add a "best practices and warnings" section to https://github.com/kubernetes/website/blob/dev-1.15/content/en/docs/reference/access-authn-authz/extensible-admission-controllers.md that covers:
- idempotence
- intercepting all versions of an object (matchPolicy: Equivalent, failurePolicy: Fail)
- availability (be fast, set a low timeout)
- guaranteeing the final state of the object is seen (use validating webhooks)
- avoiding deadlocks in self-hosted webhooks (exclude the namespace where your webhook is running with a namespaceSelector)
- side effects (avoid side effects if possible, if required don't trigger them on dry run, ideally configure your webhook sideEffects as "None" or "NoneOnDryRun")
/cc @jpbetz @roycaihw
add a "best practices and warnings" section to https://github.com/kubernetes/website/blob/dev-1.15/content/en/docs/reference/access-authn-authz/extensible-admission-controllers.md that covers:
/cc @jpbetz @roycaihw