Make the admission webhook run #3
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
deads2k
commented
Oct 13, 2017
| Scheme: Scheme, | ||
| ParameterCodec: metav1.ParameterCodec, | ||
| NegotiatedSerializer: Codecs, | ||
| SubresourceGroupVersionKind: map[string]schema.GroupVersionKind{ |
There was a problem hiding this comment.
@smarterclayton this tricks the REST handler code into decoding the object we want, but it is a side-effect, not intent. I think we should officially allow the intent.
deads2k
commented
Oct 13, 2017
| @@ -31,6 +31,7 @@ func NewNamespaceReservationServerOptions(out, errOut io.Writer) *NamespaceReser | |||
| StdOut: out, | |||
| StdErr: errOut, | |||
| } | |||
| o.RecommendedOptions.Etcd = nil | |||
deads2k
commented
Oct 13, 2017
| } | ||
|
|
||
| admittingObjectName := &NamedThing{} | ||
| err := json.Unmarshal(admissionReview.Spec.Object.Raw, admittingObjectName) |
There was a problem hiding this comment.
Can't use a normal metadata path because the admission webhook is broken.
deads2k
commented
Oct 13, 2017
| return nil, errors.NewBadRequest(err.Error()) | ||
| } | ||
|
|
||
| if len(admittingObjectName.Name) == 0 { |
There was a problem hiding this comment.
fail closed on empty name. might be generated later, but this fails anyway.
deads2k
commented
Oct 13, 2017
| return admissionReview, nil | ||
| } | ||
|
|
||
| if admittingObjectName.Name == "fail-me" { |
There was a problem hiding this comment.
proof that it works. To be updated later
|
@dgoodwin let's get this closed off so I can tidy and plumb a client config in a smaller pull. We'll finally be to the meat. |
dgoodwin
approved these changes
Oct 16, 2017
openshift-merge-robot
added a commit
to openshift/origin
that referenced
this pull request
Oct 17, 2017
Automatic merge from submit-queue (batch tested with PRs 16861, 16438). make webhook admission kind of work This is done to support openshift/kubernetes-namespace-reservation#3 . It contains multiple fixes needed to make webhooks run at all. In addition, it changes validation rules and admission handling until we get changes like kubernetes/kubernetes#53826 into the API. This affects handling and compatibility of an alpha feature. @dgoodwin @abhgupta be ready for upgrade pain in this area. @bparees I turned this on in cluster-up. Surgery was relatively minor
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This bumps the vendored level of kube for some changes we need, then updates the templates to wire the admission hook (note that this requires patches apiserver-side), and sets up the apiserver to accept our input.