Cici Huang
c8a089de46
Update admission initializers.
...
Moved RestMapper and add DynamicClient
2022-11-07 21:24:46 +00:00
Wojciech Tyczyński
f8211d7e44
Fix ResourceQuota admission shutdown
2022-05-23 12:34:50 +02:00
David Eads
675c2fb924
add featuregate inspection as admission plugin initializer
2019-11-08 13:07:40 -05:00
Jordan Liggitt
61774cd717
Plumb context to admission Admit/Validate
2019-08-20 11:11:00 -04:00
Joe Betz
cc2e3616f0
Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent
2019-05-28 15:10:22 -07:00
Joe Betz
900d652a9a
Update tests for: Pass {Operation}Option to Webhooks
2019-05-14 10:49:43 -07:00
Mehdy Bohlool
cebb4ee2ac
Remove the propagated scheme from the Admission chain
2019-02-16 13:28:47 -08:00
Mehdy Bohlool
d08bc3774d
Mechanical changes due to signature change for Admit and Validate functions
2019-02-16 13:28:47 -08:00
zuoxiu.jm
be7194e166
namespace autoprovision externalization
2018-09-27 12:11:02 +08:00
jennybuckley
adafb1365e
Support dry run in admission plugins
2018-08-06 10:37:44 -07:00
Kubernetes Submit Queue
aca386059d
Merge pull request #55938 from sttts/sttts-compositional-admission-metrics
...
Automatic merge from submit-queue (batch tested with PRs 55938, 56055, 53385, 55796, 55922). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md ">here</a>.
admission: make admission metrics compositional
Metrics emission of admission plugins and the admission chain can be implemented compositionally, i.e. completely independently from the chain logic. This PR does that, moves the whole metrics code into a sub-package to contain complexity. The plumbing logic for the emitted metrics finally is cleanly done in the apiserver bootstrapping code, instead of being totally interleaved with the core admission logic.
Ratio:
- considerably less complexity
- admission plugins are compositional, including the chain. We cannot assume that there is only one chain at the outside of the admission plugin structure. Downstream projects might have more complex admission chains, i.e. multiple chain object nested.
- addition of metrics is plumbing and should be in the apiserver plumbing code. This makes it much easier to reason about the security critical admission chain.
Follow-up of #55183 and based on #55919 .
2017-11-21 07:43:40 -08:00
Dr. Stefan Schimanski
baba0c827b
admission: make metrics compositional and move to metrics sub-package
2017-11-20 15:32:38 +01:00
Joe Betz
d82ae45a4c
#55183 follow up: Reinstate admission chain composition and ns test
2017-11-20 15:13:23 +01:00
Dr. Stefan Schimanski
e19257f2ec
admission/webhook: move webhook initializer into plugin
2017-11-20 09:28:42 +01:00
Joe Betz
2643c6ae3e
Fix admission metrics to track mutating/validating correctly
...
Also update admission test mocks to better reflect typical usage and fix broken tests.
2017-11-14 10:46:50 -08:00
Joe Betz
9d13d1baec
Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086
2017-11-14 10:46:43 -08:00
Dr. Stefan Schimanski
012b085ac8
pkg/apis/core: mechanical import fixes in dependencies
2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
aedcf681b3
admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e}
2017-11-02 09:29:55 +01:00
Dr. Stefan Schimanski
970d2553cc
admission: { -> Mutating}Admit(admission.Attributes)
2017-11-02 08:45:41 +01:00
David Eads
8c1fe1f61a
move webhook admission to generic apiserver
2017-10-26 07:45:49 -04:00
p0lyn0mial
6b1f1d1414
removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer.
2017-10-03 18:08:30 +02:00
Clayton Coleman
772ab8e1b4
Load initializers from dynamic config
...
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.
Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
2017-06-05 19:12:41 -04:00
Derek Carr
a71bea312a
ResourceQuota admission control injects registry
2017-05-18 23:17:13 -04:00
Chao Xu
9d7a8df5ee
add gc admission plugin that prevents user who doesn't have delete permission of the owner from setting blockOwnerDeletion
2017-04-13 11:55:22 -07:00
Hemant Kumar
b0581d688d
Fix Multizone pv creation on GCE
...
When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.
2017-02-28 12:24:14 -05:00
Andy Goldstein
022bff7fbe
Switch admission to use shared informers
2017-02-23 11:16:09 -05:00
deads2k
9488e2ba30
move testing/core to client-go
2017-01-26 13:54:40 -05:00
deads2k
01b3b2b461
move admission to genericapiserver
2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types
2017-01-17 16:17:19 -05:00
deads2k
77b4d55982
mechanical
2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc
start the apimachinery repo
2017-01-11 09:09:48 -05:00
deads2k
2861509b6d
refactored admission to avoid internal client references
2017-01-03 15:50:12 -05:00
Clayton Coleman
5df8cc39c9
refactor: generated
2016-12-03 19:10:46 -05:00
Chao Xu
1044aa4500
plugin/admission; including resourcequota admission
2016-11-23 15:53:09 -08:00
pweil-
5c66dcb526
inject authorizer when admission controller requests it
2016-10-12 13:05:34 -04:00
Mike Danese
a765d59932
move informer and controller to pkg/client/cache
...
Signed-off-by: Mike Danese <mikedanese@google.com>
2016-09-15 12:50:08 -07:00
Daniel Smith
a291846cd1
Revert "Remove deprecated Namespace admission plug-ins"
2016-08-28 10:20:44 -07:00
derekwaynecarr
c727fdc81f
Remove deprecated namespace admission controllers
2016-08-26 11:14:55 -04:00
derekwaynecarr
0339ef7961
Fix usage of shared informer in namespace admission controllers
2016-08-01 13:40:34 -04:00
derekwaynecarr
09c97a2acc
Disable flaky unit test in admission plugin in NamespaceAutoProvision
2016-07-26 17:36:14 -04:00
Dominika Hodovska
037d116add
Factory for SharedIndexInformers
2016-07-21 14:04:48 +02:00
Dominika Hodovska
fc0a3c6dcb
Allow shareable resources for admission control plugins
2016-07-20 12:53:52 +02:00
David McMahon
ef0c9f0c5b
Remove "All rights reserved" from all the headers.
2016-06-29 17:47:36 -07:00
Jordan Liggitt
29252acd1a
Change rest storage Update interface to retrieve updated object
...
Add OldObject to admission attributes
Update resthandler Patch/Update admission plumbing
2016-05-23 21:09:26 -04:00
deads2k
0061479890
fully qualify admission resources and kinds
2016-04-26 07:55:33 -04:00
Chao Xu
ad46715f51
generate fake client for release_1_2
2016-02-17 16:10:02 -08:00
Chao Xu
cddd7b56a4
replace client with clientset in kubelet and other places
2016-02-02 20:28:45 -08:00
deads2k
9fda7f1812
update StatusDetails to handle Groups
2015-12-17 09:14:12 -05:00
deads2k
3f045cf168
udpate admission for API groups
2015-12-07 08:55:01 -05:00
Daniel Smith
15b30b8b09
Move version agnostic parts of client
...
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
2015-09-10 17:17:59 -07:00