) []CachedTest {
 		},
 		{
 			Name: "cached: service webhook, path 'allow'",
-			Webhooks: []registrationv1beta1.ValidatingWebhook{{
+			Webhooks: []registrationv1.ValidatingWebhook{{
 				Name:                    "cache5",
 				ClientConfig:            ccfgURL("allow"),
 				Rules:                   newMatchEverythingRules(),
@@ -1023,9 +1023,9 @@ func NewCachedClientTestcases(url *url.URL) []CachedTest {
 }
 
 // ccfgSVC returns a client config using the service reference mechanism.
-func ccfgSVC(urlPath string) registrationv1beta1.WebhookClientConfig {
+func ccfgSVC(urlPath string) registrationv1.WebhookClientConfig {
-	return registrationv1beta1.WebhookClientConfig{
+	return registrationv1.WebhookClientConfig{
-		Service: &registrationv1beta1.ServiceReference{
+		Service: &registrationv1.ServiceReference{
 			Name:      "webhook-test",
 			Namespace: "default",
 			Path:      &urlPath,
@@ -1034,10 +1034,10 @@ func ccfgSVC(urlPath string) registrationv1beta1.WebhookClientConfig {
 	}
 }
 
-func newMatchEverythingRules() []registrationv1beta1.RuleWithOperations {
+func newMatchEverythingRules() []registrationv1.RuleWithOperations {
-	return []registrationv1beta1.RuleWithOperations{{
+	return []registrationv1.RuleWithOperations{{
-		Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
+		Operations: []registrationv1.OperationType{registrationv1.OperationAll},
-		Rule: registrationv1beta1.Rule{
+		Rule: registrationv1.Rule{
 			APIGroups:   []string{"*"},
 			APIVersions: []string{"*"},
 			Resources:   []string{"*/*"},

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD

@@ -11,7 +11,7 @@ go_library(
     importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/validating",
     visibility = ["//visibility:public"],
     deps = [
-        "//staging/src/k8s.io/api/admissionregistration/v1beta1:go_default_library",
+        "//staging/src/k8s.io/api/admissionregistration/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/api/errors:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/runtime:go_default_library",

staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go

@@ -22,7 +22,7 @@ import (
 	"sync"
 	"time"
 
-	"k8s.io/api/admissionregistration/v1beta1"
+	"k8s.io/api/admissionregistration/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -95,13 +95,13 @@ func (d *validatingDispatcher) Dispatch(ctx context.Context, attr admission.Attr
 			defer wg.Done()
 			hook, ok := invocation.Webhook.GetValidatingWebhook()
 			if !ok {
-				utilruntime.HandleError(fmt.Errorf("validating webhook dispatch requires v1beta1.ValidatingWebhook, but got %T", hook))
+				utilruntime.HandleError(fmt.Errorf("validating webhook dispatch requires v1.ValidatingWebhook, but got %T", hook))
 				return
 			}
 			versionedAttr := versionedAttrs[invocation.Kind]
 			t := time.Now()
 			err := d.callHook(ctx, hook, invocation, versionedAttr)
-			ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
+			ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1.Ignore
 			rejected := false
 			if err != nil {
 				switch err := err.(type) {
@@ -161,12 +161,12 @@ func (d *validatingDispatcher) Dispatch(ctx context.Context, attr admission.Attr
 	return errs[0]
 }
 
-func (d *validatingDispatcher) callHook(ctx context.Context, h *v1beta1.ValidatingWebhook, invocation *generic.WebhookInvocation, attr *generic.VersionedAttributes) error {
+func (d *validatingDispatcher) callHook(ctx context.Context, h *v1.ValidatingWebhook, invocation *generic.WebhookInvocation, attr *generic.VersionedAttributes) error {
 	if attr.Attributes.IsDryRun() {
 		if h.SideEffects == nil {
 			return &webhookutil.ErrCallingWebhook{WebhookName: h.Name, Reason: fmt.Errorf("Webhook SideEffects is nil")}
 		}
-		if !(*h.SideEffects == v1beta1.SideEffectClassNone || *h.SideEffects == v1beta1.SideEffectClassNoneOnDryRun) {
+		if !(*h.SideEffects == v1.SideEffectClassNone || *h.SideEffects == v1.SideEffectClassNoneOnDryRun) {
 			return webhookerrors.NewDryRunUnsupportedErr(h.Name)
 		}
 	}