Commit Graph

155 Commits

Author SHA1 Message Date
Cici Huang
c8a089de46 Update admission initializers.
Moved RestMapper and add DynamicClient
2022-11-07 21:24:46 +00:00
Wojciech Tyczyński
f8211d7e44 Fix ResourceQuota admission shutdown 2022-05-23 12:34:50 +02:00
Benjamin Elder
56e092e382 hack/update-bazel.sh 2021-02-28 15:17:29 -08:00
Mike Danese
25651408ae generated: run refactor 2020-02-08 12:30:21 -05:00
Mike Danese
3aa59f7f30 generated: run refactor 2020-02-07 18:16:47 -08:00
David Eads
675c2fb924 add featuregate inspection as admission plugin initializer 2019-11-08 13:07:40 -05:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Joe Betz
cc2e3616f0 Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 2019-05-28 15:10:22 -07:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Jordan Liggitt
d1e865ee34 Update client callers to use explicit versions 2019-02-26 08:36:30 -05:00
Mehdy Bohlool
cebb4ee2ac Remove the propagated scheme from the Admission chain 2019-02-16 13:28:47 -08:00
Mehdy Bohlool
d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
zuoxiu.jm
a097e23efc namespace exists externalization 2018-09-27 13:24:15 +08:00
zuoxiu.jm
be7194e166 namespace autoprovision externalization 2018-09-27 12:11:02 +08:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Jeff Grafton
23ceebac22 Run hack/update-bazel.sh 2018-06-22 16:22:57 -07:00
Jeff Grafton
ef56a8d6bb Autogenerated: hack/update-bazel.sh 2018-02-16 13:43:01 -08:00
hzxuzhonghu
7c5f9e0bba refactor admission flag: add two admission flags and make plugins auto in recommended order 2018-01-19 13:16:36 +08:00
Jeff Grafton
efee0704c6 Autogenerate BUILD files 2017-12-23 13:12:11 -08:00
Kubernetes Submit Queue
aca386059d
Merge pull request #55938 from sttts/sttts-compositional-admission-metrics
Automatic merge from submit-queue (batch tested with PRs 55938, 56055, 53385, 55796, 55922). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

admission: make admission metrics compositional

Metrics emission of admission plugins and the admission chain can be implemented compositionally, i.e. completely independently from the chain logic. This PR does that, moves the whole metrics code into a sub-package to contain complexity. The plumbing logic for the emitted metrics finally is cleanly done in the apiserver bootstrapping code, instead of being totally interleaved with the core admission logic.

Ratio:
- considerably less complexity
- admission plugins are compositional, including the chain. We cannot assume that there is only one chain at the outside of the admission plugin structure. Downstream projects might have more complex admission chains, i.e. multiple chain object nested.
- addition of metrics is plumbing and should be in the apiserver plumbing code. This makes it much easier to reason about the security critical admission chain.

Follow-up of #55183 and based on #55919.
2017-11-21 07:43:40 -08:00
Dr. Stefan Schimanski
baba0c827b admission: make metrics compositional and move to metrics sub-package 2017-11-20 15:32:38 +01:00
Joe Betz
d82ae45a4c #55183 follow up: Reinstate admission chain composition and ns test 2017-11-20 15:13:23 +01:00
Dr. Stefan Schimanski
e19257f2ec admission/webhook: move webhook initializer into plugin 2017-11-20 09:28:42 +01:00
Joe Betz
2643c6ae3e Fix admission metrics to track mutating/validating correctly
Also update admission test mocks to better reflect typical usage and fix broken tests.
2017-11-14 10:46:50 -08:00
Joe Betz
9d13d1baec Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 2017-11-14 10:46:43 -08:00
David Eads
032e136e38 add type assertions to admission plugins 2017-11-13 09:20:31 -05:00
Dr. Stefan Schimanski
bec617f3cc Update generated files 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
David Eads
75c448dbc7 make easy validation admission plugins into validators 2017-11-03 07:54:39 -04:00
Dr. Stefan Schimanski
aedcf681b3 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 2017-11-02 09:29:55 +01:00
Dr. Stefan Schimanski
2452afffe0 admission: wire create+update validation func into kube registries 2017-11-02 09:29:16 +01:00
Dr. Stefan Schimanski
970d2553cc admission: { -> Mutating}Admit(admission.Attributes) 2017-11-02 08:45:41 +01:00
Dr. Stefan Schimanski
131905cdb8 admission: unify plugin constructors 2017-10-30 16:56:38 +01:00
David Eads
8c1fe1f61a move webhook admission to generic apiserver 2017-10-26 07:45:49 -04:00
Jeff Grafton
aee5f457db update BUILD files 2017-10-15 18:18:13 -07:00
p0lyn0mial
6b1f1d1414 removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer. 2017-10-03 18:08:30 +02:00
Jeff Grafton
a7f49c906d Use buildozer to delete licenses() rules except under third_party/ 2017-08-11 09:32:39 -07:00
Jeff Grafton
33276f06be Use buildozer to remove deprecated automanaged tags 2017-08-11 09:31:50 -07:00
Clayton Coleman
772ab8e1b4
Load initializers from dynamic config
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.

Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
2017-06-05 19:12:41 -04:00
p0lyn0mial
1a5da9afc8 move namespace lifecycle plugin to apiserver 2017-05-25 20:32:43 +02:00
p0lyn0mial
c5019bf696 remove init blocks from all admission plugins 2017-05-23 22:00:32 +02:00
Clayton Coleman
3e095d12b4
Refactor move of client-go/util/clock to apimachinery 2017-05-20 14:19:48 -04:00
Clayton Coleman
bb8c00583a
Update consumers of LRUExpireCache 2017-05-20 14:19:47 -04:00
Kubernetes Submit Queue
4f55f49035 Merge pull request #46042 from derekwaynecarr/quota-admission-registry
Automatic merge from submit-queue (batch tested with PRs 45346, 45903, 45958, 46042, 45975)

ResourceQuota admission control injects registry

**What this PR does / why we need it**:
The `ResourceQuota` admission controller works with a registry that maps a GroupKind to an Evaluator.  The registry used in the existing plug-in is not injectable, which makes usage of the ResourceQuota plug-in in other API server contexts difficult.  This PR updates the code to support late injection of the registry via a plug-in initializer.
2017-05-19 22:29:34 -07:00
Derek Carr
a71bea312a ResourceQuota admission control injects registry 2017-05-18 23:17:13 -04:00
p0lyn0mial
3f8d6e9210 Change all the existing admission init blocks to call a Register function
this is a two stage refactor when done there will be no init block in admission plugins.
Instead all plugins expose Register function which accept admission.Plugins instance.
The registration to global plugin registry happens inside Register func.
2017-05-18 22:25:01 +02:00
Kubernetes Submit Queue
a1684fea80 Merge pull request #42085 from cblecker/gofmt-fix
Automatic merge from submit-queue (batch tested with PRs 40055, 42085, 44509, 44568, 43956)

Fix gofmt errors

**What this PR does / why we need it**:
There were some gofmt errors on master. Ran the following to fix:
```
hack/verify-gofmt.sh | grep ^diff | awk '{ print $2 }' | xargs gofmt -w -s
```

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: none

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2017-04-17 15:39:07 -07:00
Mike Danese
a05c3c0efd autogenerated 2017-04-14 10:40:57 -07:00
Chao Xu
9d7a8df5ee add gc admission plugin that prevents user who doesn't have delete permission of the owner from setting blockOwnerDeletion 2017-04-13 11:55:22 -07:00
Dr. Stefan Schimanski
63f547e1b1 pkg/admission: make plugin registry non-global 2017-04-12 11:37:25 +02:00