Merge pull request #92667 from liggitt/admission-warnings

Admission webhook warnings
2025-07-29 22:46:12 +00:00 · 2020-07-01 23:14:17 -07:00 · 2020-07-01 23:14:17 -07:00 · f7a13de36c
commit f7a13de36c
parent 94e1c54735 03d322035d
29 changed files with 447 additions and 127 deletions
--- a/pkg/apis/admission/types.go
+++ b/pkg/apis/admission/types.go
@ -138,6 +138,12 @@ type AdmissionResponse struct {
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	AuditAnnotations map[string]string
+	// warnings is a list of warning messages to return to the requesting API client.
+	// Warning messages describe a problem the client making the API request should correct or be aware of.
+	// Limit warnings to 120 characters if possible.
+	// Warnings over 256 characters and large numbers of warnings may be truncated.
+	// +optional
+	Warnings []string
 }

 // PatchType is the type of patch being used to represent the mutated object
--- a/pkg/apis/admission/v1/zz_generated.conversion.go
+++ b/pkg/apis/admission/v1/zz_generated.conversion.go
@ -143,6 +143,7 @@ func autoConvert_v1_AdmissionResponse_To_admission_AdmissionResponse(in *v1.Admi
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
+	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }

@ -158,6 +159,7 @@ func autoConvert_admission_AdmissionResponse_To_v1_AdmissionResponse(in *admissi
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*v1.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
+	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }

--- a/pkg/apis/admission/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/admission/v1beta1/zz_generated.conversion.go
@ -143,6 +143,7 @@ func autoConvert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(in *v1
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
+	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }

@ -158,6 +159,7 @@ func autoConvert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(in *ad
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*v1beta1.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
+	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }

--- a/pkg/apis/admission/zz_generated.deepcopy.go
+++ b/pkg/apis/admission/zz_generated.deepcopy.go
@ -93,6 +93,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
 			(*out)[key] = val
 		}
 	}
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

--- a/staging/src/k8s.io/api/admission/v1/generated.pb.go
+++ b/staging/src/k8s.io/api/admission/v1/generated.pb.go
@ -143,64 +143,65 @@ func init() {
 }

 var fileDescriptor_4b73421fd5edef9f = []byte{
-	// 898 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4d, 0x6f, 0x1b, 0x45,
-	0x18, 0xf6, 0xc6, 0x89, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0x58, 0xf9, 0xb0, 0x36, 0x39, 0x20,
-	0x17, 0xb5, 0xb3, 0x24, 0x82, 0x2a, 0xaa, 0x38, 0x34, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda,
-	0xa0, 0x8a, 0x03, 0xd2, 0xd8, 0x3b, 0xb5, 0x17, 0xdb, 0x33, 0xcb, 0xce, 0xac, 0x83, 0x6f, 0x9c,
-	0x38, 0xf3, 0x0f, 0xf8, 0x1d, 0xfc, 0x83, 0x1c, 0x7b, 0xec, 0xc9, 0x22, 0xe6, 0x5f, 0x44, 0x42,
-	0x42, 0x33, 0x3b, 0xfb, 0xd1, 0x7c, 0x88, 0xd0, 0xf4, 0xe4, 0x79, 0x3f, 0x9e, 0xe7, 0x7d, 0xfd,
-	0xbc, 0x3b, 0xef, 0x80, 0x27, 0x93, 0x5d, 0x81, 0x42, 0xee, 0x4d, 0x92, 0x01, 0x8d, 0x19, 0x95,
-	0x54, 0x78, 0x73, 0xca, 0x02, 0x1e, 0x7b, 0x26, 0x40, 0xa2, 0xd0, 0x23, 0xc1, 0x2c, 0x14, 0x22,
-	0xe4, 0xcc, 0x9b, 0x6f, 0x7b, 0x23, 0xca, 0x68, 0x4c, 0x24, 0x0d, 0x50, 0x14, 0x73, 0xc9, 0xe1,
-	0xc7, 0x69, 0x22, 0x22, 0x51, 0x88, 0xf2, 0x44, 0x34, 0xdf, 0xee, 0x3c, 0x1c, 0x85, 0x72, 0x9c,
-	0x0c, 0xd0, 0x90, 0xcf, 0xbc, 0x11, 0x1f, 0x71, 0x4f, 0xe7, 0x0f, 0x92, 0x57, 0xda, 0xd2, 0x86,
-	0x3e, 0xa5, 0x3c, 0x9d, 0x07, 0xe5, 0x82, 0x89, 0x1c, 0x53, 0x26, 0xc3, 0x21, 0x91, 0x57, 0x57,
-	0xed, 0x7c, 0x51, 0x64, 0xcf, 0xc8, 0x70, 0x1c, 0x32, 0x1a, 0x2f, 0xbc, 0x68, 0x32, 0x52, 0x0e,
-	0xe1, 0xcd, 0xa8, 0x24, 0x57, 0xa1, 0xbc, 0xeb, 0x50, 0x71, 0xc2, 0x64, 0x38, 0xa3, 0x97, 0x00,
-	0x8f, 0xfe, 0x0b, 0x20, 0x86, 0x63, 0x3a, 0x23, 0x17, 0x71, 0x5b, 0x7f, 0xd8, 0xa0, 0xbd, 0x97,
-	0x89, 0x81, 0xe9, 0xcf, 0x09, 0x15, 0x12, 0xfa, 0xa0, 0x9a, 0x84, 0x81, 0x63, 0xf5, 0xac, 0xbe,
-	0xed, 0x7f, 0x7e, 0xba, 0xec, 0x56, 0x56, 0xcb, 0x6e, 0xf5, 0xf8, 0x60, 0xff, 0x7c, 0xd9, 0xfd,
-	0xe4, 0xba, 0x42, 0x72, 0x11, 0x51, 0x81, 0x8e, 0x0f, 0xf6, 0xb1, 0x02, 0xc3, 0x97, 0x60, 0x7d,
-	0x12, 0xb2, 0xc0, 0x59, 0xeb, 0x59, 0xfd, 0xe6, 0xce, 0x23, 0x54, 0x88, 0x9f, 0xc3, 0x50, 0x34,
-	0x19, 0x29, 0x87, 0x40, 0x4a, 0x06, 0x34, 0xdf, 0x46, 0xdf, 0xc4, 0x3c, 0x89, 0xbe, 0xa7, 0xb1,
-	0x6a, 0xe6, 0xbb, 0x90, 0x05, 0xfe, 0xa6, 0x29, 0xbe, 0xae, 0x2c, 0xac, 0x19, 0xe1, 0x18, 0x34,
-	0x62, 0x2a, 0x78, 0x12, 0x0f, 0xa9, 0x53, 0xd5, 0xec, 0x8f, 0xff, 0x3f, 0x3b, 0x36, 0x0c, 0x7e,
-	0xdb, 0x54, 0x68, 0x64, 0x1e, 0x9c, 0xb3, 0xc3, 0x2f, 0x41, 0x53, 0x24, 0x83, 0x2c, 0xe0, 0xac,
-	0x6b, 0x3d, 0xee, 0x19, 0x40, 0xf3, 0x79, 0x11, 0xc2, 0xe5, 0x3c, 0x18, 0x82, 0x66, 0x9c, 0x2a,
-	0xa9, 0xba, 0x76, 0x3e, 0xb8, 0x95, 0x02, 0x2d, 0x55, 0x0a, 0x17, 0x74, 0xb8, 0xcc, 0x0d, 0x17,
-	0xa0, 0x65, 0xcc, 0xbc, 0xcb, 0x3b, 0xb7, 0x96, 0xe4, 0xde, 0x6a, 0xd9, 0x6d, 0xe1, 0xb7, 0x69,
-	0xf1, 0xc5, 0x3a, 0xf0, 0x5b, 0x00, 0x8d, 0xab, 0x24, 0x84, 0xd3, 0xd2, 0x1a, 0x75, 0x8c, 0x46,
-	0x10, 0x5f, 0xca, 0xc0, 0x57, 0xa0, 0x60, 0x0f, 0xac, 0x33, 0x32, 0xa3, 0xce, 0x86, 0x46, 0xe7,
-	0x43, 0x7f, 0x46, 0x66, 0x14, 0xeb, 0x08, 0xf4, 0x80, 0xad, 0x7e, 0x45, 0x44, 0x86, 0xd4, 0xa9,
-	0xe9, 0xb4, 0xbb, 0x26, 0xcd, 0x7e, 0x96, 0x05, 0x70, 0x91, 0x03, 0xbf, 0x02, 0x36, 0x8f, 0xd4,
-	0xa7, 0x1e, 0x72, 0xe6, 0xd4, 0x35, 0xc0, 0xcd, 0x00, 0x87, 0x59, 0xe0, 0xbc, 0x6c, 0xe0, 0x02,
-	0x00, 0x5f, 0x80, 0x46, 0x22, 0x68, 0x7c, 0xc0, 0x5e, 0x71, 0xa7, 0xa1, 0x05, 0xfd, 0x14, 0x95,
-	0xd7, 0xc7, 0x5b, 0xd7, 0x5e, 0x09, 0x79, 0x6c, 0xb2, 0x8b, 0xef, 0x29, 0xf3, 0xe0, 0x9c, 0x09,
-	0x1e, 0x83, 0x1a, 0x1f, 0xfc, 0x44, 0x87, 0xd2, 0xb1, 0x35, 0xe7, 0xc3, 0x6b, 0x87, 0x64, 0x6e,
-	0x2d, 0xc2, 0xe4, 0xe4, 0xe9, 0x2f, 0x92, 0x32, 0x35, 0x1f, 0xff, 0x8e, 0xa1, 0xae, 0x1d, 0x6a,
-	0x12, 0x6c, 0xc8, 0xe0, 0x8f, 0xc0, 0xe6, 0xd3, 0x20, 0x75, 0x3a, 0xe0, 0x5d, 0x98, 0x73, 0x29,
-	0x0f, 0x33, 0x1e, 0x5c, 0x50, 0xc2, 0x2d, 0x50, 0x0b, 0xe2, 0x05, 0x4e, 0x98, 0xd3, 0xec, 0x59,
-	0xfd, 0x86, 0x0f, 0x54, 0x0f, 0xfb, 0xda, 0x83, 0x4d, 0x04, 0xbe, 0x04, 0x75, 0x1e, 0x29, 0x31,
-	0x84, 0xb3, 0xf9, 0x2e, 0x1d, 0xb4, 0x4c, 0x07, 0xf5, 0xc3, 0x94, 0x05, 0x67, 0x74, 0x5b, 0xff,
-	0x54, 0xc1, 0xdd, 0xd2, 0x86, 0x12, 0x11, 0x67, 0x82, 0xbe, 0x97, 0x15, 0x75, 0x1f, 0xd4, 0xc9,
-	0x74, 0xca, 0x4f, 0x68, 0xba, 0xa5, 0x1a, 0x45, 0x13, 0x7b, 0xa9, 0x1b, 0x67, 0x71, 0x78, 0x04,
-	0x6a, 0x42, 0x12, 0x99, 0x08, 0xb3, 0x71, 0x1e, 0xdc, 0xec, 0x7a, 0x3d, 0xd7, 0x98, 0x54, 0x30,
-	0x4c, 0x45, 0x32, 0x95, 0xd8, 0xf0, 0xc0, 0x2e, 0xd8, 0x88, 0x88, 0x1c, 0x8e, 0xf5, 0x56, 0xd9,
-	0xf4, 0xed, 0xd5, 0xb2, 0xbb, 0x71, 0xa4, 0x1c, 0x38, 0xf5, 0xc3, 0x5d, 0x60, 0xeb, 0xc3, 0x8b,
-	0x45, 0x94, 0x5d, 0x8c, 0x8e, 0x1a, 0xd1, 0x51, 0xe6, 0x3c, 0x2f, 0x1b, 0xb8, 0x48, 0x86, 0xbf,
-	0x59, 0xa0, 0x4d, 0x92, 0x20, 0x94, 0x7b, 0x8c, 0x71, 0x49, 0xd2, 0xa9, 0xd4, 0x7a, 0xd5, 0x7e,
-	0x73, 0xe7, 0x09, 0xba, 0xe6, 0x11, 0x44, 0x97, 0x24, 0x46, 0x7b, 0x17, 0x28, 0x9e, 0x32, 0x19,
-	0x2f, 0x7c, 0xc7, 0x68, 0xd4, 0xbe, 0x18, 0xc6, 0x97, 0x6a, 0x76, 0xbe, 0x06, 0x1f, 0x5d, 0x49,
-	0x02, 0xdb, 0xa0, 0x3a, 0xa1, 0x8b, 0x74, 0x7a, 0x58, 0x1d, 0xe1, 0x87, 0x60, 0x63, 0x4e, 0xa6,
-	0x09, 0xd5, 0x93, 0xb0, 0x71, 0x6a, 0x3c, 0x5e, 0xdb, 0xb5, 0xb6, 0xfe, 0xb4, 0x40, 0xab, 0xd4,
-	0xdc, 0x3c, 0xa4, 0x27, 0xf0, 0x08, 0xd4, 0xcd, 0x16, 0xd1, 0x1c, 0xcd, 0x9d, 0xfb, 0x37, 0xf9,
-	0x5f, 0x1a, 0xe0, 0x37, 0xd5, 0x80, 0xb3, 0xed, 0x96, 0xd1, 0xa8, 0x0b, 0x1f, 0x9b, 0x3f, 0x6e,
-	0x9e, 0xac, 0xcf, 0x6e, 0x2e, 0x95, 0xbf, 0x69, 0x1e, 0x10, 0x6d, 0xe1, 0x9c, 0xc9, 0xef, 0x9f,
-	0x9e, 0xb9, 0x95, 0xd7, 0x67, 0x6e, 0xe5, 0xcd, 0x99, 0x5b, 0xf9, 0x75, 0xe5, 0x5a, 0xa7, 0x2b,
-	0xd7, 0x7a, 0xbd, 0x72, 0xad, 0x37, 0x2b, 0xd7, 0xfa, 0x6b, 0xe5, 0x5a, 0xbf, 0xff, 0xed, 0x56,
-	0x7e, 0x58, 0x9b, 0x6f, 0xff, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x37, 0xc7, 0x3f, 0x71, 0xdf, 0x08,
-	0x00, 0x00,
+	// 919 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0x1b, 0x45,
+	0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0x58, 0xf9, 0xb0, 0x36, 0x39, 0x20,
+	0x17, 0xb5, 0xbb, 0x24, 0x82, 0x2a, 0xaa, 0x38, 0x34, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda,
+	0x40, 0xc5, 0x01, 0x69, 0xec, 0x9d, 0xda, 0x83, 0xed, 0x99, 0x65, 0x67, 0xd6, 0xc1, 0x37, 0x4e,
+	0x9c, 0xf9, 0x06, 0x1c, 0xf9, 0x0c, 0x7c, 0x83, 0x1c, 0x7b, 0xec, 0xc9, 0x22, 0xe6, 0x5b, 0xe4,
+	0x84, 0x66, 0x76, 0xf6, 0x4f, 0xf3, 0x47, 0x84, 0x96, 0x93, 0xf7, 0xfd, 0xf9, 0xfd, 0xde, 0xf3,
+	0xef, 0xed, 0x7b, 0x0b, 0x1e, 0x4f, 0x77, 0x85, 0x47, 0xb9, 0x3f, 0x4d, 0x86, 0x24, 0x66, 0x44,
+	0x12, 0xe1, 0x2f, 0x08, 0x0b, 0x79, 0xec, 0x9b, 0x00, 0x8e, 0xa8, 0x8f, 0xc3, 0x39, 0x15, 0x82,
+	0x72, 0xe6, 0x2f, 0xb6, 0xfd, 0x31, 0x61, 0x24, 0xc6, 0x92, 0x84, 0x5e, 0x14, 0x73, 0xc9, 0xe1,
+	0x87, 0x69, 0xa2, 0x87, 0x23, 0xea, 0xe5, 0x89, 0xde, 0x62, 0xbb, 0xfb, 0x60, 0x4c, 0xe5, 0x24,
+	0x19, 0x7a, 0x23, 0x3e, 0xf7, 0xc7, 0x7c, 0xcc, 0x7d, 0x9d, 0x3f, 0x4c, 0x5e, 0x6a, 0x4b, 0x1b,
+	0xfa, 0x29, 0xe5, 0xe9, 0xde, 0x2f, 0x17, 0x4c, 0xe4, 0x84, 0x30, 0x49, 0x47, 0x58, 0x5e, 0x5d,
+	0xb5, 0xfb, 0x59, 0x91, 0x3d, 0xc7, 0xa3, 0x09, 0x65, 0x24, 0x5e, 0xfa, 0xd1, 0x74, 0xac, 0x1c,
+	0xc2, 0x9f, 0x13, 0x89, 0xaf, 0x42, 0xf9, 0xd7, 0xa1, 0xe2, 0x84, 0x49, 0x3a, 0x27, 0x97, 0x00,
+	0x0f, 0xff, 0x0d, 0x20, 0x46, 0x13, 0x32, 0xc7, 0x17, 0x71, 0x5b, 0xbf, 0xdb, 0xa0, 0xb3, 0x97,
+	0x89, 0x81, 0xc8, 0x4f, 0x09, 0x11, 0x12, 0x06, 0xa0, 0x9a, 0xd0, 0xd0, 0xb1, 0xfa, 0xd6, 0xc0,
+	0x0e, 0x3e, 0x3d, 0x5d, 0xf5, 0x2a, 0xeb, 0x55, 0xaf, 0x7a, 0x7c, 0xb0, 0x7f, 0xbe, 0xea, 0x7d,
+	0x74, 0x5d, 0x21, 0xb9, 0x8c, 0x88, 0xf0, 0x8e, 0x0f, 0xf6, 0x91, 0x02, 0xc3, 0x17, 0xa0, 0x36,
+	0xa5, 0x2c, 0x74, 0x6e, 0xf5, 0xad, 0x41, 0x6b, 0xe7, 0xa1, 0x57, 0x88, 0x9f, 0xc3, 0xbc, 0x68,
+	0x3a, 0x56, 0x0e, 0xe1, 0x29, 0x19, 0xbc, 0xc5, 0xb6, 0xf7, 0x55, 0xcc, 0x93, 0xe8, 0x5b, 0x12,
+	0xab, 0x66, 0xbe, 0xa1, 0x2c, 0x0c, 0x36, 0x4d, 0xf1, 0x9a, 0xb2, 0x90, 0x66, 0x84, 0x13, 0xd0,
+	0x8c, 0x89, 0xe0, 0x49, 0x3c, 0x22, 0x4e, 0x55, 0xb3, 0x3f, 0xfa, 0xef, 0xec, 0xc8, 0x30, 0x04,
+	0x1d, 0x53, 0xa1, 0x99, 0x79, 0x50, 0xce, 0x0e, 0x3f, 0x07, 0x2d, 0x91, 0x0c, 0xb3, 0x80, 0x53,
+	0xd3, 0x7a, 0xdc, 0x35, 0x80, 0xd6, 0xb3, 0x22, 0x84, 0xca, 0x79, 0x90, 0x82, 0x56, 0x9c, 0x2a,
+	0xa9, 0xba, 0x76, 0xde, 0x7b, 0x27, 0x05, 0xda, 0xaa, 0x14, 0x2a, 0xe8, 0x50, 0x99, 0x1b, 0x2e,
+	0x41, 0xdb, 0x98, 0x79, 0x97, 0xb7, 0xdf, 0x59, 0x92, 0xbb, 0xeb, 0x55, 0xaf, 0x8d, 0xde, 0xa4,
+	0x45, 0x17, 0xeb, 0xc0, 0xaf, 0x01, 0x34, 0xae, 0x92, 0x10, 0x4e, 0x5b, 0x6b, 0xd4, 0x35, 0x1a,
+	0x41, 0x74, 0x29, 0x03, 0x5d, 0x81, 0x82, 0x7d, 0x50, 0x63, 0x78, 0x4e, 0x9c, 0x0d, 0x8d, 0xce,
+	0x87, 0xfe, 0x14, 0xcf, 0x09, 0xd2, 0x11, 0xe8, 0x03, 0x5b, 0xfd, 0x8a, 0x08, 0x8f, 0x88, 0x53,
+	0xd7, 0x69, 0x77, 0x4c, 0x9a, 0xfd, 0x34, 0x0b, 0xa0, 0x22, 0x07, 0x7e, 0x01, 0x6c, 0x1e, 0xa9,
+	0x57, 0x9d, 0x72, 0xe6, 0x34, 0x34, 0xc0, 0xcd, 0x00, 0x87, 0x59, 0xe0, 0xbc, 0x6c, 0xa0, 0x02,
+	0x00, 0x9f, 0x83, 0x66, 0x22, 0x48, 0x7c, 0xc0, 0x5e, 0x72, 0xa7, 0xa9, 0x05, 0xfd, 0xd8, 0x2b,
+	0x9f, 0x8f, 0x37, 0xd6, 0x5e, 0x09, 0x79, 0x6c, 0xb2, 0x8b, 0xf7, 0x29, 0xf3, 0xa0, 0x9c, 0x09,
+	0x1e, 0x83, 0x3a, 0x1f, 0xfe, 0x48, 0x46, 0xd2, 0xb1, 0x35, 0xe7, 0x83, 0x6b, 0x87, 0x64, 0xb6,
+	0xd6, 0x43, 0xf8, 0xe4, 0xc9, 0xcf, 0x92, 0x30, 0x35, 0x9f, 0xe0, 0xb6, 0xa1, 0xae, 0x1f, 0x6a,
+	0x12, 0x64, 0xc8, 0xe0, 0x0f, 0xc0, 0xe6, 0xb3, 0x30, 0x75, 0x3a, 0xe0, 0x6d, 0x98, 0x73, 0x29,
+	0x0f, 0x33, 0x1e, 0x54, 0x50, 0xc2, 0x2d, 0x50, 0x0f, 0xe3, 0x25, 0x4a, 0x98, 0xd3, 0xea, 0x5b,
+	0x83, 0x66, 0x00, 0x54, 0x0f, 0xfb, 0xda, 0x83, 0x4c, 0x04, 0xbe, 0x00, 0x0d, 0x1e, 0x29, 0x31,
+	0x84, 0xb3, 0xf9, 0x36, 0x1d, 0xb4, 0x4d, 0x07, 0x8d, 0xc3, 0x94, 0x05, 0x65, 0x74, 0x5b, 0x7f,
+	0xd4, 0xc0, 0x9d, 0xd2, 0x85, 0x12, 0x11, 0x67, 0x82, 0xfc, 0x2f, 0x27, 0xea, 0x1e, 0x68, 0xe0,
+	0xd9, 0x8c, 0x9f, 0x90, 0xf4, 0x4a, 0x35, 0x8b, 0x26, 0xf6, 0x52, 0x37, 0xca, 0xe2, 0xf0, 0x08,
+	0xd4, 0x85, 0xc4, 0x32, 0x11, 0xe6, 0xe2, 0xdc, 0xbf, 0xd9, 0x7a, 0x3d, 0xd3, 0x98, 0x54, 0x30,
+	0x44, 0x44, 0x32, 0x93, 0xc8, 0xf0, 0xc0, 0x1e, 0xd8, 0x88, 0xb0, 0x1c, 0x4d, 0xf4, 0x55, 0xd9,
+	0x0c, 0xec, 0xf5, 0xaa, 0xb7, 0x71, 0xa4, 0x1c, 0x28, 0xf5, 0xc3, 0x5d, 0x60, 0xeb, 0x87, 0xe7,
+	0xcb, 0x28, 0x5b, 0x8c, 0xae, 0x1a, 0xd1, 0x51, 0xe6, 0x3c, 0x2f, 0x1b, 0xa8, 0x48, 0x86, 0xbf,
+	0x5a, 0xa0, 0x83, 0x93, 0x90, 0xca, 0x3d, 0xc6, 0xb8, 0xc4, 0xe9, 0x54, 0xea, 0xfd, 0xea, 0xa0,
+	0xb5, 0xf3, 0xd8, 0xbb, 0xe6, 0x23, 0xe8, 0x5d, 0x92, 0xd8, 0xdb, 0xbb, 0x40, 0xf1, 0x84, 0xc9,
+	0x78, 0x19, 0x38, 0x46, 0xa3, 0xce, 0xc5, 0x30, 0xba, 0x54, 0x13, 0x0e, 0x40, 0xf3, 0x04, 0xc7,
+	0x8c, 0xb2, 0xb1, 0x70, 0x1a, 0xfd, 0xaa, 0x5a, 0x6d, 0xb5, 0x19, 0xdf, 0x19, 0x1f, 0xca, 0xa3,
+	0xdd, 0x2f, 0xc1, 0x07, 0x57, 0x96, 0x83, 0x1d, 0x50, 0x9d, 0x92, 0x65, 0x3a, 0x67, 0xa4, 0x1e,
+	0xe1, 0xfb, 0x60, 0x63, 0x81, 0x67, 0x09, 0xd1, 0x33, 0xb3, 0x51, 0x6a, 0x3c, 0xba, 0xb5, 0x6b,
+	0x6d, 0xfd, 0x69, 0x81, 0x76, 0xe9, 0x6f, 0x2c, 0x28, 0x39, 0x81, 0x47, 0xa0, 0x61, 0xee, 0x8d,
+	0xe6, 0x68, 0xed, 0xdc, 0xbb, 0x89, 0x02, 0x1a, 0x10, 0xb4, 0xd4, 0xab, 0x90, 0xdd, 0xc1, 0x8c,
+	0x46, 0x9d, 0x86, 0xd8, 0x48, 0x64, 0x3e, 0x6e, 0x9f, 0xdc, 0x5c, 0xd4, 0x54, 0x80, 0xcc, 0x42,
+	0x39, 0x53, 0x30, 0x38, 0x3d, 0x73, 0x2b, 0xaf, 0xce, 0xdc, 0xca, 0xeb, 0x33, 0xb7, 0xf2, 0xcb,
+	0xda, 0xb5, 0x4e, 0xd7, 0xae, 0xf5, 0x6a, 0xed, 0x5a, 0xaf, 0xd7, 0xae, 0xf5, 0xd7, 0xda, 0xb5,
+	0x7e, 0xfb, 0xdb, 0xad, 0x7c, 0x7f, 0x6b, 0xb1, 0xfd, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x62,
+	0xcb, 0x64, 0xf1, 0x09, 0x09, 0x00, 0x00,
 }

 func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) {
@ -370,6 +371,15 @@ func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.Warnings) > 0 {
+		for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Warnings[iNdEx])
+			copy(dAtA[i:], m.Warnings[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx])))
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
 	if len(m.AuditAnnotations) > 0 {
 		keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations))
 		for k := range m.AuditAnnotations {
@ -567,6 +577,12 @@ func (m *AdmissionResponse) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
+	if len(m.Warnings) > 0 {
+		for _, s := range m.Warnings {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }

@ -638,6 +654,7 @@ func (this *AdmissionResponse) String() string {
 		`Patch:` + valueToStringGenerated(this.Patch) + `,`,
 		`PatchType:` + valueToStringGenerated(this.PatchType) + `,`,
 		`AuditAnnotations:` + mapStringForAuditAnnotations + `,`,
+		`Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1508,6 +1525,38 @@ func (m *AdmissionResponse) Unmarshal(dAtA []byte) error {
 			}
 			m.AuditAnnotations[mapkey] = mapvalue
 			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/staging/src/k8s.io/api/admission/v1/generated.proto
+++ b/staging/src/k8s.io/api/admission/v1/generated.proto
@ -145,6 +145,13 @@ message AdmissionResponse {
  // the admission webhook to add additional context to the audit log for this request.
  // +optional
  map<string, string> auditAnnotations = 6;
+
+  // warnings is a list of warning messages to return to the requesting API client.
+  // Warning messages describe a problem the client making the API request should correct or be aware of.
+  // Limit warnings to 120 characters if possible.
+  // Warnings over 256 characters and large numbers of warnings may be truncated.
+  // +optional
+  repeated string warnings = 7;
 }

 // AdmissionReview describes an admission review request/response.
--- a/staging/src/k8s.io/api/admission/v1/types.go
+++ b/staging/src/k8s.io/api/admission/v1/types.go
@ -140,6 +140,13 @@ type AdmissionResponse struct {
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
+
+	// warnings is a list of warning messages to return to the requesting API client.
+	// Warning messages describe a problem the client making the API request should correct or be aware of.
+	// Limit warnings to 120 characters if possible.
+	// Warnings over 256 characters and large numbers of warnings may be truncated.
+	// +optional
+	Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"`
 }

 // PatchType is the type of patch being used to represent the mutated object
--- a/staging/src/k8s.io/api/admission/v1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/admission/v1/types_swagger_doc_generated.go
@ -58,6 +58,7 @@ var map_AdmissionResponse = map[string]string{
 	"patch":            "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
 	"patchType":        "The type of Patch. Currently we only allow \"JSONPatch\".",
 	"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
+	"warnings":         "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.",
 }

 func (AdmissionResponse) SwaggerDoc() map[string]string {
--- a/staging/src/k8s.io/api/admission/v1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/admission/v1/zz_generated.deepcopy.go
@ -87,6 +87,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
 			(*out)[key] = val
 		}
 	}
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

--- a/staging/src/k8s.io/api/admission/v1beta1/generated.pb.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/generated.pb.go
@ -143,64 +143,65 @@ func init() {
 }

 var fileDescriptor_b87c2352de86eab9 = []byte{
-	// 902 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0x1b, 0x45,
-	0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0xb4, 0xb2, 0xd0, 0xda, 0xe4, 0x80,
-	0x82, 0xd4, 0xcc, 0x92, 0x08, 0xaa, 0xa8, 0xe2, 0x92, 0x25, 0x11, 0x0a, 0x48, 0x4d, 0x34, 0xad,
-	0x51, 0xe1, 0x80, 0x34, 0xf6, 0x4e, 0xed, 0xc5, 0xf6, 0xcc, 0xb2, 0x33, 0xeb, 0xe0, 0x1b, 0xe2,
-	0xca, 0x85, 0x6f, 0xc0, 0x87, 0xe1, 0x92, 0x63, 0x8f, 0x3d, 0x59, 0xc4, 0x7c, 0x8b, 0x9c, 0xd0,
-	0xcc, 0xce, 0x7a, 0xb7, 0x76, 0x02, 0xfd, 0xc3, 0xc9, 0xf3, 0xfe, 0xfc, 0x7e, 0xef, 0xf9, 0xf7,
-	0x76, 0xde, 0x80, 0x93, 0xf1, 0xa1, 0x40, 0x21, 0xf7, 0xc6, 0x49, 0x9f, 0xc6, 0x8c, 0x4a, 0x2a,
-	0xbc, 0x19, 0x65, 0x01, 0x8f, 0x3d, 0x13, 0x20, 0x51, 0xe8, 0x91, 0x60, 0x1a, 0x0a, 0x11, 0x72,
-	0xe6, 0xcd, 0xf6, 0xfb, 0x54, 0x92, 0x7d, 0x6f, 0x48, 0x19, 0x8d, 0x89, 0xa4, 0x01, 0x8a, 0x62,
-	0x2e, 0x39, 0xfc, 0x30, 0xcd, 0x46, 0x24, 0x0a, 0xd1, 0x2a, 0x1b, 0x99, 0xec, 0xf6, 0xde, 0x30,
-	0x94, 0xa3, 0xa4, 0x8f, 0x06, 0x7c, 0xea, 0x0d, 0xf9, 0x90, 0x7b, 0x1a, 0xd4, 0x4f, 0x9e, 0x6b,
-	0x4b, 0x1b, 0xfa, 0x94, 0x92, 0xb5, 0x1f, 0x14, 0x4b, 0x27, 0x72, 0x44, 0x99, 0x0c, 0x07, 0x44,
-	0xa6, 0xf5, 0xd7, 0x4b, 0xb7, 0x3f, 0xcb, 0xb3, 0xa7, 0x64, 0x30, 0x0a, 0x19, 0x8d, 0xe7, 0x5e,
-	0x34, 0x1e, 0x2a, 0x87, 0xf0, 0xa6, 0x54, 0x92, 0x9b, 0x50, 0xde, 0x6d, 0xa8, 0x38, 0x61, 0x32,
-	0x9c, 0xd2, 0x0d, 0xc0, 0xc3, 0xff, 0x02, 0x88, 0xc1, 0x88, 0x4e, 0xc9, 0x3a, 0x6e, 0xe7, 0x0f,
-	0x1b, 0xb4, 0x8e, 0x32, 0x45, 0x30, 0xfd, 0x29, 0xa1, 0x42, 0x42, 0x1f, 0x94, 0x93, 0x30, 0x70,
-	0xac, 0xae, 0xb5, 0x6b, 0xfb, 0x9f, 0x5e, 0x2e, 0x3a, 0xa5, 0xe5, 0xa2, 0x53, 0xee, 0x9d, 0x1e,
-	0x5f, 0x2f, 0x3a, 0x1f, 0xdd, 0x56, 0x48, 0xce, 0x23, 0x2a, 0x50, 0xef, 0xf4, 0x18, 0x2b, 0x30,
-	0x7c, 0x06, 0x2a, 0xe3, 0x90, 0x05, 0xce, 0x9d, 0xae, 0xb5, 0xdb, 0x38, 0x78, 0x88, 0xf2, 0x09,
-	0xac, 0x60, 0x28, 0x1a, 0x0f, 0x95, 0x43, 0x20, 0x25, 0x03, 0x9a, 0xed, 0xa3, 0xaf, 0x62, 0x9e,
-	0x44, 0xdf, 0xd2, 0x58, 0x35, 0xf3, 0x4d, 0xc8, 0x02, 0x7f, 0xdb, 0x14, 0xaf, 0x28, 0x0b, 0x6b,
-	0x46, 0x38, 0x02, 0xf5, 0x98, 0x0a, 0x9e, 0xc4, 0x03, 0xea, 0x94, 0x35, 0xfb, 0xa3, 0x37, 0x67,
-	0xc7, 0x86, 0xc1, 0x6f, 0x99, 0x0a, 0xf5, 0xcc, 0x83, 0x57, 0xec, 0xf0, 0x73, 0xd0, 0x10, 0x49,
-	0x3f, 0x0b, 0x38, 0x15, 0xad, 0xc7, 0x7d, 0x03, 0x68, 0x3c, 0xc9, 0x43, 0xb8, 0x98, 0x07, 0x43,
-	0xd0, 0x88, 0x53, 0x25, 0x55, 0xd7, 0xce, 0x7b, 0xef, 0xa4, 0x40, 0x53, 0x95, 0xc2, 0x39, 0x1d,
-	0x2e, 0x72, 0xc3, 0x39, 0x68, 0x1a, 0x73, 0xd5, 0xe5, 0xdd, 0x77, 0x96, 0xe4, 0xfe, 0x72, 0xd1,
-	0x69, 0xe2, 0x57, 0x69, 0xf1, 0x7a, 0x1d, 0xf8, 0x35, 0x80, 0xc6, 0x55, 0x10, 0xc2, 0x69, 0x6a,
-	0x8d, 0xda, 0x46, 0x23, 0x88, 0x37, 0x32, 0xf0, 0x0d, 0x28, 0xd8, 0x05, 0x15, 0x46, 0xa6, 0xd4,
-	0xd9, 0xd2, 0xe8, 0xd5, 0xd0, 0x1f, 0x93, 0x29, 0xc5, 0x3a, 0x02, 0x3d, 0x60, 0xab, 0x5f, 0x11,
-	0x91, 0x01, 0x75, 0xaa, 0x3a, 0xed, 0x9e, 0x49, 0xb3, 0x1f, 0x67, 0x01, 0x9c, 0xe7, 0xc0, 0x2f,
-	0x80, 0xcd, 0x23, 0xf5, 0xa9, 0x87, 0x9c, 0x39, 0x35, 0x0d, 0x70, 0x33, 0xc0, 0x59, 0x16, 0xb8,
-	0x2e, 0x1a, 0x38, 0x07, 0xc0, 0xa7, 0xa0, 0x9e, 0x08, 0x1a, 0x9f, 0xb2, 0xe7, 0xdc, 0xa9, 0x6b,
-	0x41, 0x3f, 0x46, 0xc5, 0x1d, 0xf2, 0xca, 0xb5, 0x57, 0x42, 0xf6, 0x4c, 0x76, 0xfe, 0x3d, 0x65,
-	0x1e, 0xbc, 0x62, 0x82, 0x3d, 0x50, 0xe5, 0xfd, 0x1f, 0xe9, 0x40, 0x3a, 0xb6, 0xe6, 0xdc, 0xbb,
-	0x75, 0x48, 0xe6, 0xd6, 0x22, 0x4c, 0x2e, 0x4e, 0x7e, 0x96, 0x94, 0xa9, 0xf9, 0xf8, 0x77, 0x0d,
-	0x75, 0xf5, 0x4c, 0x93, 0x60, 0x43, 0x06, 0x7f, 0x00, 0x36, 0x9f, 0x04, 0xa9, 0xd3, 0x01, 0x6f,
-	0xc3, 0xbc, 0x92, 0xf2, 0x2c, 0xe3, 0xc1, 0x39, 0x25, 0xdc, 0x01, 0xd5, 0x20, 0x9e, 0xe3, 0x84,
-	0x39, 0x8d, 0xae, 0xb5, 0x5b, 0xf7, 0x81, 0xea, 0xe1, 0x58, 0x7b, 0xb0, 0x89, 0xc0, 0x67, 0xa0,
-	0xc6, 0x23, 0x25, 0x86, 0x70, 0xb6, 0xdf, 0xa6, 0x83, 0xa6, 0xe9, 0xa0, 0x76, 0x96, 0xb2, 0xe0,
-	0x8c, 0x6e, 0xe7, 0xd7, 0x0a, 0xb8, 0x57, 0xd8, 0x50, 0x22, 0xe2, 0x4c, 0xd0, 0xff, 0x65, 0x45,
-	0x7d, 0x02, 0x6a, 0x64, 0x32, 0xe1, 0x17, 0x34, 0xdd, 0x52, 0xf5, 0xbc, 0x89, 0xa3, 0xd4, 0x8d,
-	0xb3, 0x38, 0x3c, 0x07, 0x55, 0x21, 0x89, 0x4c, 0x84, 0xd9, 0x38, 0x0f, 0x5e, 0xef, 0x7a, 0x3d,
-	0xd1, 0x98, 0x54, 0x30, 0x4c, 0x45, 0x32, 0x91, 0xd8, 0xf0, 0xc0, 0x0e, 0xd8, 0x8a, 0x88, 0x1c,
-	0x8c, 0xf4, 0x56, 0xd9, 0xf6, 0xed, 0xe5, 0xa2, 0xb3, 0x75, 0xae, 0x1c, 0x38, 0xf5, 0xc3, 0x43,
-	0x60, 0xeb, 0xc3, 0xd3, 0x79, 0x94, 0x5d, 0x8c, 0xb6, 0x1a, 0xd1, 0x79, 0xe6, 0xbc, 0x2e, 0x1a,
-	0x38, 0x4f, 0x86, 0xbf, 0x59, 0xa0, 0x45, 0x92, 0x20, 0x94, 0x47, 0x8c, 0x71, 0x49, 0xd2, 0xa9,
-	0x54, 0xbb, 0xe5, 0xdd, 0xc6, 0xc1, 0x09, 0xfa, 0xb7, 0x97, 0x10, 0x6d, 0xe8, 0x8c, 0x8e, 0xd6,
-	0x78, 0x4e, 0x98, 0x8c, 0xe7, 0xbe, 0x63, 0x84, 0x6a, 0xad, 0x87, 0xf1, 0x46, 0xe1, 0xf6, 0x97,
-	0xe0, 0x83, 0x1b, 0x49, 0x60, 0x0b, 0x94, 0xc7, 0x74, 0x9e, 0x8e, 0x10, 0xab, 0x23, 0x7c, 0x1f,
-	0x6c, 0xcd, 0xc8, 0x24, 0xa1, 0x7a, 0x1c, 0x36, 0x4e, 0x8d, 0x47, 0x77, 0x0e, 0xad, 0x9d, 0x3f,
-	0x2d, 0xd0, 0x2c, 0x34, 0x37, 0x0b, 0xe9, 0x05, 0xec, 0x81, 0x9a, 0x59, 0x25, 0x9a, 0xa3, 0x71,
-	0x80, 0x5e, 0xfb, 0xcf, 0x69, 0x94, 0xdf, 0x50, 0xa3, 0xce, 0xf6, 0x5c, 0xc6, 0x05, 0xbf, 0xd3,
-	0xcf, 0x8b, 0xfe, 0xf7, 0xe6, 0xf1, 0xf2, 0xde, 0x50, 0x34, 0x7f, 0xdb, 0xbc, 0x27, 0xda, 0xc2,
-	0x2b, 0x3a, 0x7f, 0xef, 0xf2, 0xca, 0x2d, 0xbd, 0xb8, 0x72, 0x4b, 0x2f, 0xaf, 0xdc, 0xd2, 0x2f,
-	0x4b, 0xd7, 0xba, 0x5c, 0xba, 0xd6, 0x8b, 0xa5, 0x6b, 0xbd, 0x5c, 0xba, 0xd6, 0x5f, 0x4b, 0xd7,
-	0xfa, 0xfd, 0x6f, 0xb7, 0xf4, 0x7d, 0xcd, 0x10, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x8b, 0xd1,
-	0x27, 0x74, 0xfd, 0x08, 0x00, 0x00,
+	// 925 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcb, 0x6e, 0x23, 0x45,
+	0x17, 0x76, 0x8f, 0x1d, 0xdb, 0x5d, 0xce, 0x3f, 0xf6, 0xd4, 0xfc, 0x48, 0x2d, 0x0b, 0xb5, 0x4d,
+	0x16, 0xc8, 0x48, 0x93, 0x6a, 0x12, 0xc1, 0x28, 0x1a, 0xb1, 0x49, 0x93, 0x08, 0x05, 0xa4, 0x49,
+	0x54, 0x33, 0x86, 0x81, 0x05, 0x52, 0xd9, 0xae, 0xb1, 0x1b, 0xdb, 0x55, 0x4d, 0x57, 0xb5, 0x83,
+	0x77, 0xec, 0xd9, 0xf0, 0x06, 0xbc, 0x00, 0x6f, 0xc1, 0x26, 0xcb, 0x59, 0xce, 0xca, 0x22, 0xe6,
+	0x2d, 0xb2, 0x42, 0x55, 0x5d, 0x7d, 0x19, 0x27, 0x81, 0xb9, 0xb0, 0x72, 0x9f, 0xcb, 0xf7, 0x9d,
+	0xe3, 0xef, 0xf4, 0x39, 0x0d, 0x8e, 0xa7, 0x07, 0x02, 0x05, 0xdc, 0x9b, 0xc6, 0x03, 0x1a, 0x31,
+	0x2a, 0xa9, 0xf0, 0x16, 0x94, 0x8d, 0x78, 0xe4, 0x99, 0x00, 0x09, 0x03, 0x8f, 0x8c, 0xe6, 0x81,
+	0x10, 0x01, 0x67, 0xde, 0x62, 0x6f, 0x40, 0x25, 0xd9, 0xf3, 0xc6, 0x94, 0xd1, 0x88, 0x48, 0x3a,
+	0x42, 0x61, 0xc4, 0x25, 0x87, 0xef, 0x27, 0xd9, 0x88, 0x84, 0x01, 0xca, 0xb2, 0x91, 0xc9, 0x6e,
+	0xef, 0x8e, 0x03, 0x39, 0x89, 0x07, 0x68, 0xc8, 0xe7, 0xde, 0x98, 0x8f, 0xb9, 0xa7, 0x41, 0x83,
+	0xf8, 0xb9, 0xb6, 0xb4, 0xa1, 0x9f, 0x12, 0xb2, 0xf6, 0x83, 0x62, 0xe9, 0x58, 0x4e, 0x28, 0x93,
+	0xc1, 0x90, 0xc8, 0xa4, 0xfe, 0x66, 0xe9, 0xf6, 0x27, 0x79, 0xf6, 0x9c, 0x0c, 0x27, 0x01, 0xa3,
+	0xd1, 0xd2, 0x0b, 0xa7, 0x63, 0xe5, 0x10, 0xde, 0x9c, 0x4a, 0x72, 0x13, 0xca, 0xbb, 0x0d, 0x15,
+	0xc5, 0x4c, 0x06, 0x73, 0x7a, 0x0d, 0xf0, 0xf0, 0xdf, 0x00, 0x62, 0x38, 0xa1, 0x73, 0xb2, 0x89,
+	0xdb, 0xf9, 0xcd, 0x06, 0xad, 0xc3, 0x54, 0x11, 0x4c, 0x7f, 0x8c, 0xa9, 0x90, 0xd0, 0x07, 0xe5,
+	0x38, 0x18, 0x39, 0x56, 0xd7, 0xea, 0xd9, 0xfe, 0xc7, 0x17, 0xab, 0x4e, 0x69, 0xbd, 0xea, 0x94,
+	0xfb, 0x27, 0x47, 0x57, 0xab, 0xce, 0x07, 0xb7, 0x15, 0x92, 0xcb, 0x90, 0x0a, 0xd4, 0x3f, 0x39,
+	0xc2, 0x0a, 0x0c, 0x9f, 0x81, 0xca, 0x34, 0x60, 0x23, 0xe7, 0x4e, 0xd7, 0xea, 0x35, 0xf6, 0x1f,
+	0xa2, 0x7c, 0x02, 0x19, 0x0c, 0x85, 0xd3, 0xb1, 0x72, 0x08, 0xa4, 0x64, 0x40, 0x8b, 0x3d, 0xf4,
+	0x45, 0xc4, 0xe3, 0xf0, 0x6b, 0x1a, 0xa9, 0x66, 0xbe, 0x0a, 0xd8, 0xc8, 0xdf, 0x36, 0xc5, 0x2b,
+	0xca, 0xc2, 0x9a, 0x11, 0x4e, 0x40, 0x3d, 0xa2, 0x82, 0xc7, 0xd1, 0x90, 0x3a, 0x65, 0xcd, 0xfe,
+	0xe8, 0xcd, 0xd9, 0xb1, 0x61, 0xf0, 0x5b, 0xa6, 0x42, 0x3d, 0xf5, 0xe0, 0x8c, 0x1d, 0x7e, 0x0a,
+	0x1a, 0x22, 0x1e, 0xa4, 0x01, 0xa7, 0xa2, 0xf5, 0xb8, 0x6f, 0x00, 0x8d, 0x27, 0x79, 0x08, 0x17,
+	0xf3, 0x60, 0x00, 0x1a, 0x51, 0xa2, 0xa4, 0xea, 0xda, 0xf9, 0xdf, 0x3b, 0x29, 0xd0, 0x54, 0xa5,
+	0x70, 0x4e, 0x87, 0x8b, 0xdc, 0x70, 0x09, 0x9a, 0xc6, 0xcc, 0xba, 0xbc, 0xfb, 0xce, 0x92, 0xdc,
+	0x5f, 0xaf, 0x3a, 0x4d, 0xfc, 0x2a, 0x2d, 0xde, 0xac, 0x03, 0xbf, 0x04, 0xd0, 0xb8, 0x0a, 0x42,
+	0x38, 0x4d, 0xad, 0x51, 0xdb, 0x68, 0x04, 0xf1, 0xb5, 0x0c, 0x7c, 0x03, 0x0a, 0x76, 0x41, 0x85,
+	0x91, 0x39, 0x75, 0xb6, 0x34, 0x3a, 0x1b, 0xfa, 0x63, 0x32, 0xa7, 0x58, 0x47, 0xa0, 0x07, 0x6c,
+	0xf5, 0x2b, 0x42, 0x32, 0xa4, 0x4e, 0x55, 0xa7, 0xdd, 0x33, 0x69, 0xf6, 0xe3, 0x34, 0x80, 0xf3,
+	0x1c, 0xf8, 0x19, 0xb0, 0x79, 0xa8, 0x5e, 0xf5, 0x80, 0x33, 0xa7, 0xa6, 0x01, 0x6e, 0x0a, 0x38,
+	0x4d, 0x03, 0x57, 0x45, 0x03, 0xe7, 0x00, 0xf8, 0x14, 0xd4, 0x63, 0x41, 0xa3, 0x13, 0xf6, 0x9c,
+	0x3b, 0x75, 0x2d, 0xe8, 0x87, 0xa8, 0x78, 0x43, 0x5e, 0x59, 0x7b, 0x25, 0x64, 0xdf, 0x64, 0xe7,
+	0xef, 0x53, 0xea, 0xc1, 0x19, 0x13, 0xec, 0x83, 0x2a, 0x1f, 0xfc, 0x40, 0x87, 0xd2, 0xb1, 0x35,
+	0xe7, 0xee, 0xad, 0x43, 0x32, 0x5b, 0x8b, 0x30, 0x39, 0x3f, 0xfe, 0x49, 0x52, 0xa6, 0xe6, 0xe3,
+	0xdf, 0x35, 0xd4, 0xd5, 0x53, 0x4d, 0x82, 0x0d, 0x19, 0xfc, 0x1e, 0xd8, 0x7c, 0x36, 0x4a, 0x9c,
+	0x0e, 0x78, 0x1b, 0xe6, 0x4c, 0xca, 0xd3, 0x94, 0x07, 0xe7, 0x94, 0x70, 0x07, 0x54, 0x47, 0xd1,
+	0x12, 0xc7, 0xcc, 0x69, 0x74, 0xad, 0x5e, 0xdd, 0x07, 0xaa, 0x87, 0x23, 0xed, 0xc1, 0x26, 0x02,
+	0x9f, 0x81, 0x1a, 0x0f, 0x95, 0x18, 0xc2, 0xd9, 0x7e, 0x9b, 0x0e, 0x9a, 0xa6, 0x83, 0xda, 0x69,
+	0xc2, 0x82, 0x53, 0xba, 0x9d, 0xdf, 0x2b, 0xe0, 0x5e, 0xe1, 0x42, 0x89, 0x90, 0x33, 0x41, 0xff,
+	0x93, 0x13, 0xf5, 0x11, 0xa8, 0x91, 0xd9, 0x8c, 0x9f, 0xd3, 0xe4, 0x4a, 0xd5, 0xf3, 0x26, 0x0e,
+	0x13, 0x37, 0x4e, 0xe3, 0xf0, 0x0c, 0x54, 0x85, 0x24, 0x32, 0x16, 0xe6, 0xe2, 0x3c, 0x78, 0xbd,
+	0xf5, 0x7a, 0xa2, 0x31, 0x89, 0x60, 0x98, 0x8a, 0x78, 0x26, 0xb1, 0xe1, 0x81, 0x1d, 0xb0, 0x15,
+	0x12, 0x39, 0x9c, 0xe8, 0xab, 0xb2, 0xed, 0xdb, 0xeb, 0x55, 0x67, 0xeb, 0x4c, 0x39, 0x70, 0xe2,
+	0x87, 0x07, 0xc0, 0xd6, 0x0f, 0x4f, 0x97, 0x61, 0xba, 0x18, 0x6d, 0x35, 0xa2, 0xb3, 0xd4, 0x79,
+	0x55, 0x34, 0x70, 0x9e, 0x0c, 0x7f, 0xb1, 0x40, 0x8b, 0xc4, 0xa3, 0x40, 0x1e, 0x32, 0xc6, 0x25,
+	0x49, 0xa6, 0x52, 0xed, 0x96, 0x7b, 0x8d, 0xfd, 0x63, 0xf4, 0x4f, 0x5f, 0x42, 0x74, 0x4d, 0x67,
+	0x74, 0xb8, 0xc1, 0x73, 0xcc, 0x64, 0xb4, 0xf4, 0x1d, 0x23, 0x54, 0x6b, 0x33, 0x8c, 0xaf, 0x15,
+	0x86, 0x3d, 0x50, 0x3f, 0x27, 0x11, 0x0b, 0xd8, 0x58, 0x38, 0xb5, 0x6e, 0x59, 0xed, 0xb7, 0x5a,
+	0x8f, 0x6f, 0x8c, 0x0f, 0x67, 0xd1, 0xf6, 0xe7, 0xe0, 0xbd, 0x1b, 0xcb, 0xc1, 0x16, 0x28, 0x4f,
+	0xe9, 0x32, 0x19, 0x36, 0x56, 0x8f, 0xf0, 0xff, 0x60, 0x6b, 0x41, 0x66, 0x31, 0xd5, 0x83, 0xb3,
+	0x71, 0x62, 0x3c, 0xba, 0x73, 0x60, 0xed, 0xfc, 0x61, 0x81, 0x66, 0xe1, 0x6f, 0x2c, 0x02, 0x7a,
+	0x0e, 0xfb, 0xa0, 0x66, 0x8e, 0x8e, 0xe6, 0x68, 0xec, 0xa3, 0xd7, 0x96, 0x41, 0xa3, 0xfc, 0x86,
+	0x7a, 0x29, 0xd2, 0x8b, 0x98, 0x72, 0xc1, 0x6f, 0xf5, 0x87, 0x48, 0xeb, 0x64, 0x3e, 0x73, 0xde,
+	0x1b, 0xca, 0x9b, 0x48, 0x91, 0x5a, 0x38, 0xa3, 0xf3, 0x77, 0x2f, 0x2e, 0xdd, 0xd2, 0x8b, 0x4b,
+	0xb7, 0xf4, 0xf2, 0xd2, 0x2d, 0xfd, 0xbc, 0x76, 0xad, 0x8b, 0xb5, 0x6b, 0xbd, 0x58, 0xbb, 0xd6,
+	0xcb, 0xb5, 0x6b, 0xfd, 0xb9, 0x76, 0xad, 0x5f, 0xff, 0x72, 0x4b, 0xdf, 0xd5, 0x0c, 0xf1, 0xdf,
+	0x01, 0x00, 0x00, 0xff, 0xff, 0x6c, 0x23, 0xa1, 0xd9, 0x27, 0x09, 0x00, 0x00,
 }

 func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) {
@ -370,6 +371,15 @@ func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
+	if len(m.Warnings) > 0 {
+		for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
+			i -= len(m.Warnings[iNdEx])
+			copy(dAtA[i:], m.Warnings[iNdEx])
+			i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx])))
+			i--
+			dAtA[i] = 0x3a
+		}
+	}
 	if len(m.AuditAnnotations) > 0 {
 		keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations))
 		for k := range m.AuditAnnotations {
@ -567,6 +577,12 @@ func (m *AdmissionResponse) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
+	if len(m.Warnings) > 0 {
+		for _, s := range m.Warnings {
+			l = len(s)
+			n += 1 + l + sovGenerated(uint64(l))
+		}
+	}
 	return n
 }

@ -638,6 +654,7 @@ func (this *AdmissionResponse) String() string {
 		`Patch:` + valueToStringGenerated(this.Patch) + `,`,
 		`PatchType:` + valueToStringGenerated(this.PatchType) + `,`,
 		`AuditAnnotations:` + mapStringForAuditAnnotations + `,`,
+		`Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1508,6 +1525,38 @@ func (m *AdmissionResponse) Unmarshal(dAtA []byte) error {
 			}
 			m.AuditAnnotations[mapkey] = mapvalue
 			iNdEx = postIndex
+		case 7:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowGenerated
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthGenerated
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex]))
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/staging/src/k8s.io/api/admission/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/admission/v1beta1/generated.proto
@ -145,6 +145,13 @@ message AdmissionResponse {
  // the admission webhook to add additional context to the audit log for this request.
  // +optional
  map<string, string> auditAnnotations = 6;
+
+  // warnings is a list of warning messages to return to the requesting API client.
+  // Warning messages describe a problem the client making the API request should correct or be aware of.
+  // Limit warnings to 120 characters if possible.
+  // Warnings over 256 characters and large numbers of warnings may be truncated.
+  // +optional
+  repeated string warnings = 7;
 }

 // AdmissionReview describes an admission review request/response.
--- a/staging/src/k8s.io/api/admission/v1beta1/types.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/types.go
@ -145,6 +145,13 @@ type AdmissionResponse struct {
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
+
+	// warnings is a list of warning messages to return to the requesting API client.
+	// Warning messages describe a problem the client making the API request should correct or be aware of.
+	// Limit warnings to 120 characters if possible.
+	// Warnings over 256 characters and large numbers of warnings may be truncated.
+	// +optional
+	Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"`
 }

 // PatchType is the type of patch being used to represent the mutated object
--- a/staging/src/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go
@ -58,6 +58,7 @@ var map_AdmissionResponse = map[string]string{
 	"patch":            "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
 	"patchType":        "The type of Patch. Currently we only allow \"JSONPatch\".",
 	"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
+	"warnings":         "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.",
 }

 func (AdmissionResponse) SwaggerDoc() map[string]string {
--- a/staging/src/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go
@ -87,6 +87,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
 			(*out)[key] = val
 		}
 	}
+	if in.Warnings != nil {
+		in, out := &in.Warnings, &out.Warnings
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
 	return
 }

--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.json
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.json
@ -76,6 +76,9 @@
    "patchType": "-Ǐ忄*齧獚敆Ȏțê",
    "auditAnnotations": {
      "30": "31"
-    }
+    },
+    "warnings": [
+      "32"
+    ]
  }
 }
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.pb
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.pb
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.yaml
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.yaml
@ -78,3 +78,5 @@ response:
    reason: Hr鯹)晿<o,c鮽ort昍řČ扷5Ɨ
    status: "23"
  uid: 輂]¨&桰]]æȌ殸2爟¼ªov鈶
+  warnings:
+  - "32"
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.json
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.json
@ -76,6 +76,9 @@
    "patchType": "-Ǐ忄*齧獚敆Ȏțê",
    "auditAnnotations": {
      "30": "31"
-    }
+    },
+    "warnings": [
+      "32"
+    ]
  }
 }
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.pb
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.pb
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.yaml
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.yaml
@ -78,3 +78,5 @@ response:
    reason: Hr鯹)晿<o,c鮽ort昍řČ扷5Ɨ
    status: "23"
  uid: 輂]¨&桰]]æȌ殸2爟¼ªov鈶
+  warnings:
+  - "32"
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD
@ -30,6 +30,7 @@ go_library(
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/warning:go_default_library",
        "//vendor/github.com/evanphx/json-patch:go_default_library",
        "//vendor/k8s.io/klog/v2:go_default_library",
        "//vendor/k8s.io/utils/trace:go_default_library",
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
@ -43,6 +43,7 @@ import (
 	webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
+	"k8s.io/apiserver/pkg/warning"
 	utiltrace "k8s.io/utils/trace"
 )

@ -267,6 +268,9 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
 			klog.Warningf("Failed to set admission audit annotation %s to %s for mutating webhook %s: %v", key, v, h.Name, err)
 		}
 	}
+	for _, w := range result.Warnings {
+		warning.AddWarning(ctx, "", w)
+	}

 	if !result.Allowed {
 		return false, &webhookutil.ErrWebhookRejection{Status: webhookerrors.ToStatusErr(h.Name, result.Result)}
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go
@ -36,6 +36,7 @@ type AdmissionResponse struct {
 	Patch            []byte
 	PatchType        admissionv1.PatchType
 	Result           *metav1.Status
+	Warnings         []string
 }

 // VerifyAdmissionResponse checks the validity of the provided admission review object, and returns the
@ -93,6 +94,7 @@ func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object
 			Patch:            patch,
 			PatchType:        patchType,
 			Result:           r.Response.Result,
+			Warnings:         r.Response.Warnings,
 		}, nil

 	case *admissionv1beta1.AdmissionReview:
@ -118,6 +120,7 @@ func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object
 			Patch:            patch,
 			PatchType:        patchType,
 			Result:           r.Response.Result,
+			Warnings:         r.Response.Warnings,
 		}, nil

 	default:
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD
@ -23,6 +23,7 @@ go_library(
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
+        "//staging/src/k8s.io/apiserver/pkg/warning:go_default_library",
        "//vendor/k8s.io/klog/v2:go_default_library",
        "//vendor/k8s.io/utils/trace:go_default_library",
    ],
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go
@ -33,6 +33,7 @@ import (
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/generic"
 	webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
+	"k8s.io/apiserver/pkg/warning"
 	"k8s.io/klog/v2"
 	utiltrace "k8s.io/utils/trace"
 )
@ -227,6 +228,9 @@ func (d *validatingDispatcher) callHook(ctx context.Context, h *v1.ValidatingWeb
 			klog.Warningf("Failed to set admission audit annotation %s to %s for validating webhook %s: %v", key, v, h.Name, err)
 		}
 	}
+	for _, w := range result.Warnings {
+		warning.AddWarning(ctx, "", w)
+	}
 	if result.Allowed {
 		return nil
 	}
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning.go
@ -17,10 +17,13 @@ limitations under the License.
 package filters

 import (
+	"fmt"
 	"net/http"
 	"sync"
+	"unicode/utf8"

 	"k8s.io/apimachinery/pkg/util/net"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/warning"
 )

@ -33,10 +36,34 @@ func WithWarningRecorder(handler http.Handler) http.Handler {
 	})
 }

+var (
+	truncateAtTotalRunes = 4 * 1024
+	truncateItemRunes    = 256
+)
+
+type recordedWarning struct {
+	agent string
+	text  string
+}
+
 type recorder struct {
-	lock     sync.Mutex
+	// lock guards calls to AddWarning from multiple threads
+	lock sync.Mutex
+
+	// recorded tracks whether AddWarning was already called with a given text
 	recorded map[string]bool
-	writer   http.ResponseWriter
+
+	// ordered tracks warnings added so they can be replayed and truncated if needed
+	ordered []recordedWarning
+
+	// written tracks how many runes of text have been added as warning headers
+	written int
+
+	// truncating tracks if we have already exceeded truncateAtTotalRunes and are now truncating warning messages as we add them
+	truncating bool
+
+	// writer is the response writer to add warning headers to
+	writer http.ResponseWriter
 }

 func (r *recorder) AddWarning(agent, text string) {
@ -47,6 +74,11 @@ func (r *recorder) AddWarning(agent, text string) {
 	r.lock.Lock()
 	defer r.lock.Unlock()

+	// if we've already exceeded our limit and are already truncating, return early
+	if r.written >= truncateAtTotalRunes && r.truncating {
+		return
+	}
+
 	// init if needed
 	if r.recorded == nil {
 		r.recorded = map[string]bool{}
@ -57,13 +89,45 @@ func (r *recorder) AddWarning(agent, text string) {
 		return
 	}
 	r.recorded[text] = true
+	r.ordered = append(r.ordered, recordedWarning{agent: agent, text: text})

-	// TODO(liggitt): track total message characters written:
-	// * if this takes us over 4k truncate individual messages to 256 chars and regenerate headers
-	// * if we're already truncating truncate this message to 256 chars
-	// * if we're still over 4k omit this message
+	// truncate on a rune boundary, if needed
+	textRuneLength := utf8.RuneCountInString(text)
+	if r.truncating && textRuneLength > truncateItemRunes {
+		text = string([]rune(text)[:truncateItemRunes])
+		textRuneLength = truncateItemRunes
+	}

-	if header, err := net.NewWarningHeader(299, agent, text); err == nil {
+	// compute the header
+	header, err := net.NewWarningHeader(299, agent, text)
+	if err != nil {
+		return
+	}
+
+	// if this fits within our limit, or we're already truncating, write and return
+	if r.written+textRuneLength <= truncateAtTotalRunes || r.truncating {
+		r.written += textRuneLength
 		r.writer.Header().Add("Warning", header)
+		return
+	}
+
+	// otherwise, enable truncation, reset, and replay the existing items as truncated warnings
+	r.truncating = true
+	r.written = 0
+	r.writer.Header().Del("Warning")
+	utilruntime.HandleError(fmt.Errorf("exceeded max warning header size, truncating"))
+	for _, w := range r.ordered {
+		agent := w.agent
+		text := w.text
+
+		textRuneLength := utf8.RuneCountInString(text)
+		if textRuneLength > truncateItemRunes {
+			text = string([]rune(text)[:truncateItemRunes])
+			textRuneLength = truncateItemRunes
+		}
+		if header, err := net.NewWarningHeader(299, agent, text); err == nil {
+			r.written += textRuneLength
+			r.writer.Header().Add("Warning", header)
+		}
 	}
 }
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning_test.go
@ -98,3 +98,35 @@ func Test_recorder_AddWarning(t *testing.T) {
 		})
 	}
 }
+
+func TestTruncation(t *testing.T) {
+	originalTotalRunes, originalItemRunes := truncateAtTotalRunes, truncateItemRunes
+	truncateAtTotalRunes, truncateItemRunes = 25, 5
+	defer func() {
+		truncateAtTotalRunes, truncateItemRunes = originalTotalRunes, originalItemRunes
+	}()
+
+	responseRecorder := httptest.NewRecorder()
+	warningRecorder := &recorder{writer: responseRecorder}
+
+	// add items longer than the individual length
+	warningRecorder.AddWarning("", "aaaaaaaaaa")  // long item
+	warningRecorder.AddWarning("-", "aaaaaaaaaa") // duplicate item
+	warningRecorder.AddWarning("", "bb")          // short item
+	warningRecorder.AddWarning("", "ccc")         // short item
+	warningRecorder.AddWarning("", "Iñtërnâtiô")  // long item
+	// check they are preserved
+	if e, a := []string{`299 - "aaaaaaaaaa"`, `299 - "bb"`, `299 - "ccc"`, `299 - "Iñtërnâtiô"`}, responseRecorder.Header()["Warning"]; !reflect.DeepEqual(e, a) {
+		t.Errorf("expected\n%#v\ngot\n%#v", e, a)
+	}
+	// add an item that exceeds the length and triggers truncation, reducing existing items to 15 runes
+	warningRecorder.AddWarning("", "e")          // triggering item, 16 total
+	warningRecorder.AddWarning("", "ffffffffff") // long item to get truncated, 21 total
+	warningRecorder.AddWarning("", "ffffffffff") // duplicate item
+	warningRecorder.AddWarning("", "gggggggggg") // item to get truncated, 26 total
+	warningRecorder.AddWarning("", "h")          // item to get ignored since we're over our limit
+	// check that existing items are truncated, and order preserved
+	if e, a := []string{`299 - "aaaaa"`, `299 - "bb"`, `299 - "ccc"`, `299 - "Iñtër"`, `299 - "e"`, `299 - "fffff"`, `299 - "ggggg"`}, responseRecorder.Header()["Warning"]; !reflect.DeepEqual(e, a) {
+		t.Errorf("expected\n%#v\ngot\n%#v", e, a)
+	}
+}
--- a/test/images/agnhost/webhook/convert.go
+++ b/test/images/agnhost/webhook/convert.go
@ -75,6 +75,7 @@ func convertAdmissionResponseToV1(r *v1beta1.AdmissionResponse) *v1.AdmissionRes
 		Patch:            r.Patch,
 		PatchType:        pt,
 		Result:           r.Result,
+		Warnings:         r.Warnings,
 	}
 }

@ -91,6 +92,7 @@ func convertAdmissionResponseToV1beta1(r *v1.AdmissionResponse) *v1beta1.Admissi
 		Patch:            r.Patch,
 		PatchType:        pt,
 		Result:           r.Result,
+		Warnings:         r.Warnings,
 	}
 }

--- a/test/integration/apiserver/admissionwebhook/admission_test.go
+++ b/test/integration/apiserver/admissionwebhook/admission_test.go
@ -169,6 +169,8 @@ type holder struct {

 	t *testing.T

+	warningHandler *warningHandler
+
 	recordGVR       metav1.GroupVersionResource
 	recordOperation string
 	recordNamespace string
@ -203,6 +205,7 @@ func (h *holder) reset(t *testing.T) {
 	h.expectOldObject = false
 	h.expectOptionsGVK = schema.GroupVersionKind{}
 	h.expectOptions = false
+	h.warningHandler.reset()

 	// Set up the recorded map with nil records for all combinations
 	h.recorded = map[webhookOptions]*admissionRequest{}
@ -231,6 +234,7 @@ func (h *holder) expect(gvr schema.GroupVersionResource, gvk, optionsGVK schema.
 	h.expectOldObject = oldObject
 	h.expectOptionsGVK = optionsGVK
 	h.expectOptions = options
+	h.warningHandler.reset()

 	// Set up the recorded map with nil records for all combinations
 	h.recorded = map[webhookOptions]*admissionRequest{}
@ -314,13 +318,15 @@ func (h *holder) verify(t *testing.T) {
 	defer h.lock.Unlock()

 	for options, value := range h.recorded {
-		if err := h.verifyRequest(options.converted, value); err != nil {
+		if err := h.verifyRequest(options, value); err != nil {
 			t.Errorf("version: %v, phase:%v, converted:%v error: %v", options.version, options.phase, options.converted, err)
 		}
 	}
 }

-func (h *holder) verifyRequest(converted bool, request *admissionRequest) error {
+func (h *holder) verifyRequest(webhookOptions webhookOptions, request *admissionRequest) error {
+	converted := webhookOptions.converted
+
 	// Check if current resource should be exempted from Admission processing
 	if admissionExemptResources[gvr(h.recordGVR.Group, h.recordGVR.Version, h.recordGVR.Resource)] {
 		if request == nil {
@ -357,6 +363,10 @@ func (h *holder) verifyRequest(converted bool, request *admissionRequest) error
 		return fmt.Errorf("unexpected options: %#v", request.Options.Object)
 	}

+	if !h.warningHandler.hasWarning(makeWarning(webhookOptions.version, webhookOptions.phase, webhookOptions.converted)) {
+		return fmt.Errorf("no warning received from webhook")
+	}
+
 	return nil
 }

@ -384,6 +394,34 @@ func (h *holder) verifyOptions(options runtime.Object) error {
 	return nil
 }

+type warningHandler struct {
+	lock     sync.Mutex
+	warnings map[string]bool
+}
+
+func (w *warningHandler) reset() {
+	w.lock.Lock()
+	defer w.lock.Unlock()
+	w.warnings = map[string]bool{}
+}
+func (w *warningHandler) hasWarning(warning string) bool {
+	w.lock.Lock()
+	defer w.lock.Unlock()
+	return w.warnings[warning]
+}
+func makeWarning(version string, phase string, converted bool) string {
+	return fmt.Sprintf("%v/%v/%v", version, phase, converted)
+}
+
+func (w *warningHandler) HandleWarningHeader(code int, agent string, message string) {
+	if code != 299 || len(message) == 0 {
+		return
+	}
+	w.lock.Lock()
+	defer w.lock.Unlock()
+	w.warnings[message] = true
+}
+
 // TestWebhookAdmissionWithWatchCache tests communication between API server and webhook process.
 func TestWebhookAdmissionWithWatchCache(t *testing.T) {
 	testWebhookAdmission(t, true)
@ -399,6 +437,7 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
 	// holder communicates expectations to webhooks, and results from webhooks
 	holder := &holder{
 		t:                 t,
+		warningHandler:    &warningHandler{warnings: map[string]bool{}},
 		gvrToConvertedGVR: map[metav1.GroupVersionResource]metav1.GroupVersionResource{},
 		gvrToConvertedGVK: map[metav1.GroupVersionResource]schema.GroupVersionKind{},
 	}
@ -451,6 +490,7 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
 	clientConfig := rest.CopyConfig(server.ClientConfig)
 	clientConfig.Impersonate.UserName = testClientUsername
 	clientConfig.Impersonate.Groups = []string{"system:masters", "system:authenticated"}
+	clientConfig.WarningHandler = holder.warningHandler
 	client, err := clientset.NewForConfig(clientConfig)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@ -1265,6 +1305,9 @@ func newV1beta1WebhookHandler(t *testing.T, holder *holder, phase string, conver
 		review.Kind = ""
 		review.Response.UID = ""

+		// test plumbing warnings back to the client
+		review.Response.Warnings = []string{makeWarning("v1beta1", phase, converted)}
+
 		// If we're mutating, and have an object, return a patch to exercise conversion
 		if phase == mutation && len(review.Request.Object.Raw) > 0 {
 			review.Response.Patch = []byte(`[{"op":"add","path":"/foo","value":"test"}]`)
@ -1355,6 +1398,9 @@ func newV1WebhookHandler(t *testing.T, holder *holder, phase string, converted b
 			Allowed: true,
 			UID:     review.Request.UID,
 			Result:  &metav1.Status{Message: "admitted"},
+
+			// test plumbing warnings back
+			Warnings: []string{makeWarning("v1", phase, converted)},
 		}
 		// If we're mutating, and have an object, return a patch to exercise conversion
 		if phase == mutation && len(review.Request.Object.Raw) > 0 {