Skip to content

Commit 18f8cb8

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request kubernetes#118644 from alexzielenski/apiserver/policy/namespaceParamRef
KEP-3488: Promote ValidatingAdmissionPolicy to Beta
2 parents 773a6b1 + d647958 commit 18f8cb8

File tree

77 files changed

+19454
-1844
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

77 files changed

+19454
-1844
lines changed

api/discovery/aggregated_v2beta1.json

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1240,6 +1240,73 @@
12401240
],
12411241
"version": "v1"
12421242
},
1243+
{
1244+
"freshness": "Current",
1245+
"resources": [
1246+
{
1247+
"categories": [
1248+
"api-extensions"
1249+
],
1250+
"resource": "validatingadmissionpolicies",
1251+
"responseKind": {
1252+
"group": "",
1253+
"kind": "ValidatingAdmissionPolicy",
1254+
"version": ""
1255+
},
1256+
"scope": "Cluster",
1257+
"singularResource": "validatingadmissionpolicy",
1258+
"subresources": [
1259+
{
1260+
"responseKind": {
1261+
"group": "",
1262+
"kind": "ValidatingAdmissionPolicy",
1263+
"version": ""
1264+
},
1265+
"subresource": "status",
1266+
"verbs": [
1267+
"get",
1268+
"patch",
1269+
"update"
1270+
]
1271+
}
1272+
],
1273+
"verbs": [
1274+
"create",
1275+
"delete",
1276+
"deletecollection",
1277+
"get",
1278+
"list",
1279+
"patch",
1280+
"update",
1281+
"watch"
1282+
]
1283+
},
1284+
{
1285+
"categories": [
1286+
"api-extensions"
1287+
],
1288+
"resource": "validatingadmissionpolicybindings",
1289+
"responseKind": {
1290+
"group": "",
1291+
"kind": "ValidatingAdmissionPolicyBinding",
1292+
"version": ""
1293+
},
1294+
"scope": "Cluster",
1295+
"singularResource": "validatingadmissionpolicybinding",
1296+
"verbs": [
1297+
"create",
1298+
"delete",
1299+
"deletecollection",
1300+
"get",
1301+
"list",
1302+
"patch",
1303+
"update",
1304+
"watch"
1305+
]
1306+
}
1307+
],
1308+
"version": "v1beta1"
1309+
},
12431310
{
12441311
"freshness": "Current",
12451312
"resources": [

api/discovery/apis.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,10 @@
188188
"groupVersion": "admissionregistration.k8s.io/v1",
189189
"version": "v1"
190190
},
191+
{
192+
"groupVersion": "admissionregistration.k8s.io/v1beta1",
193+
"version": "v1beta1"
194+
},
191195
{
192196
"groupVersion": "admissionregistration.k8s.io/v1alpha1",
193197
"version": "v1alpha1"

api/discovery/apis__admissionregistration.k8s.io.json

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,10 @@
1111
"groupVersion": "admissionregistration.k8s.io/v1",
1212
"version": "v1"
1313
},
14+
{
15+
"groupVersion": "admissionregistration.k8s.io/v1beta1",
16+
"version": "v1beta1"
17+
},
1418
{
1519
"groupVersion": "admissionregistration.k8s.io/v1alpha1",
1620
"version": "v1alpha1"

api/discovery/apis__admissionregistration.k8s.io__v1beta1.json

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
{
2+
"apiVersion": "v1",
3+
"groupVersion": "admissionregistration.k8s.io/v1beta1",
4+
"kind": "APIResourceList",
5+
"resources": [
6+
{
7+
"categories": [
8+
"api-extensions"
9+
],
10+
"kind": "ValidatingAdmissionPolicy",
11+
"name": "validatingadmissionpolicies",
12+
"namespaced": false,
13+
"singularName": "validatingadmissionpolicy",
14+
"storageVersionHash": "Vd+hadMG3gs=",
15+
"verbs": [
16+
"create",
17+
"delete",
18+
"deletecollection",
19+
"get",
20+
"list",
21+
"patch",
22+
"update",
23+
"watch"
24+
]
25+
},
26+
{
27+
"kind": "ValidatingAdmissionPolicy",
28+
"name": "validatingadmissionpolicies/status",
29+
"namespaced": false,
30+
"singularName": "",
31+
"verbs": [
32+
"get",
33+
"patch",
34+
"update"
35+
]
36+
},
37+
{
38+
"categories": [
39+
"api-extensions"
40+
],
41+
"kind": "ValidatingAdmissionPolicyBinding",
42+
"name": "validatingadmissionpolicybindings",
43+
"namespaced": false,
44+
"singularName": "validatingadmissionpolicybinding",
45+
"storageVersionHash": "Yc3M4GKADk4=",
46+
"verbs": [
47+
"create",
48+
"delete",
49+
"deletecollection",
50+
"get",
51+
"list",
52+
"patch",
53+
"update",
54+
"watch"
55+
]
56+
}
57+
]
58+
}

api/openapi-spec/swagger.json

Lines changed: 2270 additions & 306 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

api/openapi-spec/v3/apis__admissionregistration.k8s.io__v1beta1_openapi.json

Lines changed: 4403 additions & 0 deletions
Large diffs are not rendered by default.

cmd/kube-apiserver/app/aggregator.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,6 +289,7 @@ var apiVersionPriorities = map[schema.GroupVersion]priority{
289289
{Group: "storage.k8s.io", Version: "v1alpha1"}: {group: 16800, version: 1},
290290
{Group: "apiextensions.k8s.io", Version: "v1"}: {group: 16700, version: 15},
291291
{Group: "admissionregistration.k8s.io", Version: "v1"}: {group: 16700, version: 15},
292+
{Group: "admissionregistration.k8s.io", Version: "v1beta1"}: {group: 16700, version: 12},
292293
{Group: "admissionregistration.k8s.io", Version: "v1alpha1"}: {group: 16700, version: 9},
293294
{Group: "scheduling.k8s.io", Version: "v1"}: {group: 16600, version: 15},
294295
{Group: "coordination.k8s.io", Version: "v1"}: {group: 16500, version: 15},

cmd/kube-controller-manager/app/validatingadmissionpolicystatus.go

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ package app
1919
import (
2020
"context"
2121

22-
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
22+
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
2323
pluginvalidatingadmissionpolicy "k8s.io/apiserver/pkg/admission/plugin/validatingadmissionpolicy"
2424
"k8s.io/apiserver/pkg/cel/openapi/resolver"
2525
"k8s.io/client-go/kubernetes/scheme"
@@ -28,7 +28,7 @@ import (
2828
"k8s.io/kubernetes/pkg/generated/openapi"
2929
)
3030

31-
var validatingAdmissionPolicyResource = admissionregistrationv1alpha1.SchemeGroupVersion.WithResource("validatingadmissionpolicies")
31+
var validatingAdmissionPolicyResource = admissionregistrationv1beta1.SchemeGroupVersion.WithResource("validatingadmissionpolicies")
3232

3333
func startValidatingAdmissionPolicyStatusController(ctx context.Context, controllerContext ControllerContext) (controller.Interface, bool, error) {
3434
// intended check against served resource but not feature gate.
@@ -41,8 +41,8 @@ func startValidatingAdmissionPolicyStatusController(ctx context.Context, control
4141
RestMapper: controllerContext.RESTMapper,
4242
}
4343
c, err := validatingadmissionpolicystatus.NewController(
44-
controllerContext.InformerFactory.Admissionregistration().V1alpha1().ValidatingAdmissionPolicies(),
45-
controllerContext.ClientBuilder.ClientOrDie("validatingadmissionpolicy-status-controller").AdmissionregistrationV1alpha1().ValidatingAdmissionPolicies(),
44+
controllerContext.InformerFactory.Admissionregistration().V1beta1().ValidatingAdmissionPolicies(),
45+
controllerContext.ClientBuilder.ClientOrDie("validatingadmissionpolicy-status-controller").AdmissionregistrationV1beta1().ValidatingAdmissionPolicies(),
4646
typeChecker,
4747
)
4848

pkg/api/testing/defaulting_test.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -149,6 +149,10 @@ func TestDefaulting(t *testing.T) {
149149
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingWebhookConfigurationList"}: {},
150150
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "MutatingWebhookConfiguration"}: {},
151151
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "MutatingWebhookConfigurationList"}: {},
152+
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingAdmissionPolicy"}: {},
153+
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingAdmissionPolicyList"}: {},
154+
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingAdmissionPolicyBinding"}: {},
155+
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingAdmissionPolicyBindingList"}: {},
152156
{Group: "admissionregistration.k8s.io", Version: "v1", Kind: "ValidatingWebhookConfiguration"}: {},
153157
{Group: "admissionregistration.k8s.io", Version: "v1", Kind: "ValidatingWebhookConfigurationList"}: {},
154158
{Group: "admissionregistration.k8s.io", Version: "v1", Kind: "MutatingWebhookConfiguration"}: {},

pkg/apis/admissionregistration/v1beta1/defaults.go

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,30 @@ func addDefaultingFuncs(scheme *runtime.Scheme) error {
2727
return RegisterDefaults(scheme)
2828
}
2929

30+
// SetDefaults_ValidatingAdmissionPolicySpec sets defaults for ValidatingAdmissionPolicySpec
31+
func SetDefaults_ValidatingAdmissionPolicySpec(obj *admissionregistrationv1beta1.ValidatingAdmissionPolicySpec) {
32+
if obj.FailurePolicy == nil {
33+
policy := admissionregistrationv1beta1.Fail
34+
obj.FailurePolicy = &policy
35+
}
36+
}
37+
38+
// SetDefaults_MatchResources sets defaults for MatchResources
39+
func SetDefaults_MatchResources(obj *admissionregistrationv1beta1.MatchResources) {
40+
if obj.MatchPolicy == nil {
41+
policy := admissionregistrationv1beta1.Equivalent
42+
obj.MatchPolicy = &policy
43+
}
44+
if obj.NamespaceSelector == nil {
45+
selector := metav1.LabelSelector{}
46+
obj.NamespaceSelector = &selector
47+
}
48+
if obj.ObjectSelector == nil {
49+
selector := metav1.LabelSelector{}
50+
obj.ObjectSelector = &selector
51+
}
52+
}
53+
3054
// SetDefaults_ValidatingWebhook sets defaults for webhook validating
3155
func SetDefaults_ValidatingWebhook(obj *admissionregistrationv1beta1.ValidatingWebhook) {
3256
if obj.FailurePolicy == nil {

0 commit comments

Comments
 (0)