Admission webhook #492
Comments
k8s-ci-robot
added
the
sig/api-machinery
|
/sig api-machinery |
|
/kind feature |
k8s-ci-robot
added
the
kind/feature
caesarxuchao
added
the
stage/beta
|
/milestone 1.9 |
Let's get this in the community repo. |
|
Ack, wil do.
…On Tue, Oct 24, 2017 at 5:12 AM, David Eads ***@***.***> wrote:
Design proposal link (community repo):
https://docs.google.com/document/d/1c4kdkY3ha9rm0OIRbGleCeaHknZ-
NR1nNtDp-i8eH8E/edit?ts=59e8c984#
Let's get this in the community repo.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#492 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AHuudrHnp8GGEQi3Xg2_P53JMApTFPMFks5svdQ6gaJpZM4QDoLK>
.
|
|
Please use area/admission-control label for k/k issues/pulls Applied to a few dozen existing ones. @ae6rt |
Automatic merge from submit-queue (batch tested with PRs 54165, 53909). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding an e2e test for admission webhook Part of kubernetes/enhancements#492 The purpose of this test is making sure the webhooks get called, and the apiserver can communicate with the webhook. We will expand the test cover more webhook features in followups. The webhook used in the test rejects pods with container names "webhook-disallow". Will upload the source code of the example in a follow up PR.
Automatic merge from submit-queue (batch tested with PRs 54165, 53909). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Adding an e2e test for admission webhook Part of kubernetes/enhancements#492 The purpose of this test is making sure the webhooks get called, and the apiserver can communicate with the webhook. We will expand the test cover more webhook features in followups. The webhook used in the test rejects pods with container names "webhook-disallow". Will upload the source code of the example in a follow up PR. Kubernetes-commit: 444d0c11153647d45b899b25a5dbbd3a5ea4a123
Automatic merge from submit-queue (batch tested with PRs 55268, 55282, 55419, 48340, 54829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add MutatingWebhookConfiguration type As part of Mutating Webhook support, this PR adds the configuration for Mutating webhooks. It also renames existing ReadOnly webhook configurations from ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration. As part of the process some sub-types are also renamed. Lastly, the mutating webhook configurations are sorted by name to make the serial executing of them deterministic. ref: kubernetes/enhancements#492
Automatic merge from submit-queue (batch tested with PRs 55268, 55282, 55419, 48340, 54829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add MutatingWebhookConfiguration type As part of Mutating Webhook support, this PR adds the configuration for Mutating webhooks. It also renames existing ReadOnly webhook configurations from ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration. As part of the process some sub-types are also renamed. Lastly, the mutating webhook configurations are sorted by name to make the serial executing of them deterministic. ref: kubernetes/enhancements#492 Kubernetes-commit: 61f210859d9c4bd64af254ba696f6f693596ced9
Automatic merge from submit-queue (batch tested with PRs 55268, 55282, 55419, 48340, 54829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add MutatingWebhookConfiguration type As part of Mutating Webhook support, this PR adds the configuration for Mutating webhooks. It also renames existing ReadOnly webhook configurations from ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration. As part of the process some sub-types are also renamed. Lastly, the mutating webhook configurations are sorted by name to make the serial executing of them deterministic. ref: kubernetes/enhancements#492 Kubernetes-commit: 61f210859d9c4bd64af254ba696f6f693596ced9
Automatic merge from submit-queue (batch tested with PRs 55268, 55282, 55419, 48340, 54829). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add MutatingWebhookConfiguration type As part of Mutating Webhook support, this PR adds the configuration for Mutating webhooks. It also renames existing ReadOnly webhook configurations from ExternalAdmissionHookConfiguration to ValidatingWebhookConfiguration. As part of the process some sub-types are also renamed. Lastly, the mutating webhook configurations are sorted by name to make the serial executing of them deterministic. ref: kubernetes/enhancements#492 Kubernetes-commit: 61f210859d9c4bd64af254ba696f6f693596ced9
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix webhook API to also support URLs ref: kubernetes/enhancements#492 ```release-note The dynamic admission webhook now supports a URL in addition to a service reference, to accommodate out-of-cluster webhooks. ```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Tighten webhook client config validation ref kubernetes/enhancements#492 Fix up some nits left from #54889. ```release-note NONE ```
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix webhook API to also support URLs ref: kubernetes/enhancements#492 ```release-note The dynamic admission webhook now supports a URL in addition to a service reference, to accommodate out-of-cluster webhooks. ``` Kubernetes-commit: e93819049db49694718bc9c96e67050d366c6f63
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Tighten webhook client config validation ref kubernetes/enhancements#492 Fix up some nits left from #54889. ```release-note NONE ``` Kubernetes-commit: 2db28383e1151e5d442b81eb73a02b3cf144615c
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Fix webhook API to also support URLs ref: kubernetes/enhancements#492 ```release-note The dynamic admission webhook now supports a URL in addition to a service reference, to accommodate out-of-cluster webhooks. ``` Kubernetes-commit: e93819049db49694718bc9c96e67050d366c6f63
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Tighten webhook client config validation ref kubernetes/enhancements#492 Fix up some nits left from #54889. ```release-note NONE ``` Kubernetes-commit: 2db28383e1151e5d442b81eb73a02b3cf144615c
|
/assign @jpbetz |
|
Hi @jpbetz caesarxuchao. Code Freeze is Thursday, May 30th 2019 @ EOD PST. All enhancements going into the release must be code-complete, including tests, and have docs PRs open. It looks like all these are merged and this is in good shape. Let me know if there are any k/k PRs in flight. If you know this will slip, please reply back and let us know. Thanks! |
|
Hey, @caesarxuchao @liggitt . Deadline for submitting at least Draft/Placeholder PR by May 30th 2019 @ EOD PST. Does this enhancement require any new docs (or modifications)? |
|
PRs we're tracking for this feature: |
|
draft docs PR for 1.15 changes at kubernetes/website#14671 |
|
status for 1.15 is still beta, continuing improvements. /stage beta |
k8s-ci-robot
added
stage/beta
|
/milestone v1.16 |
k8s-ci-robot
added
stage/stable
|
Hey @jpbetz / @liggitt / @caesarxuchao - I'm adding this to the tracked enhancements for 1.16 as expected to graduate to As a reminder, 1.16 milestone dates are Enhancement Freeze 7/30 and Code Freeze 8/29. Thanks! |
|
Hey, @jpbetz @liggitt @caesarxuchao I'm the v1.16 docs release lead. Does this enhancement (or the work planned for v1.16) require any new docs (or modifications)? Just a friendly reminder we're looking for a PR against k/website (branch dev-1.16) due by Friday,August 23rd. It would be great if it's the start of the full documentation, but even a placeholder PR is acceptable. Let me know if you have any questions! |
|
There is a requirement that GA/stable APIs must have conformance tests: I created an umbrella issue for missing conformance tests using https://apisnoop.cncf.io: /assign @timothysc |
|
1.16 WIP docs PR at kubernetes/website#15985 |
|
@liggitt code freeze for 1.16 is on Thursday 8/29. Are there any outstanding k/k PRs that still need to be merged for this to go Stable? |
|
I believe there is just two in-progress bug fixes and then everything is ready: kubernetes/kubernetes#81399, kubernetes/kubernetes#81896 |
|
Released as stable in v1.16.0 Post-GA work tracked in https://github.com/orgs/kubernetes/projects/32 /close |
|
@liggitt: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
kacole2
removed
the
tracked/yes
and others
Feature Description
The admission webhook feature now supports both mutating webhook and validation (non-mutating) webhook. The dynamic registration API of webhook is promoted to v1beta1. The admission API is promoted to v1beta1.
Primary contact (assignee):
@mbhlool
Responsible SIGs:
/sig api-machinery
Design proposal link (community repo):
markdown version (latest): https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/00xx-admission-webhooks-to-ga.md
community proposal: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/admission-control-webhooks.md
tasks tracked in https://github.com/orgs/kubernetes/projects/32
@cheftako @liggitt @deads2k
@erictune @lavalamp @deads2k
The text was updated successfully, but these errors were encountered: