Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add mutating webhook re-invocation details #1049

Merged
merged 1 commit into from
May 29, 2019
Merged

Add mutating webhook re-invocation details #1049

merged 1 commit into from
May 29, 2019

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented May 6, 2019
edited

Adds details of the opt-in re-invocation mechanism

/cc @deads2k @lavalamp

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. labels May 6, 2019
@lavalamp
Copy link
Member

lavalamp commented May 8, 2019

/assign

@lavalamp
Copy link
Member

lavalamp commented May 8, 2019

cc @yliaog

@liggitt liggitt force-pushed the admission-ordering branch 2 times, most recently from bcff6b6 to fe5bfe7 Compare May 16, 2019 15:56
@liggitt
Copy link
Member Author

liggitt commented May 16, 2019

addressed comments, renamed v1beta1 field, outlined plan for dropping the field and requiring idempotence in v1

@liggitt
Copy link
Member Author

liggitt commented May 16, 2019

@lavalamp @deads2k updated, PTAL

@liggitt liggitt changed the title Add mutating webhook recall details Add mutating webhook re-invocation details May 16, 2019
@jpbetz jpbetz mentioned this pull request May 18, 2019
Closed
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels May 21, 2019
@liggitt
Copy link
Member Author

liggitt commented May 22, 2019

/assign @deads2k

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 22, 2019
lavalamp
lavalamp reviewed May 28, 2019
View reviewed changes
keps/sig-api-machinery/00xx-admission-webhooks-to-ga.md
that do not are broken for some set of user input.

Note that idempotence (whether a webhook can successfully operate on its own output) is distinct from
the `sideEffects` indicator, which describes whether a webhook can safely be called in `dryRun` mode.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Webhooks with side effects should not double-actuate their side effects, so I think it's not quite as separate as described. Do we need to tell webhooks whether they are looking at the first or second invocation?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to tell webhooks whether they are looking at the first or second invocation?

I would avoid that if at all possible. Admission can already be invoked multiple times per API request in case of conflicts encountered inside a GuaranteedUpdate loop.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point. Maybe we should say, "It's already the responsibility of webhooks with side effects to avoid double-actuating those side effects if they are invoked multiple times for the same attempted change (which can already happen if a PATCH is retried due to an etcd conflict)."

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How can a webhook detect this condition, though?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still think it'd be good to add a blurb about this.

It continues to be the responsibility of webhooks with side effects to avoid
double-actuating those side effects. Note that it is already possible for all
webhooks to be invoked multiple times for the same change, if the entire
admission process is retried due to an etcd conflict.

@liggitt liggitt force-pushed the admission-ordering branch 2 times, most recently from b5f9ae1 to 05248ef Compare May 28, 2019 15:44
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 28, 2019
@jpbetz jpbetz mentioned this pull request May 29, 2019
Closed
@lavalamp
Copy link
Member

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 29, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: lavalamp, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 29, 2019
@k8s-ci-robot k8s-ci-robot merged commit 352e2c6 into kubernetes:master May 29, 2019
@liggitt liggitt deleted the admission-ordering branch May 31, 2019 01:20
@Neumann-Nils Neumann-Nils mentioned this pull request Jun 22, 2020
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpbetz jpbetz jpbetz left review comments

@lavalamp lavalamp lavalamp left review comments

@sttts sttts sttts left review comments

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@lavalamp lavalamp

@deads2k deads2k

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@liggitt @lavalamp @k8s-ci-robot @jpbetz @sttts @deads2k