diff --git a/cluster/gce/config-test.sh b/cluster/gce/config-test.sh
index 676b4afa802..d46e2607790 100755
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@@ -321,7 +321,7 @@ if [[ -z "${KUBE_ADMISSION_CONTROL:-}" ]]; then
     ADMISSION_CONTROL="${ADMISSION_CONTROL},PodSecurityPolicy"
   fi
   # ResourceQuota must come last, or a creation is recorded, but the pod may be forbidden.
-  ADMISSION_CONTROL="${ADMISSION_CONTROL},GenericAdmissionWebhook,ResourceQuota"
+  ADMISSION_CONTROL="${ADMISSION_CONTROL},ValidatingAdmissionWebhook,ResourceQuota"
 else
   ADMISSION_CONTROL=${KUBE_ADMISSION_CONTROL}
 fi
diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go
index b76f6e59dc3..59c2a289292 100644
--- a/cmd/kube-apiserver/app/options/options_test.go
+++ b/cmd/kube-apiserver/app/options/options_test.go
@@ -104,8 +104,8 @@ func TestAddFlags(t *testing.T) {
 			MinRequestTimeout:           1800,
 		},
 		Admission: &apiserveroptions.AdmissionOptions{
-			RecommendedPluginOrder: []string{"MutatingAdmissionWebhook", "NamespaceLifecycle", "Initializers", "GenericAdmissionWebhook"},
-			DefaultOffPlugins:      []string{"MutatingAdmissionWebhook", "Initializers", "GenericAdmissionWebhook"},
+			RecommendedPluginOrder: []string{"MutatingAdmissionWebhook", "NamespaceLifecycle", "Initializers", "ValidatingAdmissionWebhook"},
+			DefaultOffPlugins:      []string{"MutatingAdmissionWebhook", "Initializers", "ValidatingAdmissionWebhook"},
 			PluginNames:            []string{"AlwaysDeny"},
 			ConfigFile:             "/admission-control-config",
 			Plugins:                s.Admission.Plugins,
diff --git a/hack/local-up-cluster.sh b/hack/local-up-cluster.sh
index da883a1c74b..dfad23d8992 100755
--- a/hack/local-up-cluster.sh
+++ b/hack/local-up-cluster.sh
@@ -419,7 +419,7 @@ function start_apiserver {
     fi
 
     # Admission Controllers to invoke prior to persisting objects in cluster
-    ADMISSION_CONTROL=MutatingAdmissionWebhook,Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount${security_admission},DefaultStorageClass,DefaultTolerationSeconds,GenericAdmissionWebhook,ResourceQuota
+    ADMISSION_CONTROL=MutatingAdmissionWebhook,Initializers,NamespaceLifecycle,LimitRanger,ServiceAccount${security_admission},DefaultStorageClass,DefaultTolerationSeconds,ValidatingAdmissionWebhook,ResourceQuota
     # This is the default dir and filename where the apiserver will generate a self-signed cert
     # which should be able to be used as the CA to verify itself
 
diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go
index a06e224bf73..4911777c642 100644
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go
@@ -50,13 +50,13 @@ import (
 
 const (
 	// Name of admission plug-in
-	PluginName = "GenericAdmissionWebhook"
+	PluginName = "ValidatingAdmissionWebhook"
 )
 
 // Register registers a plugin
 func Register(plugins *admission.Plugins) {
 	plugins.Register(PluginName, func(configFile io.Reader) (admission.Interface, error) {
-		plugin, err := NewGenericAdmissionWebhook(configFile)
+		plugin, err := NewValidatingAdmissionWebhook(configFile)
 		if err != nil {
 			return nil, err
 		}
@@ -71,8 +71,8 @@ type WebhookSource interface {
 	Webhooks() (*v1alpha1.ValidatingWebhookConfiguration, error)
 }
 
-// NewGenericAdmissionWebhook returns a generic admission webhook plugin.
-func NewGenericAdmissionWebhook(configFile io.Reader) (*GenericAdmissionWebhook, error) {
+// NewValidatingAdmissionWebhook returns a generic admission webhook plugin.
+func NewValidatingAdmissionWebhook(configFile io.Reader) (*ValidatingAdmissionWebhook, error) {
 	kubeconfigFile, err := config.LoadConfig(configFile)
 	if err != nil {
 		return nil, err
@@ -90,7 +90,7 @@ func NewGenericAdmissionWebhook(configFile io.Reader) (*GenericAdmissionWebhook,
 	cm.SetAuthenticationInfoResolver(authInfoResolver)
 	cm.SetServiceResolver(config.NewDefaultServiceResolver())
 
-	return &GenericAdmissionWebhook{
+	return &ValidatingAdmissionWebhook{
 		Handler: admission.NewHandler(
 			admission.Connect,
 			admission.Create,
@@ -101,8 +101,8 @@ func NewGenericAdmissionWebhook(configFile io.Reader) (*GenericAdmissionWebhook,
 	}, nil
 }
 
-// GenericAdmissionWebhook is an implementation of admission.Interface.
-type GenericAdmissionWebhook struct {
+// ValidatingAdmissionWebhook is an implementation of admission.Interface.
+type ValidatingAdmissionWebhook struct {
 	*admission.Handler
 	hookSource       WebhookSource
 	namespaceMatcher namespace.Matcher
@@ -111,22 +111,22 @@ type GenericAdmissionWebhook struct {
 }
 
 var (
-	_ = genericadmissioninit.WantsExternalKubeClientSet(&GenericAdmissionWebhook{})
+	_ = genericadmissioninit.WantsExternalKubeClientSet(&ValidatingAdmissionWebhook{})
 )
 
 // TODO find a better way wire this, but keep this pull small for now.
-func (a *GenericAdmissionWebhook) SetAuthenticationInfoResolverWrapper(wrapper config.AuthenticationInfoResolverWrapper) {
+func (a *ValidatingAdmissionWebhook) SetAuthenticationInfoResolverWrapper(wrapper config.AuthenticationInfoResolverWrapper) {
 	a.clientManager.SetAuthenticationInfoResolverWrapper(wrapper)
 }
 
 // SetServiceResolver sets a service resolver for the webhook admission plugin.
 // Passing a nil resolver does not have an effect, instead a default one will be used.
-func (a *GenericAdmissionWebhook) SetServiceResolver(sr config.ServiceResolver) {
+func (a *ValidatingAdmissionWebhook) SetServiceResolver(sr config.ServiceResolver) {
 	a.clientManager.SetServiceResolver(sr)
 }
 
 // SetScheme sets a serializer(NegotiatedSerializer) which is derived from the scheme
-func (a *GenericAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
+func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
 	if scheme != nil {
 		a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
 			Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1alpha1.SchemeGroupVersion),
@@ -136,37 +136,37 @@ func (a *GenericAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
 }
 
 // WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it
-func (a *GenericAdmissionWebhook) SetExternalKubeClientSet(client clientset.Interface) {
+func (a *ValidatingAdmissionWebhook) SetExternalKubeClientSet(client clientset.Interface) {
 	a.namespaceMatcher.Client = client
 	a.hookSource = configuration.NewValidatingWebhookConfigurationManager(client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations())
 }
 
 // SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.
-func (a *GenericAdmissionWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
+func (a *ValidatingAdmissionWebhook) SetExternalKubeInformerFactory(f informers.SharedInformerFactory) {
 	namespaceInformer := f.Core().V1().Namespaces()
 	a.namespaceMatcher.NamespaceLister = namespaceInformer.Lister()
 	a.SetReadyFunc(namespaceInformer.Informer().HasSynced)
 }
 
 // ValidateInitialization implements the InitializationValidator interface.
-func (a *GenericAdmissionWebhook) ValidateInitialization() error {
+func (a *ValidatingAdmissionWebhook) ValidateInitialization() error {
 	if a.hookSource == nil {
-		return fmt.Errorf("GenericAdmissionWebhook admission plugin requires a Kubernetes client to be provided")
+		return fmt.Errorf("ValidatingAdmissionWebhook admission plugin requires a Kubernetes client to be provided")
 	}
 	if err := a.namespaceMatcher.Validate(); err != nil {
-		return fmt.Errorf("GenericAdmissionWebhook.namespaceMatcher is not properly setup: %v", err)
+		return fmt.Errorf("ValidatingAdmissionWebhook.namespaceMatcher is not properly setup: %v", err)
 	}
 	if err := a.clientManager.Validate(); err != nil {
-		return fmt.Errorf("GenericAdmissionWebhook.clientManager is not properly setup: %v", err)
+		return fmt.Errorf("ValidatingAdmissionWebhook.clientManager is not properly setup: %v", err)
 	}
 	if err := a.convertor.Validate(); err != nil {
-		return fmt.Errorf("GenericAdmissionWebhook.convertor is not properly setup: %v", err)
+		return fmt.Errorf("ValidatingAdmissionWebhook.convertor is not properly setup: %v", err)
 	}
 	go a.hookSource.Run(wait.NeverStop)
 	return nil
 }
 
-func (a *GenericAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.ValidatingWebhookConfiguration, error) {
+func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.ValidatingWebhookConfiguration, error) {
 	hookConfig, err := a.hookSource.Webhooks()
 	// if Webhook configuration is disabled, fail open
 	if err == configuration.ErrDisabled {
@@ -186,7 +186,7 @@ func (a *GenericAdmissionWebhook) loadConfiguration(attr admission.Attributes) (
 }
 
 // Admit makes an admission decision based on the request attributes.
-func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
+func (a *ValidatingAdmissionWebhook) Admit(attr admission.Attributes) error {
 	hookConfig, err := a.loadConfiguration(attr)
 	if err != nil {
 		return err
@@ -280,7 +280,7 @@ func (a *GenericAdmissionWebhook) Admit(attr admission.Attributes) error {
 }
 
 // TODO: factor into a common place along with the validating webhook version.
-func (a *GenericAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
+func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
 	var matches bool
 	for _, r := range h.Rules {
 		m := rules.Matcher{Rule: r, Attr: attr}
@@ -296,7 +296,7 @@ func (a *GenericAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admis
 	return a.namespaceMatcher.MatchNamespaceSelector(h, attr)
 }
 
-func (a *GenericAdmissionWebhook) callHook(ctx context.Context, h *v1alpha1.Webhook, attr admission.Attributes) error {
+func (a *ValidatingAdmissionWebhook) callHook(ctx context.Context, h *v1alpha1.Webhook, attr admission.Attributes) error {
 	// Make the webhook request
 	request := request.CreateAdmissionReview(attr)
 	client, err := a.clientManager.HookClient(h)
diff --git a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go
index 1e4602b0e0f..dcebb848f6f 100644
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go
@@ -116,7 +116,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
 	}
 }
 
-// TestAdmit tests that GenericAdmissionWebhook#Admit works as expected
+// TestAdmit tests that ValidatingAdmissionWebhook#Admit works as expected
 func TestAdmit(t *testing.T) {
 	scheme := runtime.NewScheme()
 	v1alpha1.AddToScheme(scheme)
@@ -129,7 +129,7 @@ func TestAdmit(t *testing.T) {
 	if err != nil {
 		t.Fatalf("this should never happen? %v", err)
 	}
-	wh, err := NewGenericAdmissionWebhook(nil)
+	wh, err := NewValidatingAdmissionWebhook(nil)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -410,7 +410,7 @@ func TestAdmit(t *testing.T) {
 	}
 }
 
-// TestAdmitCachedClient tests that GenericAdmissionWebhook#Admit should cache restClient
+// TestAdmitCachedClient tests that ValidatingAdmissionWebhook#Admit should cache restClient
 func TestAdmitCachedClient(t *testing.T) {
 	scheme := runtime.NewScheme()
 	v1alpha1.AddToScheme(scheme)
@@ -423,7 +423,7 @@ func TestAdmitCachedClient(t *testing.T) {
 	if err != nil {
 		t.Fatalf("this should never happen? %v", err)
 	}
-	wh, err := NewGenericAdmissionWebhook(nil)
+	wh, err := NewValidatingAdmissionWebhook(nil)
 	if err != nil {
 		t.Fatal(err)
 	}