diff --git a/api/openapi-spec/swagger.json b/api/openapi-spec/swagger.json
index 38bed12b0b4..ba098aeab49 100644
--- a/api/openapi-spec/swagger.json
+++ b/api/openapi-spec/swagger.json
@@ -62262,6 +62262,7 @@
"description": "AdmissionHookClientConfig contains the information to make a TLS connection with the webhook",
"required": [
"service",
+ "urlPath",
"caBundle"
],
"properties": {
@@ -62273,6 +62274,10 @@
"service": {
"description": "Service is a reference to the service for this webhook. If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error. Required",
"$ref": "#/definitions/io.k8s.api.admissionregistration.v1alpha1.ServiceReference"
+ },
+ "urlPath": {
+ "description": "URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.",
+ "type": "string"
}
}
},
diff --git a/api/swagger-spec/admissionregistration.k8s.io_v1alpha1.json b/api/swagger-spec/admissionregistration.k8s.io_v1alpha1.json
index c3218e0ffcf..447807031ce 100644
--- a/api/swagger-spec/admissionregistration.k8s.io_v1alpha1.json
+++ b/api/swagger-spec/admissionregistration.k8s.io_v1alpha1.json
@@ -1764,6 +1764,7 @@
"description": "AdmissionHookClientConfig contains the information to make a TLS connection with the webhook",
"required": [
"service",
+ "urlPath",
"caBundle"
],
"properties": {
@@ -1771,6 +1772,10 @@
"$ref": "v1alpha1.ServiceReference",
"description": "Service is a reference to the service for this webhook. If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error. Required"
},
+ "urlPath": {
+ "type": "string",
+ "description": "URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object."
+ },
"caBundle": {
"type": "string",
"description": "CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate. Required"
diff --git a/docs/api-reference/admissionregistration.k8s.io/v1alpha1/definitions.html b/docs/api-reference/admissionregistration.k8s.io/v1alpha1/definitions.html
index ffd1dc03756..85c94a8e5bc 100755
--- a/docs/api-reference/admissionregistration.k8s.io/v1alpha1/definitions.html
+++ b/docs/api-reference/admissionregistration.k8s.io/v1alpha1/definitions.html
@@ -720,6 +720,13 @@ Depending on the enclosing object, subresources might not be allowed. Required.<
|
+urlPath |
+URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object. |
+true |
+string |
+ |
+
+
caBundle |
CABundle is a PEM encoded CA bundle which will be used to validate webhook’s server certificate. Required |
true |
diff --git a/pkg/apis/admissionregistration/types.go b/pkg/apis/admissionregistration/types.go
index b4676560037..092f790c491 100644
--- a/pkg/apis/admissionregistration/types.go
+++ b/pkg/apis/admissionregistration/types.go
@@ -199,6 +199,10 @@ type AdmissionHookClientConfig struct {
// ports open, port 443 will be used if it is open, otherwise it is an error.
// Required
Service ServiceReference
+
+ // URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.
+ URLPath string
+
// CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
// Required
CABundle []byte
diff --git a/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go b/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go
index 86ef143f0ae..792254ba656 100644
--- a/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/admissionregistration/v1alpha1/zz_generated.conversion.go
@@ -63,6 +63,7 @@ func autoConvert_v1alpha1_AdmissionHookClientConfig_To_admissionregistration_Adm
if err := Convert_v1alpha1_ServiceReference_To_admissionregistration_ServiceReference(&in.Service, &out.Service, s); err != nil {
return err
}
+ out.URLPath = in.URLPath
out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle))
return nil
}
@@ -76,6 +77,7 @@ func autoConvert_admissionregistration_AdmissionHookClientConfig_To_v1alpha1_Adm
if err := Convert_admissionregistration_ServiceReference_To_v1alpha1_ServiceReference(&in.Service, &out.Service, s); err != nil {
return err
}
+ out.URLPath = in.URLPath
out.CABundle = *(*[]byte)(unsafe.Pointer(&in.CABundle))
return nil
}
diff --git a/pkg/apis/admissionregistration/validation/validation.go b/pkg/apis/admissionregistration/validation/validation.go
index 3c4068f24c7..d7e7ac04352 100644
--- a/pkg/apis/admissionregistration/validation/validation.go
+++ b/pkg/apis/admissionregistration/validation/validation.go
@@ -182,6 +182,44 @@ func validateExternalAdmissionHook(hook *admissionregistration.ExternalAdmission
if hook.FailurePolicy != nil && !supportedFailurePolicies.Has(string(*hook.FailurePolicy)) {
allErrors = append(allErrors, field.NotSupported(fldPath.Child("failurePolicy"), *hook.FailurePolicy, supportedFailurePolicies.List()))
}
+
+ if len(hook.ClientConfig.URLPath) != 0 {
+ allErrors = append(allErrors, validateURLPath(fldPath.Child("clientConfig", "urlPath"), hook.ClientConfig.URLPath)...)
+ }
+
+ return allErrors
+}
+
+func validateURLPath(fldPath *field.Path, urlPath string) field.ErrorList {
+ var allErrors field.ErrorList
+ if urlPath == "/" || len(urlPath) == 0 {
+ return allErrors
+ }
+ if urlPath == "//" {
+ allErrors = append(allErrors, field.Invalid(fldPath, urlPath, "segment[0] may not be empty"))
+ return allErrors
+ }
+
+ if !strings.HasPrefix(urlPath, "/") {
+ allErrors = append(allErrors, field.Invalid(fldPath, urlPath, "must start with a '/'"))
+ }
+
+ urlPathToCheck := urlPath[1:]
+ if strings.HasSuffix(urlPathToCheck, "/") {
+ urlPathToCheck = urlPathToCheck[:len(urlPathToCheck)-1]
+ }
+ steps := strings.Split(urlPathToCheck, "/")
+ for i, step := range steps {
+ if len(step) == 0 {
+ allErrors = append(allErrors, field.Invalid(fldPath, urlPath, fmt.Sprintf("segment[%d] may not be empty", i)))
+ continue
+ }
+ failures := validation.IsDNS1123Subdomain(step)
+ for _, failure := range failures {
+ allErrors = append(allErrors, field.Invalid(fldPath, urlPath, fmt.Sprintf("segment[%d]: %v", i, failure)))
+ }
+ }
+
return allErrors
}
diff --git a/pkg/apis/admissionregistration/validation/validation_test.go b/pkg/apis/admissionregistration/validation/validation_test.go
index a842c472818..cd8f85edeb1 100644
--- a/pkg/apis/admissionregistration/validation/validation_test.go
+++ b/pkg/apis/admissionregistration/validation/validation_test.go
@@ -482,18 +482,111 @@ func TestValidateExternalAdmissionHookConfiguration(t *testing.T) {
}),
expectedError: `externalAdmissionHooks[0].failurePolicy: Unsupported value: "other": supported values: "Fail", "Ignore"`,
},
+ {
+ name: "URLPath must start with slash",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "foo/",
+ },
+ },
+ }),
+ expectedError: `clientConfig.urlPath: Invalid value: "foo/": must start with a '/'`,
+ },
+ {
+ name: "URLPath accepts slash",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "/",
+ },
+ },
+ }),
+ expectedError: ``,
+ },
+ {
+ name: "URLPath accepts no trailing slash",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "/foo",
+ },
+ },
+ }),
+ expectedError: ``,
+ },
+ {
+ name: "URLPath fails //",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "//",
+ },
+ },
+ }),
+ expectedError: `clientConfig.urlPath: Invalid value: "//": segment[0] may not be empty`,
+ },
+ {
+ name: "URLPath no empty step",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "/foo//bar/",
+ },
+ },
+ }),
+ expectedError: `clientConfig.urlPath: Invalid value: "/foo//bar/": segment[1] may not be empty`,
+ }, {
+ name: "URLPath no empty step 2",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "/foo/bar//",
+ },
+ },
+ }),
+ expectedError: `clientConfig.urlPath: Invalid value: "/foo/bar//": segment[2] may not be empty`,
+ },
+ {
+ name: "URLPath no non-subdomain",
+ config: getExternalAdmissionHookConfiguration(
+ []admissionregistration.ExternalAdmissionHook{
+ {
+ Name: "webhook.k8s.io",
+ ClientConfig: admissionregistration.AdmissionHookClientConfig{
+ URLPath: "/apis/foo.bar/v1alpha1/--bad",
+ },
+ },
+ }),
+ expectedError: `clientConfig.urlPath: Invalid value: "/apis/foo.bar/v1alpha1/--bad": segment[3]: a DNS-1123 subdomain`,
+ },
}
for _, test := range tests {
- errs := ValidateExternalAdmissionHookConfiguration(test.config)
- err := errs.ToAggregate()
- if err != nil {
- if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
- t.Errorf("test case %s, expected to contain %s, got %s", test.name, e, a)
+ t.Run(test.name, func(t *testing.T) {
+ errs := ValidateExternalAdmissionHookConfiguration(test.config)
+ err := errs.ToAggregate()
+ if err != nil {
+ if e, a := test.expectedError, err.Error(); !strings.Contains(a, e) || e == "" {
+ t.Errorf("expected to contain %s, got %s", e, a)
+ }
+ } else {
+ if test.expectedError != "" {
+ t.Errorf("unexpected no error, expected to contain %s", test.expectedError)
+ }
}
- } else {
- if test.expectedError != "" {
- t.Errorf("test case %s, unexpected no error, expected to contain %s", test.name, test.expectedError)
- }
- }
+ })
+
}
}
diff --git a/plugin/pkg/admission/webhook/admission.go b/plugin/pkg/admission/webhook/admission.go
index f7155b5a658..4cb9828dd04 100644
--- a/plugin/pkg/admission/webhook/admission.go
+++ b/plugin/pkg/admission/webhook/admission.go
@@ -45,6 +45,8 @@ import (
admissioninit "k8s.io/kubernetes/pkg/kubeapiserver/admission"
// install the clientgo admission API for use with api registry
+ "path"
+
_ "k8s.io/kubernetes/pkg/apis/admission/install"
)
@@ -286,7 +288,7 @@ func (a *GenericAdmissionWebhook) hookClient(h *v1alpha1.ExternalAdmissionHook)
// TODO: cache these instead of constructing one each time
cfg := &rest.Config{
Host: u.Host,
- APIPath: u.Path,
+ APIPath: path.Join(u.Path, h.ClientConfig.URLPath),
TLSClientConfig: rest.TLSClientConfig{
ServerName: h.ClientConfig.Service.Name + "." + h.ClientConfig.Service.Namespace + ".svc",
CAData: h.ClientConfig.CABundle,
diff --git a/plugin/pkg/admission/webhook/admission_test.go b/plugin/pkg/admission/webhook/admission_test.go
index 71076d0a813..b4e13c3e6b7 100644
--- a/plugin/pkg/admission/webhook/admission_test.go
+++ b/plugin/pkg/admission/webhook/admission_test.go
@@ -54,7 +54,6 @@ func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}
type fakeServiceResolver struct {
base url.URL
- path string
}
func (f fakeServiceResolver) ResolveEndpoint(namespace, name string) (*url.URL, error) {
@@ -62,7 +61,6 @@ func (f fakeServiceResolver) ResolveEndpoint(namespace, name string) (*url.URL,
return nil, fmt.Errorf("couldn't resolve service location")
}
u := f.base
- u.Path = f.path
return &u, nil
}
@@ -128,13 +126,17 @@ func TestAdmit(t *testing.T) {
expectAllow bool
errorContains string
}
- ccfg := registrationv1alpha1.AdmissionHookClientConfig{
- Service: registrationv1alpha1.ServiceReference{
- Name: "webhook-test",
- Namespace: "default",
- },
- CABundle: caCert,
+ ccfg := func(urlPath string) registrationv1alpha1.AdmissionHookClientConfig {
+ return registrationv1alpha1.AdmissionHookClientConfig{
+ Service: registrationv1alpha1.ServiceReference{
+ Name: "webhook-test",
+ Namespace: "default",
+ },
+ URLPath: urlPath,
+ CABundle: caCert,
+ }
}
+
matchEverythingRules := []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
@@ -152,109 +154,102 @@ func TestAdmit(t *testing.T) {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "nomatch",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("disallow"),
Rules: []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.Create},
}},
}},
},
- path: "disallow",
expectAllow: true,
},
"match & allow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "allow",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("allow"),
Rules: matchEverythingRules,
}},
},
- path: "allow",
expectAllow: true,
},
"match & disallow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "disallow",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("disallow"),
Rules: matchEverythingRules,
}},
},
- path: "disallow",
errorContains: "without explanation",
},
"match & disallow ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "disallowReason",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("disallowReason"),
Rules: matchEverythingRules,
}},
},
- path: "disallowReason",
errorContains: "you shall not pass",
},
"match & fail (but allow because fail open)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "internalErr A",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
FailurePolicy: &policyIgnore,
}, {
Name: "internalErr B",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
FailurePolicy: &policyIgnore,
}, {
Name: "internalErr C",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
FailurePolicy: &policyIgnore,
}},
},
- path: "internalErr",
expectAllow: true,
},
"match & fail (but allow because fail open on nil)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "internalErr A",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
}, {
Name: "internalErr B",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
}, {
Name: "internalErr C",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
}},
},
- path: "internalErr",
expectAllow: true,
},
"match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.ExternalAdmissionHook{{
Name: "internalErr A",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
FailurePolicy: &policyFail,
}, {
Name: "internalErr B",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
FailurePolicy: &policyFail,
}, {
Name: "internalErr C",
- ClientConfig: ccfg,
+ ClientConfig: ccfg("internalErr"),
Rules: matchEverythingRules,
FailurePolicy: &policyFail,
}},
},
- path: "internalErr",
expectAllow: false,
},
}
@@ -262,7 +257,7 @@ func TestAdmit(t *testing.T) {
for name, tt := range table {
t.Run(name, func(t *testing.T) {
wh.hookSource = &tt.hookSource
- wh.serviceResolver = fakeServiceResolver{base: *serverURL, path: tt.path}
+ wh.serviceResolver = fakeServiceResolver{base: *serverURL}
wh.SetScheme(legacyscheme.Scheme)
err = wh.Admit(admission.NewAttributesRecord(&object, &oldObject, kind, namespace, name, resource, subResource, operation, &userInfo))
diff --git a/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go b/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
index 6a1977f8331..4c66de146ca 100644
--- a/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
+++ b/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.pb.go
@@ -151,6 +151,10 @@ func (m *AdmissionHookClientConfig) MarshalTo(dAtA []byte) (int, error) {
i = encodeVarintGenerated(dAtA, i, uint64(len(m.CABundle)))
i += copy(dAtA[i:], m.CABundle)
}
+ dAtA[i] = 0x1a
+ i++
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.URLPath)))
+ i += copy(dAtA[i:], m.URLPath)
return i, nil
}
@@ -554,6 +558,8 @@ func (m *AdmissionHookClientConfig) Size() (n int) {
l = len(m.CABundle)
n += 1 + l + sovGenerated(uint64(l))
}
+ l = len(m.URLPath)
+ n += 1 + l + sovGenerated(uint64(l))
return n
}
@@ -715,6 +721,7 @@ func (this *AdmissionHookClientConfig) String() string {
s := strings.Join([]string{`&AdmissionHookClientConfig{`,
`Service:` + strings.Replace(strings.Replace(this.Service.String(), "ServiceReference", "ServiceReference", 1), `&`, ``, 1) + `,`,
`CABundle:` + valueToStringGenerated(this.CABundle) + `,`,
+ `URLPath:` + fmt.Sprintf("%v", this.URLPath) + `,`,
`}`,
}, "")
return s
@@ -919,6 +926,35 @@ func (m *AdmissionHookClientConfig) Unmarshal(dAtA []byte) error {
m.CABundle = []byte{}
}
iNdEx = postIndex
+ case 3:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field URLPath", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= (uint64(b) & 0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.URLPath = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -2128,60 +2164,61 @@ func init() {
}
var fileDescriptorGenerated = []byte{
- // 871 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcd, 0x8b, 0x23, 0x45,
- 0x14, 0x4f, 0x65, 0x32, 0x6c, 0x52, 0x49, 0xd8, 0xdd, 0x42, 0x97, 0x38, 0x48, 0x77, 0xe8, 0xc3,
- 0x12, 0x11, 0xbb, 0x9d, 0x51, 0x16, 0x41, 0x44, 0xa7, 0xc7, 0xaf, 0x81, 0xfd, 0x18, 0xcb, 0x45,
- 0x41, 0x3c, 0x58, 0xe9, 0xbc, 0x24, 0x65, 0xfa, 0x8b, 0xaa, 0xea, 0xe0, 0x78, 0x10, 0x2f, 0xde,
- 0x05, 0x2f, 0x5e, 0xbd, 0x79, 0xf1, 0xff, 0x98, 0xe3, 0x1e, 0xf7, 0x14, 0x9c, 0x16, 0xbc, 0x08,
- 0xfe, 0x01, 0x73, 0x92, 0xfe, 0x4a, 0x3a, 0x9b, 0x84, 0x4d, 0x5c, 0x98, 0x5b, 0xea, 0xf7, 0xea,
- 0xf7, 0xde, 0xef, 0xfd, 0xf2, 0x5e, 0x35, 0xa6, 0x93, 0x77, 0xa4, 0xc9, 0x03, 0x6b, 0x12, 0xf5,
- 0x41, 0xf8, 0xa0, 0x40, 0x5a, 0x53, 0xf0, 0x07, 0x81, 0xb0, 0xf2, 0x00, 0x0b, 0xb9, 0xc5, 0x06,
- 0x1e, 0x97, 0x92, 0x07, 0xbe, 0x80, 0x11, 0x97, 0x4a, 0x30, 0xc5, 0x03, 0xdf, 0x9a, 0x1e, 0x32,
- 0x37, 0x1c, 0xb3, 0x43, 0x6b, 0x04, 0x3e, 0x08, 0xa6, 0x60, 0x60, 0x86, 0x22, 0x50, 0x01, 0x79,
- 0x2d, 0xa3, 0x9a, 0x2c, 0xe4, 0xe6, 0x5a, 0xaa, 0x59, 0x50, 0x0f, 0xde, 0x18, 0x71, 0x35, 0x8e,
- 0xfa, 0xa6, 0x13, 0x78, 0xd6, 0x28, 0x18, 0x05, 0x56, 0x9a, 0xa1, 0x1f, 0x0d, 0xd3, 0x53, 0x7a,
- 0x48, 0x7f, 0x65, 0x99, 0x0f, 0xde, 0x5e, 0x88, 0xf2, 0x98, 0x33, 0xe6, 0x3e, 0x88, 0x73, 0x2b,
- 0x9c, 0x8c, 0x12, 0x40, 0x5a, 0x1e, 0x28, 0x66, 0x4d, 0x57, 0xf4, 0x1c, 0x58, 0x9b, 0x58, 0x22,
- 0xf2, 0x15, 0xf7, 0x60, 0x85, 0x70, 0xef, 0x79, 0x04, 0xe9, 0x8c, 0xc1, 0x63, 0x2b, 0xbc, 0xb7,
- 0x36, 0xf1, 0x22, 0xc5, 0x5d, 0x8b, 0xfb, 0x4a, 0x2a, 0xf1, 0x2c, 0xc9, 0xf8, 0x03, 0xe1, 0x57,
- 0x8e, 0x0b, 0x97, 0x3e, 0x0d, 0x82, 0xc9, 0x89, 0xcb, 0xc1, 0x57, 0x27, 0x81, 0x3f, 0xe4, 0x23,
- 0x32, 0xc4, 0x37, 0x24, 0x88, 0x29, 0x77, 0xa0, 0x83, 0xba, 0xa8, 0xd7, 0x3c, 0x7a, 0xd7, 0xdc,
- 0xda, 0x5d, 0xf3, 0xf3, 0x8c, 0x49, 0x61, 0x08, 0x02, 0x7c, 0x07, 0xec, 0x9b, 0x17, 0x33, 0xbd,
- 0x12, 0xcf, 0xf4, 0x1b, 0x45, 0xa4, 0x48, 0x4e, 0x7a, 0xb8, 0xee, 0x30, 0x3b, 0xf2, 0x07, 0x2e,
- 0x74, 0xaa, 0x5d, 0xd4, 0x6b, 0xd9, 0xad, 0x78, 0xa6, 0xd7, 0x4f, 0x8e, 0x33, 0x8c, 0xce, 0xa3,
- 0xc6, 0x3f, 0x55, 0xfc, 0xf2, 0x47, 0xdf, 0x29, 0x10, 0x3e, 0x73, 0x97, 0x74, 0x93, 0x2e, 0xae,
- 0xf9, 0xcc, 0xcb, 0x84, 0x36, 0xec, 0x56, 0x5e, 0xab, 0xf6, 0x90, 0x79, 0x40, 0xd3, 0x08, 0xf9,
- 0x01, 0xb7, 0x9c, 0x52, 0x77, 0x69, 0xa5, 0xe6, 0xd1, 0x87, 0x3b, 0xb4, 0xb4, 0xd1, 0x29, 0xfb,
- 0xa5, 0xbc, 0x5e, 0xab, 0x8c, 0xd2, 0xa5, 0x7a, 0xa4, 0x8f, 0xf7, 0x45, 0xe4, 0x82, 0xec, 0xec,
- 0x75, 0xf7, 0x7a, 0xcd, 0xa3, 0xf7, 0x76, 0x28, 0x4c, 0x23, 0x17, 0xbe, 0xe4, 0x6a, 0xfc, 0x28,
- 0x84, 0x2c, 0x24, 0xed, 0x76, 0x5e, 0x71, 0x3f, 0x89, 0x49, 0x9a, 0xa5, 0x26, 0xf7, 0x71, 0x7b,
- 0xc8, 0xb8, 0x1b, 0x09, 0x38, 0x0b, 0x5c, 0xee, 0x9c, 0x77, 0x6a, 0xa9, 0x1d, 0x77, 0xe3, 0x99,
- 0xde, 0xfe, 0xb8, 0x1c, 0xb8, 0x9a, 0xe9, 0xb7, 0x97, 0x80, 0xc7, 0xe7, 0x21, 0xd0, 0x65, 0xb2,
- 0xf1, 0x5b, 0x15, 0x1b, 0x6b, 0xdd, 0xce, 0x3a, 0x8a, 0x32, 0x2d, 0xe4, 0x1b, 0x5c, 0x4f, 0xa6,
- 0x7f, 0xc0, 0x14, 0xcb, 0xe7, 0xe4, 0xcd, 0x52, 0x6f, 0xf3, 0x61, 0x34, 0xc3, 0xc9, 0x28, 0x01,
- 0xa4, 0x99, 0xdc, 0x36, 0xa7, 0x87, 0xe6, 0xa3, 0xfe, 0xb7, 0xe0, 0xa8, 0x07, 0xa0, 0x98, 0x4d,
- 0xf2, 0x76, 0xf0, 0x02, 0xa3, 0xf3, 0xac, 0xe4, 0x57, 0x84, 0xef, 0xc0, 0x3a, 0x21, 0xb2, 0x53,
- 0x4d, 0xcd, 0xfc, 0x60, 0x07, 0x33, 0xd7, 0x76, 0x64, 0x6b, 0xb9, 0x80, 0x3b, 0x6b, 0xc3, 0x92,
- 0x6e, 0xa8, 0x6f, 0x5c, 0x21, 0x7c, 0xf7, 0xf9, 0x1e, 0xdd, 0xe7, 0x52, 0x91, 0xaf, 0x57, 0x7c,
- 0x32, 0xb7, 0xf3, 0x29, 0x61, 0xa7, 0x2e, 0xdd, 0xca, 0x45, 0xd6, 0x0b, 0xa4, 0xe4, 0x91, 0xc0,
- 0xfb, 0x5c, 0x81, 0x57, 0x38, 0xf2, 0xe0, 0x45, 0x1d, 0x59, 0xd2, 0xbf, 0x18, 0xb7, 0xd3, 0xa4,
- 0x06, 0xcd, 0x4a, 0x19, 0x3f, 0x21, 0xdc, 0x3c, 0xf5, 0xb9, 0xe2, 0xcc, 0xe5, 0xdf, 0x83, 0xd8,
- 0x62, 0x09, 0x1f, 0x17, 0x4b, 0x90, 0xa9, 0xb4, 0x76, 0x5c, 0x82, 0xf5, 0x63, 0x6f, 0xfc, 0x8b,
- 0x70, 0xa7, 0xa4, 0xe3, 0xba, 0xc7, 0x33, 0xc4, 0x2d, 0xbe, 0xa8, 0x5e, 0xf4, 0x76, 0x6f, 0x87,
- 0xde, 0x4a, 0xe2, 0x17, 0x6f, 0x49, 0x09, 0x94, 0x74, 0xa9, 0x82, 0xf1, 0x37, 0xc2, 0xaf, 0x6e,
- 0x6a, 0xf8, 0x1a, 0x66, 0x6d, 0xbc, 0x3c, 0x6b, 0x27, 0xff, 0xaf, 0xd3, 0x6d, 0x26, 0xec, 0x17,
- 0x84, 0x6b, 0xc9, 0x5f, 0x4d, 0x5e, 0xc7, 0x0d, 0x16, 0xf2, 0x4f, 0x44, 0x10, 0x85, 0xb2, 0x83,
- 0xba, 0x7b, 0xbd, 0x86, 0xdd, 0x8e, 0x67, 0x7a, 0xe3, 0xf8, 0xec, 0x34, 0x03, 0xe9, 0x22, 0x4e,
- 0x0e, 0x71, 0x93, 0x85, 0xfc, 0x0b, 0x10, 0x89, 0x8e, 0x4c, 0x65, 0xc3, 0xbe, 0x19, 0xcf, 0xf4,
- 0xe6, 0xf1, 0xd9, 0x69, 0x01, 0xd3, 0xf2, 0x9d, 0x24, 0xbf, 0x00, 0x19, 0x44, 0xc2, 0xc9, 0x5f,
- 0xe8, 0x3c, 0x3f, 0x2d, 0x40, 0xba, 0x88, 0x1b, 0xbf, 0x23, 0x4c, 0x56, 0xdf, 0x64, 0xf2, 0x3e,
- 0xc6, 0xc1, 0xfc, 0x94, 0x8b, 0xd4, 0xd3, 0xa9, 0x99, 0xa3, 0x57, 0x33, 0xbd, 0x3d, 0x3f, 0xa5,
- 0x6f, 0x6e, 0x89, 0x42, 0x3e, 0xc3, 0xb5, 0x64, 0xa0, 0xf3, 0x4f, 0xd3, 0xce, 0xcb, 0x31, 0x5f,
- 0xb8, 0xe4, 0x44, 0xd3, 0x54, 0x06, 0xe0, 0x5b, 0xcf, 0x7e, 0x89, 0x89, 0x85, 0x1b, 0xc9, 0x32,
- 0xca, 0x90, 0x39, 0xc5, 0xae, 0xde, 0xce, 0xa9, 0x8d, 0x87, 0x45, 0x80, 0x2e, 0xee, 0xcc, 0xf7,
- 0xba, 0xba, 0x69, 0xaf, 0x6d, 0xf3, 0xe2, 0x52, 0xab, 0x3c, 0xb9, 0xd4, 0x2a, 0x4f, 0x2f, 0xb5,
- 0xca, 0x8f, 0xb1, 0x86, 0x2e, 0x62, 0x0d, 0x3d, 0x89, 0x35, 0xf4, 0x34, 0xd6, 0xd0, 0x9f, 0xb1,
- 0x86, 0x7e, 0xfe, 0x4b, 0xab, 0x7c, 0x55, 0x2f, 0xf4, 0xfe, 0x17, 0x00, 0x00, 0xff, 0xff, 0xe7,
- 0xb5, 0x5f, 0xd5, 0xfb, 0x09, 0x00, 0x00,
+ // 893 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x55, 0xcf, 0x8b, 0x23, 0x45,
+ 0x14, 0x4e, 0x65, 0x32, 0x4c, 0x52, 0x49, 0xd8, 0xdd, 0x42, 0x97, 0x38, 0x48, 0x27, 0xf4, 0x61,
+ 0xc9, 0x22, 0x76, 0x3b, 0xa3, 0x2c, 0x82, 0x88, 0x4e, 0x8f, 0xbf, 0x06, 0x66, 0x77, 0xc7, 0x72,
+ 0x55, 0x10, 0x0f, 0x56, 0x3a, 0x2f, 0x49, 0x99, 0xfe, 0x45, 0x55, 0x75, 0x70, 0x3c, 0x88, 0x17,
+ 0xef, 0x82, 0x17, 0xaf, 0xde, 0xfc, 0x53, 0xe6, 0xb8, 0xc7, 0x39, 0x05, 0xa7, 0x05, 0x2f, 0x82,
+ 0x7f, 0xc0, 0x9c, 0xa4, 0x7f, 0xa5, 0x3b, 0x9b, 0x84, 0x9d, 0x28, 0xec, 0x2d, 0xf5, 0xbd, 0xfa,
+ 0xde, 0xfb, 0xde, 0x97, 0xf7, 0xaa, 0x31, 0x9d, 0xbe, 0x2d, 0x0d, 0xee, 0x9b, 0xd3, 0x70, 0x00,
+ 0xc2, 0x03, 0x05, 0xd2, 0x9c, 0x81, 0x37, 0xf4, 0x85, 0x99, 0x05, 0x58, 0xc0, 0x4d, 0x36, 0x74,
+ 0xb9, 0x94, 0xdc, 0xf7, 0x04, 0x8c, 0xb9, 0x54, 0x82, 0x29, 0xee, 0x7b, 0xe6, 0xec, 0x80, 0x39,
+ 0xc1, 0x84, 0x1d, 0x98, 0x63, 0xf0, 0x40, 0x30, 0x05, 0x43, 0x23, 0x10, 0xbe, 0xf2, 0xc9, 0xfd,
+ 0x94, 0x6a, 0xb0, 0x80, 0x1b, 0x6b, 0xa9, 0x46, 0x4e, 0xdd, 0x7f, 0x7d, 0xcc, 0xd5, 0x24, 0x1c,
+ 0x18, 0xb6, 0xef, 0x9a, 0x63, 0x7f, 0xec, 0x9b, 0x49, 0x86, 0x41, 0x38, 0x4a, 0x4e, 0xc9, 0x21,
+ 0xf9, 0x95, 0x66, 0xde, 0x7f, 0xab, 0x10, 0xe5, 0x32, 0x7b, 0xc2, 0x3d, 0x10, 0xe7, 0x66, 0x30,
+ 0x1d, 0xc7, 0x80, 0x34, 0x5d, 0x50, 0xcc, 0x9c, 0xad, 0xe8, 0xd9, 0x37, 0x37, 0xb1, 0x44, 0xe8,
+ 0x29, 0xee, 0xc2, 0x0a, 0xe1, 0xc1, 0xf3, 0x08, 0xd2, 0x9e, 0x80, 0xcb, 0x56, 0x78, 0x6f, 0x6e,
+ 0xe2, 0x85, 0x8a, 0x3b, 0x26, 0xf7, 0x94, 0x54, 0xe2, 0x59, 0x92, 0x7e, 0x89, 0xf0, 0x2b, 0x47,
+ 0xb9, 0x4b, 0x9f, 0xf8, 0xfe, 0xf4, 0xd8, 0xe1, 0xe0, 0xa9, 0x63, 0xdf, 0x1b, 0xf1, 0x31, 0x19,
+ 0xe1, 0x3d, 0x09, 0x62, 0xc6, 0x6d, 0xe8, 0xa0, 0x1e, 0xea, 0x37, 0x0f, 0xdf, 0x31, 0x6e, 0xec,
+ 0xae, 0xf1, 0x59, 0xca, 0xa4, 0x30, 0x02, 0x01, 0x9e, 0x0d, 0xd6, 0xad, 0x8b, 0x79, 0xb7, 0x12,
+ 0xcd, 0xbb, 0x7b, 0x79, 0x24, 0x4f, 0x4e, 0xfa, 0xb8, 0x6e, 0x33, 0x2b, 0xf4, 0x86, 0x0e, 0x74,
+ 0xaa, 0x3d, 0xd4, 0x6f, 0x59, 0xad, 0x68, 0xde, 0xad, 0x1f, 0x1f, 0xa5, 0x18, 0x5d, 0x44, 0xc9,
+ 0x7d, 0xbc, 0x17, 0x0a, 0xe7, 0x8c, 0xa9, 0x49, 0x67, 0xa7, 0x87, 0xfa, 0x8d, 0x22, 0xe9, 0xe7,
+ 0xf4, 0x34, 0x86, 0x69, 0x1e, 0xd7, 0xff, 0xae, 0xe2, 0x97, 0x3f, 0xfc, 0x4e, 0x81, 0xf0, 0x98,
+ 0xb3, 0xd4, 0x22, 0xe9, 0xe1, 0x9a, 0xc7, 0xdc, 0xb4, 0xa7, 0x86, 0xd5, 0xca, 0x32, 0xd4, 0x1e,
+ 0x31, 0x17, 0x68, 0x12, 0x21, 0x3f, 0xe0, 0x96, 0x5d, 0x32, 0x22, 0x11, 0xd5, 0x3c, 0xfc, 0x60,
+ 0x8b, 0xee, 0x37, 0x9a, 0x6a, 0xbd, 0x94, 0xd5, 0x6b, 0x95, 0x51, 0xba, 0x54, 0x8f, 0x0c, 0xf0,
+ 0xae, 0x08, 0x1d, 0x90, 0x9d, 0x9d, 0xde, 0x4e, 0xbf, 0x79, 0xf8, 0xee, 0x16, 0x85, 0x69, 0xe8,
+ 0xc0, 0x97, 0x5c, 0x4d, 0x1e, 0x07, 0x90, 0x86, 0xa4, 0xd5, 0xce, 0x2a, 0xee, 0xc6, 0x31, 0x49,
+ 0xd3, 0xd4, 0xe4, 0x14, 0xb7, 0x47, 0x8c, 0x3b, 0xa1, 0x80, 0x33, 0xdf, 0xe1, 0xf6, 0x79, 0xa7,
+ 0x96, 0xd8, 0x71, 0x2f, 0x9a, 0x77, 0xdb, 0x1f, 0x95, 0x03, 0xd7, 0xf3, 0xee, 0x9d, 0x25, 0xe0,
+ 0xc9, 0x79, 0x00, 0x74, 0x99, 0xac, 0xff, 0x56, 0xc5, 0xfa, 0x5a, 0xb7, 0xd3, 0x8e, 0xc2, 0x54,
+ 0x0b, 0xf9, 0x06, 0xd7, 0xe3, 0x45, 0x19, 0x32, 0xc5, 0xb2, 0x91, 0x7a, 0xa3, 0xd4, 0xdb, 0x62,
+ 0x6e, 0x8d, 0x60, 0x3a, 0x8e, 0x01, 0x69, 0xc4, 0xb7, 0x8d, 0xd9, 0x81, 0xf1, 0x78, 0xf0, 0x2d,
+ 0xd8, 0xea, 0x21, 0x28, 0x66, 0x91, 0xac, 0x1d, 0x5c, 0x60, 0x74, 0x91, 0x95, 0xfc, 0x8a, 0xf0,
+ 0x5d, 0x58, 0x27, 0x44, 0x76, 0xaa, 0x89, 0x99, 0xef, 0x6f, 0x61, 0xe6, 0xda, 0x8e, 0x2c, 0x2d,
+ 0x13, 0x70, 0x77, 0x6d, 0x58, 0xd2, 0x0d, 0xf5, 0xf5, 0x6b, 0x84, 0xef, 0x3d, 0xdf, 0xa3, 0x53,
+ 0x2e, 0x15, 0xf9, 0x7a, 0xc5, 0x27, 0xe3, 0x66, 0x3e, 0xc5, 0xec, 0xc4, 0xa5, 0xdb, 0x99, 0xc8,
+ 0x7a, 0x8e, 0x94, 0x3c, 0x12, 0x78, 0x97, 0x2b, 0x70, 0x73, 0x47, 0x1e, 0xfe, 0x5f, 0x47, 0x96,
+ 0xf4, 0x17, 0xe3, 0x76, 0x12, 0xd7, 0xa0, 0x69, 0x29, 0xfd, 0x27, 0x84, 0x9b, 0x27, 0x1e, 0x57,
+ 0x9c, 0x39, 0xfc, 0x7b, 0x10, 0x37, 0x58, 0xc2, 0x27, 0xf9, 0x12, 0xa4, 0x2a, 0xcd, 0x2d, 0x97,
+ 0x60, 0xfd, 0xd8, 0xeb, 0xff, 0x20, 0xdc, 0x29, 0xe9, 0x78, 0xd1, 0xe3, 0x19, 0xe0, 0x16, 0x2f,
+ 0xaa, 0xe7, 0xbd, 0x3d, 0xd8, 0xa2, 0xb7, 0x92, 0xf8, 0xe2, 0x2d, 0x29, 0x81, 0x92, 0x2e, 0x55,
+ 0xd0, 0xff, 0x42, 0xf8, 0xd5, 0x4d, 0x0d, 0xbf, 0x80, 0x59, 0x9b, 0x2c, 0xcf, 0xda, 0xf1, 0x7f,
+ 0xeb, 0xf4, 0x26, 0x13, 0xf6, 0x0b, 0xc2, 0xb5, 0xf8, 0xaf, 0x26, 0xaf, 0xe1, 0x06, 0x0b, 0xf8,
+ 0xc7, 0xc2, 0x0f, 0x03, 0xd9, 0x41, 0xbd, 0x9d, 0x7e, 0xc3, 0x6a, 0x47, 0xf3, 0x6e, 0xe3, 0xe8,
+ 0xec, 0x24, 0x05, 0x69, 0x11, 0x27, 0x07, 0xb8, 0xc9, 0x02, 0xfe, 0x05, 0x88, 0x58, 0x47, 0xaa,
+ 0xb2, 0x61, 0xdd, 0x8a, 0xe6, 0xdd, 0xe6, 0xd1, 0xd9, 0x49, 0x0e, 0xd3, 0xf2, 0x9d, 0x38, 0xbf,
+ 0x00, 0xe9, 0x87, 0xc2, 0xce, 0x5e, 0xe8, 0x2c, 0x3f, 0xcd, 0x41, 0x5a, 0xc4, 0xf5, 0xdf, 0x11,
+ 0x26, 0xab, 0x6f, 0x32, 0x79, 0x0f, 0x63, 0x7f, 0x71, 0xca, 0x44, 0x76, 0x93, 0xa9, 0x59, 0xa0,
+ 0xd7, 0xf3, 0x6e, 0x7b, 0x71, 0x4a, 0xde, 0xdc, 0x12, 0x85, 0x7c, 0x8a, 0x6b, 0xf1, 0x40, 0x67,
+ 0x9f, 0xa6, 0xad, 0x97, 0x63, 0xb1, 0x70, 0xf1, 0x89, 0x26, 0xa9, 0x74, 0xc0, 0xb7, 0x9f, 0xfd,
+ 0x68, 0x13, 0x13, 0x37, 0xe2, 0x65, 0x94, 0x01, 0xb3, 0xf3, 0x5d, 0xbd, 0x93, 0x51, 0x1b, 0x8f,
+ 0xf2, 0x00, 0x2d, 0xee, 0x2c, 0xf6, 0xba, 0xba, 0x69, 0xaf, 0x2d, 0xe3, 0xe2, 0x4a, 0xab, 0x3c,
+ 0xbd, 0xd2, 0x2a, 0x97, 0x57, 0x5a, 0xe5, 0xc7, 0x48, 0x43, 0x17, 0x91, 0x86, 0x9e, 0x46, 0x1a,
+ 0xba, 0x8c, 0x34, 0xf4, 0x47, 0xa4, 0xa1, 0x9f, 0xff, 0xd4, 0x2a, 0x5f, 0xd5, 0x73, 0xbd, 0xff,
+ 0x06, 0x00, 0x00, 0xff, 0xff, 0x01, 0xf7, 0xd5, 0xa0, 0x26, 0x0a, 0x00, 0x00,
}
diff --git a/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto b/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto
index 5b0d4f0065b..b5ad69cd789 100644
--- a/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto
+++ b/staging/src/k8s.io/api/admissionregistration/v1alpha1/generated.proto
@@ -38,6 +38,9 @@ message AdmissionHookClientConfig {
// Required
optional ServiceReference service = 1;
+ // URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.
+ optional string urlPath = 3;
+
// CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
// Required
optional bytes caBundle = 2;
diff --git a/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go b/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go
index d4827e59d33..5e8541f4fa5 100644
--- a/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go
+++ b/staging/src/k8s.io/api/admissionregistration/v1alpha1/types.go
@@ -203,6 +203,10 @@ type AdmissionHookClientConfig struct {
// ports open, port 443 will be used if it is open, otherwise it is an error.
// Required
Service ServiceReference `json:"service" protobuf:"bytes,1,opt,name=service"`
+
+ // URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.
+ URLPath string `json:"urlPath" protobuf:"bytes,3,opt,name=urlPath"`
+
// CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate.
// Required
CABundle []byte `json:"caBundle" protobuf:"bytes,2,opt,name=caBundle"`
diff --git a/staging/src/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go b/staging/src/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
index 0b30ecc802e..77a8a5197b7 100644
--- a/staging/src/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/admissionregistration/v1alpha1/types_swagger_doc_generated.go
@@ -30,6 +30,7 @@ package v1alpha1
var map_AdmissionHookClientConfig = map[string]string{
"": "AdmissionHookClientConfig contains the information to make a TLS connection with the webhook",
"service": "Service is a reference to the service for this webhook. If there is only one port open for the service, that port will be used. If there are multiple ports open, port 443 will be used if it is open, otherwise it is an error. Required",
+ "urlPath": "URLPath is an optional field that specifies the URL path to use when posting the AdmissionReview object.",
"caBundle": "CABundle is a PEM encoded CA bundle which will be used to validate webhook's server certificate. Required",
}