k3s-io
/
k3s
mirror of https://github.com/k3s-io/k3s.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove reference to v1alpha1

pull/6/head
Chao Xu 2017-11-19 13:54:50 -08:00
parent 3ad49765d6
commit 7945ae68d0
40 changed files with 326 additions and 321 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
hack/.golint_failures
View File

@ -23,9 +23,10 @@ pkg/api/v1/resource
pkg/apis/abac
pkg/apis/abac/latest
pkg/apis/admission
pkg/apis/admission/v1alpha1
pkg/apis/admission/v1beta1
pkg/apis/admissionregistration
pkg/apis/admissionregistration/v1alpha1
pkg/apis/admissionregistration/v1beta1
pkg/apis/admissionregistration/validation
pkg/apis/apps
pkg/apis/apps/validation
@ -431,8 +432,9 @@ plugin/pkg/scheduler/metrics
plugin/pkg/scheduler/schedulercache
plugin/pkg/scheduler/testing
plugin/pkg/scheduler/util
staging/src/k8s.io/api/admission/v1alpha1
staging/src/k8s.io/api/admission/v1beta1
staging/src/k8s.io/api/admissionregistration/v1alpha1
staging/src/k8s.io/api/admissionregistration/v1beta1
staging/src/k8s.io/api/apps/v1
staging/src/k8s.io/api/apps/v1beta1
staging/src/k8s.io/api/apps/v1beta2
@ -625,6 +627,8 @@ staging/src/k8s.io/client-go/kubernetes/fake
staging/src/k8s.io/client-go/kubernetes/scheme
staging/src/k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1
staging/src/k8s.io/client-go/kubernetes/typed/admissionregistration/v1alpha1/fake
staging/src/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1
staging/src/k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1/fake
staging/src/k8s.io/client-go/kubernetes/typed/apps/v1
staging/src/k8s.io/client-go/kubernetes/typed/apps/v1/fake
staging/src/k8s.io/client-go/kubernetes/typed/apps/v1beta1

2
hack/update-generated-protobuf-dockerized.sh
View File

@ -71,7 +71,7 @@ PACKAGES=(
k8s.io/api/storage/v1beta1
k8s.io/api/storage/v1
k8s.io/api/admissionregistration/v1alpha1
k8s.io/api/admission/v1alpha1
k8s.io/api/admission/v1beta1
k8s.io/api/networking/v1
k8s.io/metrics/pkg/apis/metrics/v1alpha1
k8s.io/metrics/pkg/apis/metrics/v1beta1

2
hack/verify-pkg-names.sh
View File

@ -26,7 +26,7 @@ source "${KUBE_ROOT}/hack/lib/init.sh"
kube::golang::verify_go_version
cd "${KUBE_ROOT}"
if git --no-pager grep -E $'^(import |\t)[a-z]+[A-Z_][a-zA-Z]* "[^"]+"$' -- '**/*.go' ':(exclude)vendor/*' ':(exclude)staging/src/k8s.io/client-go/*vendor/*' ':(exclude)staging/src/k8s.io/metrics/*' ':(exclude)pkg/apis/admission/v1alpha1/zz_generated.conversion.go' ':(exclude)staging/src/k8s.io/sample-apiserver/pkg/client/informers/*' ':(exclude)staging/src/k8s.io/code-generator/_examples/*informers/*'; then
if git --no-pager grep -E $'^(import |\t)[a-z]+[A-Z_][a-zA-Z]* "[^"]+"$' -- '**/*.go' ':(exclude)vendor/*' ':(exclude)staging/src/k8s.io/client-go/*vendor/*' ':(exclude)staging/src/k8s.io/metrics/*' ':(exclude)pkg/apis/admission/v1beta1/zz_generated.conversion.go' ':(exclude)staging/src/k8s.io/sample-apiserver/pkg/client/informers/*' ':(exclude)staging/src/k8s.io/code-generator/_examples/*informers/*'; then
echo "!!! Some package aliases break go conventions."
echo "To fix these errors, do not use capitalized or underlined characters"
echo "in pkg aliases. Refer to https://blog.golang.org/package-names for more info."

96
pkg/api/testing/defaulting_test.go
View File

@ -95,54 +95,54 @@ func TestDefaulting(t *testing.T) {
// This object contains only int fields which currently breaks the defaulting test because
// it's pretty stupid. Once we add non integer fields, we should uncomment this.
// {Group: "kubeadm.k8s.io", Version: "v1alpha1", Kind: "NodeConfiguration"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "DaemonSet"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "DaemonSetList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "DaemonSet"}: {},
{Group: "apps", Version: "v1beta2", Kind: "DaemonSetList"}: {},
{Group: "apps", Version: "v1", Kind: "DaemonSet"}: {},
{Group: "apps", Version: "v1", Kind: "DaemonSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "Deployment"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "DeploymentList"}: {},
{Group: "apps", Version: "v1beta1", Kind: "Deployment"}: {},
{Group: "apps", Version: "v1beta1", Kind: "DeploymentList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "Deployment"}: {},
{Group: "apps", Version: "v1beta2", Kind: "DeploymentList"}: {},
{Group: "apps", Version: "v1", Kind: "Deployment"}: {},
{Group: "apps", Version: "v1", Kind: "DeploymentList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "PodSecurityPolicy"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "PodSecurityPolicyList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSet"}: {},
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSetList"}: {},
{Group: "apps", Version: "v1", Kind: "ReplicaSet"}: {},
{Group: "apps", Version: "v1", Kind: "ReplicaSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "ReplicaSet"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "ReplicaSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "NetworkPolicy"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "NetworkPolicyList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "RoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "RoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "RoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "RoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "RoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "RoleBindingList"}: {},
{Group: "settings.k8s.io", Version: "v1alpha1", Kind: "PodPreset"}: {},
{Group: "settings.k8s.io", Version: "v1alpha1", Kind: "PodPresetList"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1alpha1", Kind: "ValidatingWebhookConfiguration"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1alpha1", Kind: "ValidatingWebhookConfigurationList"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1alpha1", Kind: "MutatingWebhookConfiguration"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1alpha1", Kind: "MutatingWebhookConfigurationList"}: {},
{Group: "networking.k8s.io", Version: "v1", Kind: "NetworkPolicy"}: {},
{Group: "networking.k8s.io", Version: "v1", Kind: "NetworkPolicyList"}: {},
{Group: "storage.k8s.io", Version: "v1beta1", Kind: "StorageClass"}: {},
{Group: "storage.k8s.io", Version: "v1beta1", Kind: "StorageClassList"}: {},
{Group: "storage.k8s.io", Version: "v1", Kind: "StorageClass"}: {},
{Group: "storage.k8s.io", Version: "v1", Kind: "StorageClassList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "DaemonSet"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "DaemonSetList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "DaemonSet"}: {},
{Group: "apps", Version: "v1beta2", Kind: "DaemonSetList"}: {},
{Group: "apps", Version: "v1", Kind: "DaemonSet"}: {},
{Group: "apps", Version: "v1", Kind: "DaemonSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "Deployment"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "DeploymentList"}: {},
{Group: "apps", Version: "v1beta1", Kind: "Deployment"}: {},
{Group: "apps", Version: "v1beta1", Kind: "DeploymentList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "Deployment"}: {},
{Group: "apps", Version: "v1beta2", Kind: "DeploymentList"}: {},
{Group: "apps", Version: "v1", Kind: "Deployment"}: {},
{Group: "apps", Version: "v1", Kind: "DeploymentList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "PodSecurityPolicy"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "PodSecurityPolicyList"}: {},
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSet"}: {},
{Group: "apps", Version: "v1beta2", Kind: "ReplicaSetList"}: {},
{Group: "apps", Version: "v1", Kind: "ReplicaSet"}: {},
{Group: "apps", Version: "v1", Kind: "ReplicaSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "ReplicaSet"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "ReplicaSetList"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "NetworkPolicy"}: {},
{Group: "extensions", Version: "v1beta1", Kind: "NetworkPolicyList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "RoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1", Kind: "RoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "RoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1", Kind: "RoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "ClusterRoleBindingList"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "RoleBinding"}: {},
{Group: "rbac.authorization.k8s.io", Version: "v1", Kind: "RoleBindingList"}: {},
{Group: "settings.k8s.io", Version: "v1alpha1", Kind: "PodPreset"}: {},
{Group: "settings.k8s.io", Version: "v1alpha1", Kind: "PodPresetList"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingWebhookConfiguration"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "ValidatingWebhookConfigurationList"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "MutatingWebhookConfiguration"}: {},
{Group: "admissionregistration.k8s.io", Version: "v1beta1", Kind: "MutatingWebhookConfigurationList"}: {},
{Group: "networking.k8s.io", Version: "v1", Kind: "NetworkPolicy"}: {},
{Group: "networking.k8s.io", Version: "v1", Kind: "NetworkPolicyList"}: {},
{Group: "storage.k8s.io", Version: "v1beta1", Kind: "StorageClass"}: {},
{Group: "storage.k8s.io", Version: "v1beta1", Kind: "StorageClassList"}: {},
{Group: "storage.k8s.io", Version: "v1", Kind: "StorageClass"}: {},
{Group: "storage.k8s.io", Version: "v1", Kind: "StorageClassList"}: {},
}
f := fuzz.New().NilChance(.5).NumElements(1, 1).RandSource(rand.NewSource(1))

2
pkg/apis/admission/BUILD
View File

@ -36,7 +36,7 @@ filegroup(
":package-srcs",
"//pkg/apis/admission/fuzzer:all-srcs",
"//pkg/apis/admission/install:all-srcs",
"//pkg/apis/admission/v1alpha1:all-srcs",
"//pkg/apis/admission/v1beta1:all-srcs",
],
tags = ["automanaged"],
)

2
pkg/apis/admission/install/BUILD
View File

@ -12,7 +12,7 @@ go_library(
deps = [
"//pkg/api/legacyscheme:go_default_library",
"//pkg/apis/admission:go_default_library",
"//pkg/apis/admission/v1alpha1:go_default_library",
"//pkg/apis/admission/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apimachinery/announced:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",

2
pkg/generated/openapi/BUILD
View File

@ -21,7 +21,7 @@ openapi_library(
tags = ["automanaged"],
vendor_prefix = openapi_vendor_prefix,
vendor_targets = [
"k8s.io/api/admission/v1alpha1",
"k8s.io/api/admission/v1beta1",
"k8s.io/api/admissionregistration/v1alpha1",
"k8s.io/api/apps/v1",
"k8s.io/api/apps/v1beta1",

2
pkg/kubectl/scheme/BUILD
View File

@ -9,7 +9,7 @@ go_library(
importpath = "k8s.io/kubernetes/pkg/kubectl/scheme",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/apps/v1:go_default_library",
"//vendor/k8s.io/api/apps/v1beta1:go_default_library",

2
pkg/kubectl/scheme/install.go
View File

@ -17,7 +17,7 @@ limitations under the License.
package scheme
import (
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
admissionv1alpha1 "k8s.io/api/admission/v1beta1"
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
appsv1 "k8s.io/api/apps/v1"
appsv1beta1 "k8s.io/api/apps/v1beta1"

2
staging/BUILD
View File

@ -17,7 +17,7 @@ filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//staging/src/k8s.io/api/admission/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/admission/v1beta1:all-srcs",
"//staging/src/k8s.io/api/admissionregistration/v1alpha1:all-srcs",
"//staging/src/k8s.io/api/apps/v1:all-srcs",
"//staging/src/k8s.io/api/apps/v1beta1:all-srcs",

2
staging/src/k8s.io/apiextensions-apiserver/Godeps/Godeps.json generated
View File

@ -519,7 +519,7 @@
"Rev": "53feefa2559fb8dfa8d81baad31be332c97d6c77"
},
{
"ImportPath": "k8s.io/api/admission/v1alpha1",
"ImportPath": "k8s.io/api/admission/v1beta1",
"Rev": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
{

2
staging/src/k8s.io/apiserver/Godeps/Godeps.json generated
View File

@ -767,7 +767,7 @@
"Rev": "53feefa2559fb8dfa8d81baad31be332c97d6c77"
},
{
"ImportPath": "k8s.io/api/admission/v1alpha1",
"ImportPath": "k8s.io/api/admission/v1beta1",
"Rev": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
{

18
staging/src/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager.go
View File

@ -23,14 +23,14 @@ import (
"github.com/golang/glog"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
type MutatingWebhookConfigurationLister interface {
List(opts metav1.ListOptions) (*v1alpha1.MutatingWebhookConfigurationList, error)
List(opts metav1.ListOptions) (*v1beta1.MutatingWebhookConfigurationList, error)
}
// MutatingWebhookConfigurationManager collects the mutating webhook objects so that they can be called.
@ -57,12 +57,12 @@ func NewMutatingWebhookConfigurationManager(c MutatingWebhookConfigurationLister
}
// Webhooks returns the merged MutatingWebhookConfiguration.
func (im *MutatingWebhookConfigurationManager) Webhooks() (*v1alpha1.MutatingWebhookConfiguration, error) {
func (im *MutatingWebhookConfigurationManager) Webhooks() (*v1beta1.MutatingWebhookConfiguration, error) {
configuration, err := im.poller.configuration()
if err != nil {
return nil, err
}
mutatingWebhookConfiguration, ok := configuration.(*v1alpha1.MutatingWebhookConfiguration)
mutatingWebhookConfiguration, ok := configuration.(*v1beta1.MutatingWebhookConfiguration)
if !ok {
return nil, fmt.Errorf("expected type %v, got type %v", reflect.TypeOf(mutatingWebhookConfiguration), reflect.TypeOf(configuration))
}
@ -74,10 +74,10 @@ func (im *MutatingWebhookConfigurationManager) Run(stopCh <-chan struct{}) {
}
func mergeMutatingWebhookConfigurations(
list *v1alpha1.MutatingWebhookConfigurationList,
) *v1alpha1.MutatingWebhookConfiguration {
configurations := append([]v1alpha1.MutatingWebhookConfiguration{}, list.Items...)
var ret v1alpha1.MutatingWebhookConfiguration
list *v1beta1.MutatingWebhookConfigurationList,
) *v1beta1.MutatingWebhookConfiguration {
configurations := append([]v1beta1.MutatingWebhookConfiguration{}, list.Items...)
var ret v1beta1.MutatingWebhookConfiguration
// The internal order of webhooks for each configuration is provided by the user
// but configurations themselves can be in any order. As we are going to run these
// webhooks in serial, they are sorted here to have a deterministic order.
@ -90,7 +90,7 @@ func mergeMutatingWebhookConfigurations(
// byName sorts MutatingWebhookConfiguration by name. These objects are all in
// cluster namespace (aka no namespace) thus they all have unique names.
type byName []v1alpha1.MutatingWebhookConfiguration
type byName []v1beta1.MutatingWebhookConfiguration
func (x byName) Len() int { return len(x) }

4
staging/src/k8s.io/apiserver/pkg/admission/configuration/mutating_webhook_manager_test.go
View File

@ -19,7 +19,7 @@ package configuration
import (
"testing"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -27,7 +27,7 @@ import (
type disabledMutatingWebhookConfigLister struct{}
func (l *disabledMutatingWebhookConfigLister) List(options metav1.ListOptions) (*v1alpha1.MutatingWebhookConfigurationList, error) {
func (l *disabledMutatingWebhookConfigLister) List(options metav1.ListOptions) (*v1beta1.MutatingWebhookConfigurationList, error) {
return nil, errors.NewNotFound(schema.GroupResource{Group: "admissionregistration", Resource: "MutatingWebhookConfigurations"}, "")
}
func TestMutatingWebhookConfigDisabled(t *testing.T) {

14
staging/src/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager.go
View File

@ -22,14 +22,14 @@ import (
"github.com/golang/glog"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
type ValidatingWebhookConfigurationLister interface {
List(opts metav1.ListOptions) (*v1alpha1.ValidatingWebhookConfigurationList, error)
List(opts metav1.ListOptions) (*v1beta1.ValidatingWebhookConfigurationList, error)
}
// ValidatingWebhookConfigurationManager collects the validating webhook objects so that they can be called.
@ -56,12 +56,12 @@ func NewValidatingWebhookConfigurationManager(c ValidatingWebhookConfigurationLi
}
// Webhooks returns the merged ValidatingWebhookConfiguration.
func (im *ValidatingWebhookConfigurationManager) Webhooks() (*v1alpha1.ValidatingWebhookConfiguration, error) {
func (im *ValidatingWebhookConfigurationManager) Webhooks() (*v1beta1.ValidatingWebhookConfiguration, error) {
configuration, err := im.poller.configuration()
if err != nil {
return nil, err
}
validatingWebhookConfiguration, ok := configuration.(*v1alpha1.ValidatingWebhookConfiguration)
validatingWebhookConfiguration, ok := configuration.(*v1beta1.ValidatingWebhookConfiguration)
if !ok {
return nil, fmt.Errorf("expected type %v, got type %v", reflect.TypeOf(validatingWebhookConfiguration), reflect.TypeOf(configuration))
}
@ -73,10 +73,10 @@ func (im *ValidatingWebhookConfigurationManager) Run(stopCh <-chan struct{}) {
}
func mergeValidatingWebhookConfigurations(
list *v1alpha1.ValidatingWebhookConfigurationList,
) *v1alpha1.ValidatingWebhookConfiguration {
list *v1beta1.ValidatingWebhookConfigurationList,
) *v1beta1.ValidatingWebhookConfiguration {
configurations := list.Items
var ret v1alpha1.ValidatingWebhookConfiguration
var ret v1beta1.ValidatingWebhookConfiguration
for _, c := range configurations {
ret.Webhooks = append(ret.Webhooks, c.Webhooks...)
}

4
staging/src/k8s.io/apiserver/pkg/admission/configuration/validating_webhook_manager_test.go
View File

@ -19,7 +19,7 @@ package configuration
import (
"testing"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
@ -27,7 +27,7 @@ import (
type disabledValidatingWebhookConfigLister struct{}
func (l *disabledValidatingWebhookConfigLister) List(options metav1.ListOptions) (*v1alpha1.ValidatingWebhookConfigurationList, error) {
func (l *disabledValidatingWebhookConfigLister) List(options metav1.ListOptions) (*v1beta1.ValidatingWebhookConfigurationList, error) {
return nil, errors.NewNotFound(schema.GroupResource{Group: "admissionregistration", Resource: "ValidatingWebhookConfigurations"}, "")
}
func TestWebhookConfigDisabled(t *testing.T) {

2
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/config/BUILD
View File

@ -12,7 +12,7 @@ go_library(
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/hashicorp/golang-lru:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/util/yaml:go_default_library",

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/config/client.go
View File

@ -24,7 +24,7 @@ import (
"net/url"
lru "github.com/hashicorp/golang-lru"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/runtime"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
webhookerrors "k8s.io/apiserver/pkg/admission/plugin/webhook/errors"
@ -101,7 +101,7 @@ func (cm *ClientManager) Validate() error {
// HookClient get a RESTClient from the cache, or constructs one based on the
// webhook configuration.
func (cm *ClientManager) HookClient(h *v1alpha1.Webhook) (*rest.RESTClient, error) {
func (cm *ClientManager) HookClient(h *v1beta1.Webhook) (*rest.RESTClient, error) {
cacheKey, err := json.Marshal(h.ClientConfig)
if err != nil {
return nil, err

8
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD
View File

@ -11,8 +11,8 @@ go_library(
deps = [
"//vendor/github.com/evanphx/json-patch:go_default_library",
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
@ -41,8 +41,8 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/mutating",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

24
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/admission.go
View File

@ -27,8 +27,8 @@ import (
jsonpatch "github.com/evanphx/json-patch"
"github.com/golang/glog"
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
"k8s.io/api/admissionregistration/v1alpha1"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -70,7 +70,7 @@ func Register(plugins *admission.Plugins) {
// WebhookSource can list dynamic webhook plugins.
type WebhookSource interface {
Run(stopCh <-chan struct{})
Webhooks() (*v1alpha1.MutatingWebhookConfiguration, error)
Webhooks() (*v1beta1.MutatingWebhookConfiguration, error)
}
// NewMutatingWebhook returns a generic admission webhook plugin.
@ -134,7 +134,7 @@ func (a *MutatingWebhook) SetServiceResolver(sr config.ServiceResolver) {
func (a *MutatingWebhook) SetScheme(scheme *runtime.Scheme) {
if scheme != nil {
a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1alpha1.SchemeGroupVersion),
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
}))
a.convertor.Scheme = scheme
a.jsonSerializer = json.NewSerializer(json.DefaultMetaFactory, scheme, scheme, false)
@ -144,7 +144,7 @@ func (a *MutatingWebhook) SetScheme(scheme *runtime.Scheme) {
// WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it
func (a *MutatingWebhook) SetExternalKubeClientSet(client clientset.Interface) {
a.namespaceMatcher.Client = client
a.hookSource = configuration.NewMutatingWebhookConfigurationManager(client.AdmissionregistrationV1alpha1().MutatingWebhookConfigurations())
a.hookSource = configuration.NewMutatingWebhookConfigurationManager(client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations())
}
// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.
@ -175,11 +175,11 @@ func (a *MutatingWebhook) ValidateInitialization() error {
return nil
}
func (a *MutatingWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.MutatingWebhookConfiguration, error) {
func (a *MutatingWebhook) loadConfiguration(attr admission.Attributes) (*v1beta1.MutatingWebhookConfiguration, error) {
hookConfig, err := a.hookSource.Webhooks()
// if Webhook configuration is disabled, fail open
if err == configuration.ErrDisabled {
return &v1alpha1.MutatingWebhookConfiguration{}, nil
return &v1beta1.MutatingWebhookConfiguration{}, nil
}
if err != nil {
e := apierrors.NewServerTimeout(attr.GetResource().GroupResource(), string(attr.GetOperation()), 1)
@ -203,7 +203,7 @@ func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
hooks := hookConfig.Webhooks
ctx := context.TODO()
var relevantHooks []*v1alpha1.Webhook
var relevantHooks []*v1beta1.Webhook
for i := range hooks {
call, err := a.shouldCallHook(&hooks[i], attr)
if err != nil {
@ -246,7 +246,7 @@ func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
continue
}
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
if callErr, ok := err.(*webhookerrors.ErrCallingWebhook); ok {
if ignoreClientCallFailures {
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
@ -263,7 +263,7 @@ func (a *MutatingWebhook) Admit(attr admission.Attributes) error {
}
// TODO: factor into a common place along with the validating webhook version.
func (a *MutatingWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
func (a *MutatingWebhook) shouldCallHook(h *v1beta1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
var matches bool
for _, r := range h.Rules {
m := rules.Matcher{Rule: r, Attr: attr}
@ -280,14 +280,14 @@ func (a *MutatingWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Att
}
// note that callAttrMutatingHook updates attr
func (a *MutatingWebhook) callAttrMutatingHook(ctx context.Context, h *v1alpha1.Webhook, attr versioned.Attributes) error {
func (a *MutatingWebhook) callAttrMutatingHook(ctx context.Context, h *v1beta1.Webhook, attr versioned.Attributes) error {
// Make the webhook request
request := request.CreateAdmissionReview(attr)
client, err := a.clientManager.HookClient(h)
if err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}
response := &admissionv1alpha1.AdmissionReview{}
response := &admissionv1beta1.AdmissionReview{}
if err := client.Post().Context(ctx).Body(&request).Do().Into(response); err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}

92
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/admission_test.go
View File

@ -28,8 +28,8 @@ import (
"sync/atomic"
"testing"
"k8s.io/api/admission/v1alpha1"
registrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admission/v1beta1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -44,11 +44,11 @@ import (
)
type fakeHookSource struct {
hooks []registrationv1alpha1.Webhook
hooks []registrationv1beta1.Webhook
err error
}
func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.MutatingWebhookConfiguration, error) {
func (f *fakeHookSource) Webhooks() (*registrationv1beta1.MutatingWebhookConfiguration, error) {
if f.err != nil {
return nil, f.err
}
@ -57,7 +57,7 @@ func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.MutatingWebhookConfig
f.hooks[i].NamespaceSelector = &metav1.LabelSelector{}
}
}
return &registrationv1alpha1.MutatingWebhookConfiguration{Webhooks: f.hooks}, nil
return &registrationv1beta1.MutatingWebhookConfiguration{Webhooks: f.hooks}, nil
}
func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}
@ -90,9 +90,9 @@ func (f fakeNamespaceLister) Get(name string) (*corev1.Namespace, error) {
}
// ccfgSVC returns a client config using the service reference mechanism.
func ccfgSVC(urlPath string) registrationv1alpha1.WebhookClientConfig {
return registrationv1alpha1.WebhookClientConfig{
Service: &registrationv1alpha1.ServiceReference{
func ccfgSVC(urlPath string) registrationv1beta1.WebhookClientConfig {
return registrationv1beta1.WebhookClientConfig{
Service: &registrationv1beta1.ServiceReference{
Name: "webhook-test",
Namespace: "default",
Path: &urlPath,
@ -106,11 +106,11 @@ type urlConfigGenerator struct {
}
// ccfgURL returns a client config using the URL mechanism.
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.WebhookClientConfig {
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1beta1.WebhookClientConfig {
u2 := *c.baseURL
u2.Path = urlPath
urlString := u2.String()
return registrationv1alpha1.WebhookClientConfig{
return registrationv1beta1.WebhookClientConfig{
URL: &urlString,
CABundle: testcerts.CACert,
}
@ -119,7 +119,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
// TestAdmit tests that MutatingWebhook#Admit works as expected
func TestAdmit(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -192,26 +192,26 @@ func TestAdmit(t *testing.T) {
errorContains string
}
matchEverythingRules := []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
matchEverythingRules := []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},
},
}}
policyFail := registrationv1alpha1.Fail
policyIgnore := registrationv1alpha1.Ignore
policyFail := registrationv1beta1.Fail
policyIgnore := registrationv1beta1.Ignore
table := map[string]test{
"no match": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nomatch",
ClientConfig: ccfgSVC("disallow"),
Rules: []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.Create},
Rules: []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.Create},
}},
}},
},
@ -219,7 +219,7 @@ func TestAdmit(t *testing.T) {
},
"match & allow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgSVC("allow"),
Rules: matchEverythingRules,
@ -229,7 +229,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: matchEverythingRules,
@ -239,7 +239,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallowReason",
ClientConfig: ccfgSVC("disallowReason"),
Rules: matchEverythingRules,
@ -249,7 +249,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -266,7 +266,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -283,7 +283,7 @@ func TestAdmit(t *testing.T) {
},
"match & fail (but allow because fail open)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -304,7 +304,7 @@ func TestAdmit(t *testing.T) {
},
"match & fail (but disallow because fail closed on nil)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -322,7 +322,7 @@ func TestAdmit(t *testing.T) {
},
"match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -343,7 +343,7 @@ func TestAdmit(t *testing.T) {
},
"match & allow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgURL("allow"),
Rules: matchEverythingRules,
@ -353,7 +353,7 @@ func TestAdmit(t *testing.T) {
},
"match & disallow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgURL("disallow"),
Rules: matchEverythingRules,
@ -391,7 +391,7 @@ func TestAdmit(t *testing.T) {
// TestAdmitCachedClient tests that MutatingWebhook#Admit should cache restClient
func TestAdmitCachedClient(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -459,12 +459,12 @@ func TestAdmitCachedClient(t *testing.T) {
expectCache bool
}
policyIgnore := registrationv1alpha1.Ignore
policyIgnore := registrationv1beta1.Ignore
cases := []test{
{
name: "cache 1",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache1",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -477,7 +477,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 2",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache2",
ClientConfig: ccfgSVC("internalErr"),
Rules: newMatchEverythingRules(),
@ -490,7 +490,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 3",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache3",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -503,7 +503,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 4",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache4",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -516,7 +516,7 @@ func TestAdmitCachedClient(t *testing.T) {
{
name: "cache 5",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache5",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -587,15 +587,15 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("webhook invalid response"))
case "/disallow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
},
})
case "/disallowReason":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: "you shall not pass",
@ -604,8 +604,8 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
})
case "/allow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: true,
},
})
@ -637,10 +637,10 @@ func (c *fakeAuthenticationInfoResolver) ClientConfigFor(server string) (*rest.C
return c.restConfig, nil
}
func newMatchEverythingRules() []registrationv1alpha1.RuleWithOperations {
return []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
func newMatchEverythingRules() []registrationv1beta1.RuleWithOperations {
return []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/namespace/BUILD
View File

@ -9,7 +9,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/namespace",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/meta:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
@ -27,7 +27,7 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/namespace",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/namespace/matcher.go
View File

@ -19,7 +19,7 @@ package namespace
import (
"fmt"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -86,7 +86,7 @@ func (m *Matcher) GetNamespaceLabels(attr admission.Attributes) (map[string]stri
// MatchNamespaceSelector decideds whether the request matches the
// namespaceSelctor of the webhook. Only when they match, the webhook is called.
func (m *Matcher) MatchNamespaceSelector(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
func (m *Matcher) MatchNamespaceSelector(h *v1beta1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
namespaceName := attr.GetNamespace()
if len(namespaceName) == 0 && attr.GetResource().Resource != "namespaces" {
// If the request is about a cluster scoped resource, and it is not a

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/namespace/matcher_test.go
View File

@ -20,7 +20,7 @@ import (
"reflect"
"testing"
registrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -114,7 +114,7 @@ func TestGetNamespaceLabels(t *testing.T) {
}
func TestExemptClusterScopedResource(t *testing.T) {
hook := &registrationv1alpha1.Webhook{
hook := &registrationv1beta1.Webhook{
NamespaceSelector: &metav1.LabelSelector{},
}
attr := admission.NewAttributesRecord(nil, nil, schema.GroupVersionKind{}, "", "mock-name", schema.GroupVersionResource{Version: "v1", Resource: "nodes"}, "", admission.Create, nil)

2
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/BUILD
View File

@ -9,7 +9,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/request",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/authentication/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",

10
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go
View File

@ -17,7 +17,7 @@ limitations under the License.
package request
import (
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
authenticationv1 "k8s.io/api/authentication/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -26,7 +26,7 @@ import (
)
// CreateAdmissionReview creates an AdmissionReview for the provided admission.Attributes
func CreateAdmissionReview(attr admission.Attributes) admissionv1alpha1.AdmissionReview {
func CreateAdmissionReview(attr admission.Attributes) admissionv1beta1.AdmissionReview {
gvk := attr.GetKind()
gvr := attr.GetResource()
aUserInfo := attr.GetUserInfo()
@ -42,8 +42,8 @@ func CreateAdmissionReview(attr admission.Attributes) admissionv1alpha1.Admissio
userInfo.Extra[key] = authenticationv1.ExtraValue(val)
}
return admissionv1alpha1.AdmissionReview{
Request: &admissionv1alpha1.AdmissionRequest{
return admissionv1beta1.AdmissionReview{
Request: &admissionv1beta1.AdmissionRequest{
UID: uuid.NewUUID(),
Kind: metav1.GroupVersionKind{
Group: gvk.Group,
@ -58,7 +58,7 @@ func CreateAdmissionReview(attr admission.Attributes) admissionv1alpha1.Admissio
SubResource: attr.GetSubresource(),
Name: attr.GetName(),
Namespace: attr.GetNamespace(),
Operation: admissionv1alpha1.Operation(attr.GetOperation()),
Operation: admissionv1beta1.Operation(attr.GetOperation()),
UserInfo: userInfo,
Object: runtime.RawExtension{
Object: attr.GetObject(),

4
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/BUILD
View File

@ -6,7 +6,7 @@ go_library(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/rules",
visibility = ["//visibility:public"],
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
],
)
@ -17,7 +17,7 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/rules",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
],

8
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/rules.go
View File

@ -19,13 +19,13 @@ package rules
import (
"strings"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apiserver/pkg/admission"
)
// Matcher determines if the Attr matches the Rule.
type Matcher struct {
Rule v1alpha1.RuleWithOperations
Rule v1beta1.RuleWithOperations
Attr admission.Attributes
}
@ -61,12 +61,12 @@ func (r *Matcher) version() bool {
func (r *Matcher) operation() bool {
attrOp := r.Attr.GetOperation()
for _, op := range r.Rule.Operations {
if op == v1alpha1.OperationAll {
if op == v1beta1.OperationAll {
return true
}
// The constants are the same such that this is a valid cast (and this
// is tested).
if op == v1alpha1.OperationType(attrOp) {
if op == v1beta1.OperationType(attrOp) {
return true
}
}

2
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/rules_test.go
View File

@ -19,7 +19,7 @@ package rules
import (
"testing"
adreg "k8s.io/api/admissionregistration/v1alpha1"
adreg "k8s.io/api/admissionregistration/v1beta1"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apiserver/pkg/admission"
)

8
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD
View File

@ -10,8 +10,8 @@ go_library(
visibility = ["//visibility:public"],
deps = [
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
@ -39,8 +39,8 @@ go_test(
importpath = "k8s.io/apiserver/pkg/admission/plugin/webhook/validating",
library = ":go_default_library",
deps = [
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1beta1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

26
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission.go
View File

@ -27,8 +27,8 @@ import (
"github.com/golang/glog"
admissionv1alpha1 "k8s.io/api/admission/v1alpha1"
"k8s.io/api/admissionregistration/v1alpha1"
admissionv1beta1 "k8s.io/api/admission/v1beta1"
"k8s.io/api/admissionregistration/v1beta1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -69,7 +69,7 @@ func Register(plugins *admission.Plugins) {
// WebhookSource can list dynamic webhook plugins.
type WebhookSource interface {
Run(stopCh <-chan struct{})
Webhooks() (*v1alpha1.ValidatingWebhookConfiguration, error)
Webhooks() (*v1beta1.ValidatingWebhookConfiguration, error)
}
// NewValidatingAdmissionWebhook returns a generic admission webhook plugin.
@ -132,7 +132,7 @@ func (a *ValidatingAdmissionWebhook) SetServiceResolver(sr config.ServiceResolve
func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
if scheme != nil {
a.clientManager.SetNegotiatedSerializer(serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1alpha1.SchemeGroupVersion),
Serializer: serializer.NewCodecFactory(scheme).LegacyCodec(admissionv1beta1.SchemeGroupVersion),
}))
a.convertor.Scheme = scheme
}
@ -141,7 +141,7 @@ func (a *ValidatingAdmissionWebhook) SetScheme(scheme *runtime.Scheme) {
// WantsExternalKubeClientSet defines a function which sets external ClientSet for admission plugins that need it
func (a *ValidatingAdmissionWebhook) SetExternalKubeClientSet(client clientset.Interface) {
a.namespaceMatcher.Client = client
a.hookSource = configuration.NewValidatingWebhookConfigurationManager(client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations())
a.hookSource = configuration.NewValidatingWebhookConfigurationManager(client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations())
}
// SetExternalKubeInformerFactory implements the WantsExternalKubeInformerFactory interface.
@ -169,11 +169,11 @@ func (a *ValidatingAdmissionWebhook) ValidateInitialization() error {
return nil
}
func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1alpha1.ValidatingWebhookConfiguration, error) {
func (a *ValidatingAdmissionWebhook) loadConfiguration(attr admission.Attributes) (*v1beta1.ValidatingWebhookConfiguration, error) {
hookConfig, err := a.hookSource.Webhooks()
// if Webhook configuration is disabled, fail open
if err == configuration.ErrDisabled {
return &v1alpha1.ValidatingWebhookConfiguration{}, nil
return &v1beta1.ValidatingWebhookConfiguration{}, nil
}
if err != nil {
e := apierrors.NewServerTimeout(attr.GetResource().GroupResource(), string(attr.GetOperation()), 1)
@ -197,7 +197,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
hooks := hookConfig.Webhooks
ctx := context.TODO()
var relevantHooks []*v1alpha1.Webhook
var relevantHooks []*v1beta1.Webhook
for i := range hooks {
call, err := a.shouldCallHook(&hooks[i], attr)
if err != nil {
@ -236,7 +236,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
errCh := make(chan error, len(relevantHooks))
wg.Add(len(relevantHooks))
for i := range relevantHooks {
go func(hook *v1alpha1.Webhook) {
go func(hook *v1beta1.Webhook) {
defer wg.Done()
t := time.Now()
@ -246,7 +246,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
return
}
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1alpha1.Ignore
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
if callErr, ok := err.(*webhookerrors.ErrCallingWebhook); ok {
if ignoreClientCallFailures {
glog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
@ -283,7 +283,7 @@ func (a *ValidatingAdmissionWebhook) Validate(attr admission.Attributes) error {
}
// TODO: factor into a common place along with the validating webhook version.
func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1beta1.Webhook, attr admission.Attributes) (bool, *apierrors.StatusError) {
var matches bool
for _, r := range h.Rules {
m := rules.Matcher{Rule: r, Attr: attr}
@ -299,14 +299,14 @@ func (a *ValidatingAdmissionWebhook) shouldCallHook(h *v1alpha1.Webhook, attr ad
return a.namespaceMatcher.MatchNamespaceSelector(h, attr)
}
func (a *ValidatingAdmissionWebhook) callHook(ctx context.Context, h *v1alpha1.Webhook, attr admission.Attributes) error {
func (a *ValidatingAdmissionWebhook) callHook(ctx context.Context, h *v1beta1.Webhook, attr admission.Attributes) error {
// Make the webhook request
request := request.CreateAdmissionReview(attr)
client, err := a.clientManager.HookClient(h)
if err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}
response := &admissionv1alpha1.AdmissionReview{}
response := &admissionv1beta1.AdmissionReview{}
if err := client.Post().Context(ctx).Body(&request).Do().Into(response); err != nil {
return &webhookerrors.ErrCallingWebhook{WebhookName: h.Name, Reason: err}
}

98
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/admission_test.go
View File

@ -28,8 +28,8 @@ import (
"sync/atomic"
"testing"
"k8s.io/api/admission/v1alpha1"
registrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admission/v1beta1"
registrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@ -44,11 +44,11 @@ import (
)
type fakeHookSource struct {
hooks []registrationv1alpha1.Webhook
hooks []registrationv1beta1.Webhook
err error
}
func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.ValidatingWebhookConfiguration, error) {
func (f *fakeHookSource) Webhooks() (*registrationv1beta1.ValidatingWebhookConfiguration, error) {
if f.err != nil {
return nil, f.err
}
@ -57,7 +57,7 @@ func (f *fakeHookSource) Webhooks() (*registrationv1alpha1.ValidatingWebhookConf
f.hooks[i].NamespaceSelector = &metav1.LabelSelector{}
}
}
return &registrationv1alpha1.ValidatingWebhookConfiguration{Webhooks: f.hooks}, nil
return &registrationv1beta1.ValidatingWebhookConfiguration{Webhooks: f.hooks}, nil
}
func (f *fakeHookSource) Run(stopCh <-chan struct{}) {}
@ -90,9 +90,9 @@ func (f fakeNamespaceLister) Get(name string) (*corev1.Namespace, error) {
}
// ccfgSVC returns a client config using the service reference mechanism.
func ccfgSVC(urlPath string) registrationv1alpha1.WebhookClientConfig {
return registrationv1alpha1.WebhookClientConfig{
Service: &registrationv1alpha1.ServiceReference{
func ccfgSVC(urlPath string) registrationv1beta1.WebhookClientConfig {
return registrationv1beta1.WebhookClientConfig{
Service: &registrationv1beta1.ServiceReference{
Name: "webhook-test",
Namespace: "default",
Path: &urlPath,
@ -106,11 +106,11 @@ type urlConfigGenerator struct {
}
// ccfgURL returns a client config using the URL mechanism.
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.WebhookClientConfig {
func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1beta1.WebhookClientConfig {
u2 := *c.baseURL
u2.Path = urlPath
urlString := u2.String()
return registrationv1alpha1.WebhookClientConfig{
return registrationv1beta1.WebhookClientConfig{
URL: &urlString,
CABundle: testcerts.CACert,
}
@ -119,7 +119,7 @@ func (c urlConfigGenerator) ccfgURL(urlPath string) registrationv1alpha1.Webhook
// TestValidate tests that ValidatingAdmissionWebhook#Validate works as expected
func TestValidate(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -192,26 +192,26 @@ func TestValidate(t *testing.T) {
errorContains string
}
matchEverythingRules := []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
matchEverythingRules := []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},
},
}}
policyFail := registrationv1alpha1.Fail
policyIgnore := registrationv1alpha1.Ignore
policyFail := registrationv1beta1.Fail
policyIgnore := registrationv1beta1.Ignore
table := map[string]test{
"no match": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nomatch",
ClientConfig: ccfgSVC("disallow"),
Rules: []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.Create},
Rules: []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.Create},
}},
}},
},
@ -219,7 +219,7 @@ func TestValidate(t *testing.T) {
},
"match & allow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgSVC("allow"),
Rules: matchEverythingRules,
@ -229,7 +229,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: matchEverythingRules,
@ -239,7 +239,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallowReason",
ClientConfig: ccfgSVC("disallowReason"),
Rules: matchEverythingRules,
@ -249,7 +249,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -266,7 +266,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow & but allowed because namespaceSelector exempt the namespace ii": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgSVC("disallow"),
Rules: newMatchEverythingRules(),
@ -283,7 +283,7 @@ func TestValidate(t *testing.T) {
},
"match & fail (but allow because fail open)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -304,7 +304,7 @@ func TestValidate(t *testing.T) {
},
"match & fail (but disallow because fail closed on nil)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -322,7 +322,7 @@ func TestValidate(t *testing.T) {
},
"match & fail (but fail because fail closed)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "internalErr A",
ClientConfig: ccfgSVC("internalErr"),
Rules: matchEverythingRules,
@ -343,7 +343,7 @@ func TestValidate(t *testing.T) {
},
"match & allow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "allow",
ClientConfig: ccfgURL("allow"),
Rules: matchEverythingRules,
@ -353,7 +353,7 @@ func TestValidate(t *testing.T) {
},
"match & disallow (url)": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "disallow",
ClientConfig: ccfgURL("disallow"),
Rules: matchEverythingRules,
@ -363,7 +363,7 @@ func TestValidate(t *testing.T) {
},
"absent response and fail open": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nilResponse",
ClientConfig: ccfgURL("nilResponse"),
FailurePolicy: &policyIgnore,
@ -374,7 +374,7 @@ func TestValidate(t *testing.T) {
},
"absent response and fail closed": {
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "nilResponse",
ClientConfig: ccfgURL("nilResponse"),
FailurePolicy: &policyFail,
@ -413,7 +413,7 @@ func TestValidate(t *testing.T) {
// TestValidateCachedClient tests that ValidatingAdmissionWebhook#Validate should cache restClient
func TestValidateCachedClient(t *testing.T) {
scheme := runtime.NewScheme()
v1alpha1.AddToScheme(scheme)
v1beta1.AddToScheme(scheme)
corev1.AddToScheme(scheme)
testServer := newTestServer(t)
@ -481,12 +481,12 @@ func TestValidateCachedClient(t *testing.T) {
expectCache bool
}
policyIgnore := registrationv1alpha1.Ignore
policyIgnore := registrationv1beta1.Ignore
cases := []test{
{
name: "cache 1",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache1",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -499,7 +499,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 2",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache2",
ClientConfig: ccfgSVC("internalErr"),
Rules: newMatchEverythingRules(),
@ -512,7 +512,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 3",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache3",
ClientConfig: ccfgSVC("allow"),
Rules: newMatchEverythingRules(),
@ -525,7 +525,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 4",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache4",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -538,7 +538,7 @@ func TestValidateCachedClient(t *testing.T) {
{
name: "cache 5",
hookSource: fakeHookSource{
hooks: []registrationv1alpha1.Webhook{{
hooks: []registrationv1beta1.Webhook{{
Name: "cache5",
ClientConfig: ccfgURL("allow"),
Rules: newMatchEverythingRules(),
@ -609,15 +609,15 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("webhook invalid response"))
case "/disallow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
},
})
case "/disallowReason":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: false,
Result: &metav1.Status{
Message: "you shall not pass",
@ -626,14 +626,14 @@ func webhookHandler(w http.ResponseWriter, r *http.Request) {
})
case "/allow":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{
Response: &v1alpha1.AdmissionResponse{
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{
Response: &v1beta1.AdmissionResponse{
Allowed: true,
},
})
case "/nilResposne":
w.Header().Set("Content-Type", "application/json")
json.NewEncoder(w).Encode(&v1alpha1.AdmissionReview{})
json.NewEncoder(w).Encode(&v1beta1.AdmissionReview{})
default:
http.NotFound(w, r)
}
@ -662,10 +662,10 @@ func (c *fakeAuthenticationInfoResolver) ClientConfigFor(server string) (*rest.C
return c.restConfig, nil
}
func newMatchEverythingRules() []registrationv1alpha1.RuleWithOperations {
return []registrationv1alpha1.RuleWithOperations{{
Operations: []registrationv1alpha1.OperationType{registrationv1alpha1.OperationAll},
Rule: registrationv1alpha1.Rule{
func newMatchEverythingRules() []registrationv1beta1.RuleWithOperations {
return []registrationv1beta1.RuleWithOperations{{
Operations: []registrationv1beta1.OperationType{registrationv1beta1.OperationAll},
Rule: registrationv1beta1.Rule{
APIGroups: []string{"*"},
APIVersions: []string{"*"},
Resources: []string{"*/*"},

2
staging/src/k8s.io/kube-aggregator/Godeps/Godeps.json generated
View File

@ -495,7 +495,7 @@
"Rev": "53feefa2559fb8dfa8d81baad31be332c97d6c77"
},
{
"ImportPath": "k8s.io/api/admission/v1alpha1",
"ImportPath": "k8s.io/api/admission/v1beta1",
"Rev": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
{

2
staging/src/k8s.io/sample-apiserver/Godeps/Godeps.json generated
View File

@ -479,7 +479,7 @@
"Rev": "53feefa2559fb8dfa8d81baad31be332c97d6c77"
},
{
"ImportPath": "k8s.io/api/admission/v1alpha1",
"ImportPath": "k8s.io/api/admission/v1beta1",
"Rev": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
},
{

124
test/e2e/apimachinery/webhook.go
View File

@ -22,7 +22,7 @@ import (
"strings"
"time"
"k8s.io/api/admissionregistration/v1alpha1"
"k8s.io/api/admissionregistration/v1beta1"
"k8s.io/api/core/v1"
extensions "k8s.io/api/extensions/v1beta1"
rbacv1beta1 "k8s.io/api/rbac/v1beta1"
@ -87,9 +87,9 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
framework.SkipUnlessServerVersionGTE(serverWebhookVersion, f.ClientSet.Discovery())
framework.SkipUnlessProviderIs("gce", "gke", "local")
_, err := f.ClientSet.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().List(metav1.ListOptions{})
_, err := f.ClientSet.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().List(metav1.ListOptions{})
if errors.IsNotFound(err) {
framework.Skipf("dynamic configuration of webhooks requires the alpha admissionregistration.k8s.io group to be enabled")
framework.Skipf("dynamic configuration of webhooks requires the admissionregistration.k8s.io group to be enabled")
}
By("Setting up server cert")
@ -107,7 +107,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
It("Should be able to deny pod and configmap creation", func() {
registerWebhook(f, context)
defer client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().Delete(webhookConfigName, nil)
defer client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(webhookConfigName, nil)
testWebhook(f)
})
@ -115,19 +115,19 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
crdCleanup, dynamicClient := createCRD(f)
defer crdCleanup()
registerWebhookForCRD(f, context)
defer client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().Delete(crdWebhookConfigName, nil)
defer client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(crdWebhookConfigName, nil)
testCRDWebhook(f, dynamicClient)
})
It("Should unconditionally reject operations on fail closed webhook", func() {
registerFailClosedWebhook(f, context)
defer f.ClientSet.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().Delete(webhookFailClosedConfigName, nil)
defer f.ClientSet.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Delete(webhookFailClosedConfigName, nil)
testFailClosedWebhook(f)
})
It("Should mutate configmap", func() {
registerMutatingWebhookForConfigMap(f, context)
defer client.AdmissionregistrationV1alpha1().MutatingWebhookConfigurations().Delete(mutatingWebhookConfigName, nil)
defer client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(mutatingWebhookConfigName, nil)
testMutatingConfigMapWebhook(f)
})
@ -135,7 +135,7 @@ var _ = SIGDescribe("AdmissionWebhook", func() {
crdCleanup, dynamicClient := createCRD(f)
defer crdCleanup()
registerMutatingWebhookForCRD(f, context)
defer client.AdmissionregistrationV1alpha1().MutatingWebhookConfigurations().Delete(crdMutatingWebhookConfigName, nil)
defer client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(crdMutatingWebhookConfigName, nil)
testMutatingCRDWebhook(f, dynamicClient)
})
@ -298,26 +298,26 @@ func registerWebhook(f *framework.Framework, context *certContext) {
namespace := f.Namespace.Name
// A webhook that cannot talk to server, with fail-open policy
failOpenHook := failingWebhook(namespace, "fail-open.k8s.io")
policyIgnore := v1alpha1.Ignore
policyIgnore := v1beta1.Ignore
failOpenHook.FailurePolicy = &policyIgnore
_, err := client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().Create(&v1alpha1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: webhookConfigName,
},
Webhooks: []v1alpha1.Webhook{
Webhooks: []v1beta1.Webhook{
{
Name: "deny-unwanted-pod-container-name-and-label.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{""},
APIVersions: []string{"v1"},
Resources: []string{"pods"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/pods"),
@ -327,9 +327,9 @@ func registerWebhook(f *framework.Framework, context *certContext) {
},
{
Name: "deny-unwanted-configmap-data.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create, v1alpha1.Update},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create, v1beta1.Update},
Rule: v1beta1.Rule{
APIGroups: []string{""},
APIVersions: []string{"v1"},
Resources: []string{"configmaps"},
@ -345,8 +345,8 @@ func registerWebhook(f *framework.Framework, context *certContext) {
},
},
},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/configmaps"),
@ -371,23 +371,23 @@ func registerMutatingWebhookForConfigMap(f *framework.Framework, context *certCo
namespace := f.Namespace.Name
_, err := client.AdmissionregistrationV1alpha1().MutatingWebhookConfigurations().Create(&v1alpha1.MutatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: mutatingWebhookConfigName,
},
Webhooks: []v1alpha1.Webhook{
Webhooks: []v1beta1.Webhook{
{
Name: "adding-configmap-data-stage-1.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{""},
APIVersions: []string{"v1"},
Resources: []string{"configmaps"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/mutating-configmaps"),
@ -397,16 +397,16 @@ func registerMutatingWebhookForConfigMap(f *framework.Framework, context *certCo
},
{
Name: "adding-configmap-data-stage-2.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{""},
APIVersions: []string{"v1"},
Resources: []string{"configmaps"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/mutating-configmaps"),
@ -516,19 +516,19 @@ func testWebhook(f *framework.Framework) {
// failingWebhook returns a webhook with rule of create configmaps,
// but with an invalid client config so that server cannot communicate with it
func failingWebhook(namespace, name string) v1alpha1.Webhook {
return v1alpha1.Webhook{
func failingWebhook(namespace, name string) v1beta1.Webhook {
return v1beta1.Webhook{
Name: name,
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{""},
APIVersions: []string{"v1"},
Resources: []string{"configmaps"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/configmaps"),
@ -545,7 +545,7 @@ func registerFailClosedWebhook(f *framework.Framework, context *certContext) {
namespace := f.Namespace.Name
// A webhook that cannot talk to server, with fail-closed policy
policyFail := v1alpha1.Fail
policyFail := v1beta1.Fail
hook := failingWebhook(namespace, "fail-closed.k8s.io")
hook.FailurePolicy = &policyFail
hook.NamespaceSelector = &metav1.LabelSelector{
@ -558,11 +558,11 @@ func registerFailClosedWebhook(f *framework.Framework, context *certContext) {
},
}
_, err := client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().Create(&v1alpha1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: webhookFailClosedConfigName,
},
Webhooks: []v1alpha1.Webhook{
Webhooks: []v1beta1.Webhook{
// Server cannot talk to this webhook, so it always fails.
// Because this webhook is configured fail-closed, request should be rejected after the call fails.
hook,
@ -741,23 +741,23 @@ func registerWebhookForCRD(f *framework.Framework, context *certContext) {
By("Registering the crd webhook via the AdmissionRegistration API")
namespace := f.Namespace.Name
_, err := client.AdmissionregistrationV1alpha1().ValidatingWebhookConfigurations().Create(&v1alpha1.ValidatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().ValidatingWebhookConfigurations().Create(&v1beta1.ValidatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: crdWebhookConfigName,
},
Webhooks: []v1alpha1.Webhook{
Webhooks: []v1beta1.Webhook{
{
Name: "deny-unwanted-crd-data.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{crdAPIGroup},
APIVersions: []string{crdAPIVersion},
Resources: []string{crdName + "s"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/crd"),
@ -778,23 +778,23 @@ func registerMutatingWebhookForCRD(f *framework.Framework, context *certContext)
By("Registering the mutating webhook for crd via the AdmissionRegistration API")
namespace := f.Namespace.Name
_, err := client.AdmissionregistrationV1alpha1().MutatingWebhookConfigurations().Create(&v1alpha1.MutatingWebhookConfiguration{
_, err := client.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(&v1beta1.MutatingWebhookConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: crdMutatingWebhookConfigName,
},
Webhooks: []v1alpha1.Webhook{
Webhooks: []v1beta1.Webhook{
{
Name: "mutate-crd-data-stage-1.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{crdAPIGroup},
APIVersions: []string{crdAPIVersion},
Resources: []string{crdName + "s"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/mutating-crd"),
@ -804,16 +804,16 @@ func registerMutatingWebhookForCRD(f *framework.Framework, context *certContext)
},
{
Name: "mutate-crd-data-stage-2.k8s.io",
Rules: []v1alpha1.RuleWithOperations{{
Operations: []v1alpha1.OperationType{v1alpha1.Create},
Rule: v1alpha1.Rule{
Rules: []v1beta1.RuleWithOperations{{
Operations: []v1beta1.OperationType{v1beta1.Create},
Rule: v1beta1.Rule{
APIGroups: []string{crdAPIGroup},
APIVersions: []string{crdAPIVersion},
Resources: []string{crdName + "s"},
},
}},
ClientConfig: v1alpha1.WebhookClientConfig{
Service: &v1alpha1.ServiceReference{
ClientConfig: v1beta1.WebhookClientConfig{
Service: &v1beta1.ServiceReference{
Namespace: namespace,
Name: serviceName,
Path: strPtr("/mutating-crd"),

2
test/images/webhook/BUILD
View File

@ -11,7 +11,7 @@ go_library(
visibility = ["//visibility:private"],
deps = [
"//vendor/github.com/golang/glog:go_default_library",
"//vendor/k8s.io/api/admission/v1alpha1:go_default_library",
"//vendor/k8s.io/api/admission/v1beta1:go_default_library",
"//vendor/k8s.io/api/admissionregistration/v1alpha1:go_default_library",
"//vendor/k8s.io/api/core/v1:go_default_library",
"//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",

2
test/images/webhook/README.md
View File

@ -38,7 +38,7 @@ the tls client, and the webhook is the tls server.
The webhook proves its identity by the `serverCert` in the certs.go. The server
cert is signed by the CA in certs.go. To let the apiserver trust the `caCert`,
the webhook registers itself with the apiserver via the
`admissionregistration/v1alpha1/externalAdmissionHook` API, with
`admissionregistration/v1beta1/externalAdmissionHook` API, with
`clientConfig.caBundle=caCert`.
For maximum protection, this example webhook requires and verifies the client

38
test/images/webhook/main.go
View File

@ -25,7 +25,7 @@ import (
"strings"
"github.com/golang/glog"
"k8s.io/api/admission/v1alpha1"
"k8s.io/api/admission/v1beta1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
@ -56,8 +56,8 @@ func (c *Config) addFlags() {
"File containing the default x509 private key matching --tls-cert-file.")
}
func toAdmissionResponse(err error) *v1alpha1.AdmissionResponse {
return &v1alpha1.AdmissionResponse{
func toAdmissionResponse(err error) *v1beta1.AdmissionResponse {
return &v1beta1.AdmissionResponse{
Result: &metav1.Status{
Message: err.Error(),
},
@ -65,7 +65,7 @@ func toAdmissionResponse(err error) *v1alpha1.AdmissionResponse {
}
// only allow pods to pull images from specific registry.
func admitPods(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
func admitPods(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.V(2).Info("admitting pods")
podResource := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}
if ar.Request.Resource != podResource {
@ -81,7 +81,7 @@ func admitPods(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
glog.Error(err)
return toAdmissionResponse(err)
}
reviewResponse := v1alpha1.AdmissionResponse{}
reviewResponse := v1beta1.AdmissionResponse{}
reviewResponse.Allowed = true
var msg string
@ -104,7 +104,7 @@ func admitPods(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
}
// deny configmaps with specific key-value pair.
func admitConfigMaps(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
func admitConfigMaps(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.V(2).Info("admitting configmaps")
configMapResource := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"}
if ar.Request.Resource != configMapResource {
@ -119,7 +119,7 @@ func admitConfigMaps(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
glog.Error(err)
return toAdmissionResponse(err)
}
reviewResponse := v1alpha1.AdmissionResponse{}
reviewResponse := v1beta1.AdmissionResponse{}
reviewResponse.Allowed = true
for k, v := range configmap.Data {
if k == "webhook-e2e-test" && v == "webhook-disallow" {
@ -132,7 +132,7 @@ func admitConfigMaps(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
return &reviewResponse
}
func mutateConfigmaps(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
func mutateConfigmaps(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.V(2).Info("mutating configmaps")
configMapResource := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "configmaps"}
if ar.Request.Resource != configMapResource {
@ -147,7 +147,7 @@ func mutateConfigmaps(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
glog.Error(err)
return toAdmissionResponse(err)
}
reviewResponse := v1alpha1.AdmissionResponse{}
reviewResponse := v1beta1.AdmissionResponse{}
reviewResponse.Allowed = true
if configmap.Data["mutation-start"] == "yes" {
reviewResponse.Patch = []byte(patch1)
@ -156,13 +156,13 @@ func mutateConfigmaps(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
reviewResponse.Patch = []byte(patch2)
}
pt := v1alpha1.PatchTypeJSONPatch
pt := v1beta1.PatchTypeJSONPatch
reviewResponse.PatchType = &pt
return &reviewResponse
}
func mutateCRD(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
func mutateCRD(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.V(2).Info("mutating crd")
cr := struct {
metav1.ObjectMeta
@ -176,7 +176,7 @@ func mutateCRD(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
return toAdmissionResponse(err)
}
reviewResponse := v1alpha1.AdmissionResponse{}
reviewResponse := v1beta1.AdmissionResponse{}
reviewResponse.Allowed = true
if cr.Data["mutation-start"] == "yes" {
@ -185,12 +185,12 @@ func mutateCRD(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
if cr.Data["mutation-stage-1"] == "yes" {
reviewResponse.Patch = []byte(patch2)
}
pt := v1alpha1.PatchTypeJSONPatch
pt := v1beta1.PatchTypeJSONPatch
reviewResponse.PatchType = &pt
return &reviewResponse
}
func admitCRD(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
func admitCRD(ar v1beta1.AdmissionReview) *v1beta1.AdmissionResponse {
glog.V(2).Info("admitting crd")
cr := struct {
metav1.ObjectMeta
@ -204,7 +204,7 @@ func admitCRD(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
return toAdmissionResponse(err)
}
reviewResponse := v1alpha1.AdmissionResponse{}
reviewResponse := v1beta1.AdmissionResponse{}
reviewResponse.Allowed = true
for k, v := range cr.Data {
if k == "webhook-e2e-test" && v == "webhook-disallow" {
@ -217,7 +217,7 @@ func admitCRD(ar v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse {
return &reviewResponse
}
type admitFunc func(v1alpha1.AdmissionReview) *v1alpha1.AdmissionResponse
type admitFunc func(v1beta1.AdmissionReview) *v1beta1.AdmissionResponse
func serve(w http.ResponseWriter, r *http.Request, admit admitFunc) {
var body []byte
@ -234,8 +234,8 @@ func serve(w http.ResponseWriter, r *http.Request, admit admitFunc) {
return
}
var reviewResponse *v1alpha1.AdmissionResponse
ar := v1alpha1.AdmissionReview{}
var reviewResponse *v1beta1.AdmissionResponse
ar := v1beta1.AdmissionReview{}
deserializer := codecs.UniversalDeserializer()
if _, _, err := deserializer.Decode(body, nil, &ar); err != nil {
glog.Error(err)
@ -244,7 +244,7 @@ func serve(w http.ResponseWriter, r *http.Request, admit admitFunc) {
reviewResponse = admit(ar)
}
response := v1alpha1.AdmissionReview{}
response := v1beta1.AdmissionReview{}
if reviewResponse != nil {
response.Response = reviewResponse
response.Response.UID = ar.Request.UID

4
test/images/webhook/scheme.go
View File

@ -17,7 +17,7 @@ limitations under the License.
package main
import (
admissionregistrationv1alpha1 "k8s.io/api/admissionregistration/v1alpha1"
admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/serializer"
@ -32,5 +32,5 @@ func init() {
func addToScheme(scheme *runtime.Scheme) {
corev1.AddToScheme(scheme)
admissionregistrationv1alpha1.AddToScheme(scheme)
admissionregistrationv1beta1.AddToScheme(scheme)
}

9
test/integration/etcd/etcd_storage_path_test.go
View File

@ -388,11 +388,12 @@ var etcdStorageData = map[schema.GroupVersionResource]struct {
stub: `{"metadata":{"name":"ic1"},"initializers":[{"name":"initializer.k8s.io","rules":[{"apiGroups":["group"],"apiVersions":["version"],"resources":["resource"]}],"failurePolicy":"Ignore"}]}`,
expectedEtcdPath: "/registry/initializerconfigurations/ic1",
},
gvr("admissionregistration.k8s.io", "v1alpha1", "validatingwebhookconfigurations"): {
// k8s.io/kubernetes/pkg/apis/admissionregistration/v1beta1
gvr("admissionregistration.k8s.io", "v1beta1", "validatingwebhookconfigurations"): {
stub: `{"metadata":{"name":"hook1","creationTimestamp":null},"webhooks":[{"name":"externaladmissionhook.k8s.io","clientConfig":{"service":{"namespace":"ns","name":"n"},"caBundle":null},"rules":[{"operations":["CREATE"],"apiGroups":["group"],"apiVersions":["version"],"resources":["resource"]}],"failurePolicy":"Ignore"}]}`,
expectedEtcdPath: "/registry/validatingwebhookconfigurations/hook1",
},
gvr("admissionregistration.k8s.io", "v1alpha1", "mutatingwebhookconfigurations"): {
gvr("admissionregistration.k8s.io", "v1beta1", "mutatingwebhookconfigurations"): {
stub: `{"metadata":{"name":"hook1","creationTimestamp":null},"webhooks":[{"name":"externaladmissionhook.k8s.io","clientConfig":{"service":{"namespace":"ns","name":"n"},"caBundle":null},"rules":[{"operations":["CREATE"],"apiGroups":["group"],"apiVersions":["version"],"resources":["resource"]}],"failurePolicy":"Ignore"}]}`,
expectedEtcdPath: "/registry/mutatingwebhookconfigurations/hook1",
},
@ -486,8 +487,8 @@ var ephemeralWhiteList = createEphemeralWhiteList(
gvr("policy", "v1beta1", "evictions"), // not stored in etcd, deals with evicting kapiv1.Pod
// --
// k8s.io/kubernetes/pkg/apis/admission/v1alpha1
gvr("admission.k8s.io", "v1alpha1", "admissionreviews"), // not stored in etcd, call out to webhooks.
// k8s.io/kubernetes/pkg/apis/admission/v1beta1
gvr("admission.k8s.io", "v1beta1", "admissionreviews"), // not stored in etcd, call out to webhooks.
// --
)