⚠ Add AdmissionReviewVersions support for webhook #474
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
size/M
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jiachengxu, vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
| SideEffects: c.sideEffects(), | ||
| // TODO(jiachengxu): AdmissionReviewVersions becomes required in admissionregistration/v1, here we default it | ||
| // to `v1` and `v1beta1`, and we should support to config the `AdmissionReviewVersions` as a marker. | ||
| AdmissionReviewVersions: []string{defaultWebhookVersion, "v1beta1"}, |
There was a problem hiding this comment.
I'm wondering if this might be nice to keep this as a default for v1, and have AdmissionReviewVersions: []string{"v1beta1"} as the default for v1beta1 or not default them (even though it is probably good practice to do so).
There was a problem hiding this comment.
For v1beta1, I think we don't need to default it since it will be defaulted by kube-apiserver to []string{"v1beta1"} if it is not specified: https://github.com/kubernetes/api/blob/master/admissionregistration/v1beta1/types.go#L318-L320
For v1, I am not sure if we should default it. I would slightly prefer to ask the user to set AdmissionReviewVersions because it is required in v1, and don't really want to hide this to the user, defaulting it without notifying may cause some unknown issues in their environments/projects. WDYT?
There was a problem hiding this comment.
On the flip side, breaking marker format for users using defaults isn’t great, although this is a requirement for v1 and they can pretty easily keep using v1beta1 if they choose. Is there a policy on breaking marker format @DirectXMan12 @vincepri?
There was a problem hiding this comment.
This is definitely a breaking change as you outlined, if we're supporting both we should have defaults only when necessary. When using v1, we should make sure there is some sort of validation to not break users
There was a problem hiding this comment.
If we’re defaulting only when necessary then we probably shouldn’t here, since these need to be set for v1 but controller-gen can’t know which admission review versions the webhook server is using.
|
/lgtm Unhold when ready to merge @jiachengxu /hold |
k8s-ci-robot
added
the
do-not-merge/hold
k8s-ci-robot
added
the
lgtm
|
/unhold |
k8s-ci-robot
removed
the
do-not-merge/hold
|
Any plans to add this is to a release? AFAICS, 0.4.0 is not compatible with controller-runtime releases which uses v1beta1 |
This PR is a follow-up of #469
This PR adds support to config
AdmissionReviewVersionsfor webhook, and this is required for generating v1 webhook.Instead of defaulting it for the user, now if it is not specified, we return an error, so this is a breaking change.