Remove default admissionReviewVersions in v1, make required in validation

pkg/apis/admissionregistration/v1/defaults.go

@@ -48,10 +48,6 @@ func SetDefaults_ValidatingWebhook(obj *admissionregistrationv1.ValidatingWebhoo
 		obj.TimeoutSeconds = new(int32)
 		*obj.TimeoutSeconds = 10
 	}
-
-	if len(obj.AdmissionReviewVersions) == 0 {
-		obj.AdmissionReviewVersions = []string{admissionregistrationv1.SchemeGroupVersion.Version}
-	}
 }
 
 func SetDefaults_MutatingWebhook(obj *admissionregistrationv1.MutatingWebhook) {
@@ -79,10 +75,6 @@ func SetDefaults_MutatingWebhook(obj *admissionregistrationv1.MutatingWebhook) {
 		never := admissionregistrationv1.NeverReinvocationPolicy
 		obj.ReinvocationPolicy = &never
 	}
-
-	if len(obj.AdmissionReviewVersions) == 0 {
-		obj.AdmissionReviewVersions = []string{admissionregistrationv1.SchemeGroupVersion.Version}
-	}
 }
 
 func SetDefaults_Rule(obj *admissionregistrationv1.Rule) {

pkg/apis/admissionregistration/validation/validation.go

@@ -167,7 +167,7 @@ func validateAdmissionReviewVersions(versions []string, requireRecognizedVersion
 
 	// Currently only v1beta1 accepted in AdmissionReviewVersions
 	if len(versions) < 1 {
-		allErrors = append(allErrors, field.Required(fldPath, ""))
+		allErrors = append(allErrors, field.Required(fldPath, fmt.Sprintf("must specify one of %v", strings.Join(AcceptedAdmissionReviewVersions, ", "))))
 	} else {
 		seen := map[string]bool{}
 		hasAcceptedVersion := false

pkg/apis/admissionregistration/validation/validation_test.go

@@ -58,6 +58,16 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
 		expectedError string
 	}{
 		{
+			name: "AdmissionReviewVersions are required",
+			config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
+				{
+					Name:         "webhook.k8s.io",
+					ClientConfig: validClientConfig,
+					SideEffects:  validSideEffect,
+				},
+			}, false),
+			expectedError: `webhooks[0].admissionReviewVersions: Required value: must specify one of v1beta1`,
+		}, {
 			name: "should fail on bad AdmissionReviewVersion value",
 			config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
 				{
@@ -358,6 +368,17 @@ func TestValidateValidatingWebhookConfiguration(t *testing.T) {
 			}, true),
 			expectedError: `webhooks[0].failurePolicy: Unsupported value: "other": supported values: "Fail", "Ignore"`,
 		},
+		{
+			name: "AdmissionReviewVersions are required",
+			config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{
+				{
+					Name:         "webhook.k8s.io",
+					ClientConfig: validClientConfig,
+					SideEffects:  validSideEffect,
+				},
+			}, false),
+			expectedError: `webhooks[0].admissionReviewVersions: Required value: must specify one of v1beta1`,
+		},
 		{
 			name: "SideEffects are required",
 			config: newValidatingWebhookConfiguration([]admissionregistration.ValidatingWebhook{

staging/src/k8s.io/api/admissionregistration/v1/types.go

@@ -296,9 +296,7 @@ type ValidatingWebhook struct {
 	// If a persisted webhook configuration specifies allowed versions and does not
 	// include any versions known to the API Server, calls to the webhook will fail
 	// and be subject to the failure policy.
-	// Default to `['v1beta1']`.
-	// +optional
-	AdmissionReviewVersions []string `json:"admissionReviewVersions,omitempty" protobuf:"bytes,8,rep,name=admissionReviewVersions"`
+	AdmissionReviewVersions []string `json:"admissionReviewVersions" protobuf:"bytes,8,rep,name=admissionReviewVersions"`
 }
 
 // MutatingWebhook describes an admission webhook and the resources and operations it applies to.
@@ -427,9 +425,7 @@ type MutatingWebhook struct {
 	// If a persisted webhook configuration specifies allowed versions and does not
 	// include any versions known to the API Server, calls to the webhook will fail
 	// and be subject to the failure policy.
-	// Default to `['v1beta1']`.
-	// +optional
-	AdmissionReviewVersions []string `json:"admissionReviewVersions,omitempty" protobuf:"bytes,8,rep,name=admissionReviewVersions"`
+	AdmissionReviewVersions []string `json:"admissionReviewVersions" protobuf:"bytes,8,rep,name=admissionReviewVersions"`
 
 	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
 	// Allowed values are "Never" and "IfNeeded".