Skip to content

Add reinvocation of mutating admission controllers#78080

Closed
jpbetz wants to merge 4 commits intokubernetes:masterfrom
jpbetz:2-pass
Closed

Add reinvocation of mutating admission controllers#78080
jpbetz wants to merge 4 commits intokubernetes:masterfrom
jpbetz:2-pass

Conversation

@jpbetz
Copy link
Copy Markdown
Contributor

@jpbetz jpbetz commented May 18, 2019
edited by liggitt
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

Implements "mutating webhook re-invocation" per the proposed KEP update.

Fixes #64333
Fixes #73291

Based on #78491 which is reviewed and approved already

Does this PR introduce a user-facing change?:

In-tree mutating admission plugins are now re-invoked if any mutating admission webhooks make changes to an object. Mutating webhooks can also opt into being re-invoked if a later admission plugin makes changes to an object by setting `reinvocationPolicy: "IfNeeded"` in their MutatingWebhookConfiguration definition.

/sig api-machinery
/priority important-soon

/assign @roycaihw @liggitt

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels May 18, 2019
@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. area/apiserver area/test kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/testing Categorizes an issue or PR as relevant to SIG Testing. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels May 18, 2019
@jpbetz jpbetz force-pushed the 2-pass branch 2 times, most recently from 8b8b953 to b87a566 Compare May 18, 2019 22:47
@jpbetz
Copy link
Copy Markdown
Contributor Author

jpbetz commented May 18, 2019

/retest

@fejta-bot
Copy link
Copy Markdown

fejta-bot commented May 18, 2019

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

sttts
sttts reviewed May 20, 2019
View reviewed changes
sttts
sttts reviewed May 20, 2019
View reviewed changes
sttts
sttts reviewed May 20, 2019
View reviewed changes
sttts
sttts reviewed May 20, 2019
View reviewed changes
sttts
sttts reviewed May 20, 2019
View reviewed changes
@sttts
Copy link
Copy Markdown
Contributor

sttts commented May 20, 2019

Missing the defaulting and validation.

@liggitt
Copy link
Copy Markdown
Member

liggitt commented May 30, 2019

this looks great. one comment on keeping webhook name differentiation local to its containing config, one nit on s/Uid/UID/g, then lgtm

@liggitt liggitt mentioned this pull request May 30, 2019
Merged
7 tasks
@liggitt
Copy link
Copy Markdown
Member

liggitt commented May 30, 2019
edited
Loading

/lgtm
/approve

API changes are approved

fyi, I also rebased this on #78309 and checked against v1.14.0 fixtures and there were no issues

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 30, 2019
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented May 30, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jpbetz, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 30, 2019
@liggitt liggitt mentioned this pull request May 30, 2019
Merged
@jpbetz
Copy link
Copy Markdown
Contributor Author

jpbetz commented May 30, 2019

/retest

2 similar comments
@liggitt
Copy link
Copy Markdown
Member

liggitt commented May 30, 2019

/retest

@jpbetz
Copy link
Copy Markdown
Contributor Author

jpbetz commented May 30, 2019

/retest

This was referenced May 31, 2019
Closed
Closed
Closed
Closed
Closed
Closed
@liggitt
Copy link
Copy Markdown
Member

liggitt commented May 31, 2019

/hold

code-freeze queue management :)
this is included in #78505 which is already reviewed/approved and in the merge queue, so when that merges, it will include these commits

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 31, 2019
@liggitt
Copy link
Copy Markdown
Member

liggitt commented May 31, 2019

included in docs PR for 1.15 at kubernetes/website#14671

@liggitt liggitt mentioned this pull request May 31, 2019
Merged
7 tasks
@liggitt
Copy link
Copy Markdown
Member

liggitt commented Jun 1, 2019

merged in #78505

@liggitt liggitt closed this Jun 1, 2019
This was referenced Jun 10, 2019
Closed
Closed
@grampelberg grampelberg mentioned this pull request Jul 17, 2019
Closed
@grampelberg grampelberg mentioned this pull request Aug 22, 2019
Closed
@jammerful jammerful mentioned this pull request Sep 30, 2019
Merged
@byxorna byxorna mentioned this pull request Oct 9, 2019
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sttts sttts sttts left review comments

@liggitt liggitt liggitt left review comments

@jennybuckley jennybuckley Awaiting requested review from jennybuckley

+1 more reviewer

@roycaihw roycaihw roycaihw left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@liggitt liggitt

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/admission-control area/apiserver area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

API Reviews
Status: API review completed, 1.15

Milestone

v1.15

Development

Successfully merging this pull request may close these issues.

Discussion on admission plugin ordering v1.10 AlwaysPullImages admission control order breaks MutatingAdmissionWebhook functionality like Istio

7 participants

@jpbetz @fejta-bot @sttts @roycaihw @dstrebel @liggitt @k8s-ci-robot