Commit Graph

65 Commits

Author SHA1 Message Date
Cici Huang
c8a089de46 Update admission initializers.
Moved RestMapper and add DynamicClient
2022-11-07 21:24:46 +00:00
Wojciech Tyczyński
f8211d7e44 Fix ResourceQuota admission shutdown 2022-05-23 12:34:50 +02:00
David Eads
675c2fb924 add featuregate inspection as admission plugin initializer 2019-11-08 13:07:40 -05:00
Jordan Liggitt
61774cd717 Plumb context to admission Admit/Validate 2019-08-20 11:11:00 -04:00
Joe Betz
cc2e3616f0 Add WithReinvocationTesting utility for ensuring that admission plugin reinvocation is idempotent 2019-05-28 15:10:22 -07:00
Joe Betz
900d652a9a Update tests for: Pass {Operation}Option to Webhooks 2019-05-14 10:49:43 -07:00
Mehdy Bohlool
cebb4ee2ac Remove the propagated scheme from the Admission chain 2019-02-16 13:28:47 -08:00
Mehdy Bohlool
d08bc3774d Mechanical changes due to signature change for Admit and Validate functions 2019-02-16 13:28:47 -08:00
zuoxiu.jm
be7194e166 namespace autoprovision externalization 2018-09-27 12:11:02 +08:00
jennybuckley
adafb1365e Support dry run in admission plugins 2018-08-06 10:37:44 -07:00
Kubernetes Submit Queue
aca386059d
Merge pull request #55938 from sttts/sttts-compositional-admission-metrics
Automatic merge from submit-queue (batch tested with PRs 55938, 56055, 53385, 55796, 55922). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

admission: make admission metrics compositional

Metrics emission of admission plugins and the admission chain can be implemented compositionally, i.e. completely independently from the chain logic. This PR does that, moves the whole metrics code into a sub-package to contain complexity. The plumbing logic for the emitted metrics finally is cleanly done in the apiserver bootstrapping code, instead of being totally interleaved with the core admission logic.

Ratio:
- considerably less complexity
- admission plugins are compositional, including the chain. We cannot assume that there is only one chain at the outside of the admission plugin structure. Downstream projects might have more complex admission chains, i.e. multiple chain object nested.
- addition of metrics is plumbing and should be in the apiserver plumbing code. This makes it much easier to reason about the security critical admission chain.

Follow-up of #55183 and based on #55919.
2017-11-21 07:43:40 -08:00
Dr. Stefan Schimanski
baba0c827b admission: make metrics compositional and move to metrics sub-package 2017-11-20 15:32:38 +01:00
Joe Betz
d82ae45a4c #55183 follow up: Reinstate admission chain composition and ns test 2017-11-20 15:13:23 +01:00
Dr. Stefan Schimanski
e19257f2ec admission/webhook: move webhook initializer into plugin 2017-11-20 09:28:42 +01:00
Joe Betz
2643c6ae3e Fix admission metrics to track mutating/validating correctly
Also update admission test mocks to better reflect typical usage and fix broken tests.
2017-11-14 10:46:50 -08:00
Joe Betz
9d13d1baec Add system namespaces to admission metrics. Add tests and leverage test code from PR#55086 2017-11-14 10:46:43 -08:00
Dr. Stefan Schimanski
012b085ac8 pkg/apis/core: mechanical import fixes in dependencies 2017-11-09 12:14:08 +01:00
Dr. Stefan Schimanski
aedcf681b3 admission: rename Validate{ -> Initialization}, Validat{ingAdmit -> e} 2017-11-02 09:29:55 +01:00
Dr. Stefan Schimanski
970d2553cc admission: { -> Mutating}Admit(admission.Attributes) 2017-11-02 08:45:41 +01:00
David Eads
8c1fe1f61a move webhook admission to generic apiserver 2017-10-26 07:45:49 -04:00
p0lyn0mial
6b1f1d1414 removes Authorizer and ExternalClientSet from kubeapiserver's admission initializer. 2017-10-03 18:08:30 +02:00
Clayton Coleman
772ab8e1b4
Load initializers from dynamic config
Handle failure cases on startup gracefully to avoid causing cascading
errors and poor initialization in other components. Initial errors from
config load cause the initializer to pause and hold requests. Return
typed errors to better communicate failures to clients.

Add code to handle two specific cases - admin wants to bypass
initialization defaulting, and mirror pods (which want to bypass
initialization because the kubelet owns their lifecycle).
2017-06-05 19:12:41 -04:00
Derek Carr
a71bea312a ResourceQuota admission control injects registry 2017-05-18 23:17:13 -04:00
Chao Xu
9d7a8df5ee add gc admission plugin that prevents user who doesn't have delete permission of the owner from setting blockOwnerDeletion 2017-04-13 11:55:22 -07:00
Hemant Kumar
b0581d688d Fix Multizone pv creation on GCE
When Multizone is enabled static PV creation on GCE
fails because Cloud provider configuration is not
available in admission plugins.
2017-02-28 12:24:14 -05:00
Andy Goldstein
022bff7fbe Switch admission to use shared informers 2017-02-23 11:16:09 -05:00
deads2k
9488e2ba30 move testing/core to client-go 2017-01-26 13:54:40 -05:00
deads2k
01b3b2b461 move admission to genericapiserver 2017-01-18 08:15:19 -05:00
Clayton Coleman
9a2a50cda7
refactor: use metav1.ObjectMeta in other types 2017-01-17 16:17:19 -05:00
deads2k
77b4d55982 mechanical 2017-01-16 09:35:12 -05:00
deads2k
6a4d5cd7cc start the apimachinery repo 2017-01-11 09:09:48 -05:00
deads2k
2861509b6d refactored admission to avoid internal client references 2017-01-03 15:50:12 -05:00
Clayton Coleman
5df8cc39c9
refactor: generated 2016-12-03 19:10:46 -05:00
Chao Xu
1044aa4500 plugin/admission; including resourcequota admission 2016-11-23 15:53:09 -08:00
pweil-
5c66dcb526 inject authorizer when admission controller requests it 2016-10-12 13:05:34 -04:00
Mike Danese
a765d59932 move informer and controller to pkg/client/cache
Signed-off-by: Mike Danese <mikedanese@google.com>
2016-09-15 12:50:08 -07:00
Daniel Smith
a291846cd1 Revert "Remove deprecated Namespace admission plug-ins" 2016-08-28 10:20:44 -07:00
derekwaynecarr
c727fdc81f Remove deprecated namespace admission controllers 2016-08-26 11:14:55 -04:00
derekwaynecarr
0339ef7961 Fix usage of shared informer in namespace admission controllers 2016-08-01 13:40:34 -04:00
derekwaynecarr
09c97a2acc Disable flaky unit test in admission plugin in NamespaceAutoProvision 2016-07-26 17:36:14 -04:00
Dominika Hodovska
037d116add Factory for SharedIndexInformers 2016-07-21 14:04:48 +02:00
Dominika Hodovska
fc0a3c6dcb Allow shareable resources for admission control plugins 2016-07-20 12:53:52 +02:00
David McMahon
ef0c9f0c5b Remove "All rights reserved" from all the headers. 2016-06-29 17:47:36 -07:00
Jordan Liggitt
29252acd1a Change rest storage Update interface to retrieve updated object
Add OldObject to admission attributes

Update resthandler Patch/Update admission plumbing
2016-05-23 21:09:26 -04:00
deads2k
0061479890 fully qualify admission resources and kinds 2016-04-26 07:55:33 -04:00
Chao Xu
ad46715f51 generate fake client for release_1_2 2016-02-17 16:10:02 -08:00
Chao Xu
cddd7b56a4 replace client with clientset in kubelet and other places 2016-02-02 20:28:45 -08:00
deads2k
9fda7f1812 update StatusDetails to handle Groups 2015-12-17 09:14:12 -05:00
deads2k
3f045cf168 udpate admission for API groups 2015-12-07 08:55:01 -05:00
Daniel Smith
15b30b8b09 Move version agnostic parts of client
pkg/client/unversioned/cache -> pkg/client/cache
pkg/client/unversioned/record -> pkg/client/record
2015-09-10 17:17:59 -07:00