github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #12064 from AnanyaKumar/patch-2

Browse Source 
Update admission_control.md
This commit is contained in:
Dawn Chen 2015-08-05 15:14:00 -07:00
commit 9a29583fe0
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/design/admission_control.md
View File

@ -98,16 +98,17 @@ func init() {
Invocation of admission control is handled by the **APIServer** and not individual **RESTStorage** implementations. Invocation of admission control is handled by the **APIServer** and not individual **RESTStorage** implementations.
This design assumes that **Issue 297** is adopted, and as a consequence, the general framework of the APIServer request/response flow This design assumes that **Issue 297** is adopted, and as a consequence, the general framework of the APIServer request/response flow will ensure the following:
will ensure the following:
1. Incoming request 1. Incoming request
2. Authenticate user 2. Authenticate user
3. Authorize user 3. Authorize user
4. If operation=create|update, then validate(object) 4. If operation=create|update|delete|connect, then admission.Admit(requestAttributes)
5. If operation=create|update|delete, then admission.Admit(requestAttributes) - invoke each admission.Interface object in sequence
a. invoke each admission.Interface object in sequence 5. Case on the operation:
6. Object is persisted - If operation=create|update, then validate(object) and persist
- If operation=delete, delete the object
- If operation=connect, exec
If at any step, there is an error, the request is canceled. If at any step, there is an error, the request is canceled.