kubernetes
/
website
mirror of https://github.com/kubernetes/website.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

update ValidatingAdmissionPolicies 

Signed-off-by: Brad McCoy <bradmccoydev@gmail.com>
pull/42381/head
Brad McCoy 2023-08-15 12:34:18 +10:00
parent 645688fd9a
commit c2fe51aab1
No known key found for this signature in database
GPG Key ID: 2A544B84946E3621
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
content/en/blog/_posts/2023-08-04-kubernetes-1.28-blog.md
View File

@ -70,13 +70,10 @@ read [non-graceful node shutdown](/docs/concepts/architecture/nodes/#non-gracefu
## Improvements to CustomResourceDefinition validation rules
The [Common Expression Language (CEL)](https://github.com/google/cel-go) can be used to validate
[custom resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). The primary goal is to allow the majority of the validation use cases that might once have needed you, as a
CustomResourceDefinition (CRD) author, to design and implement a webhook.
Instead, and as a beta feature, you can add _validation expressions_ directly into the schema of a CRD.
[custom resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/). The primary goal is to allow the majority of the validation use cases that might once have needed you, as a CustomResourceDefinition (CRD) author, to design and implement a webhook. Instead, and as a beta feature, you can add _validation expressions_ directly into the schema of a CRD.
CRDs need direct support for non-trivial validation. While admission webhooks do support CRDs validation, they significantly complicate the development and operability of CRDs.
For more information, read [validation rules](/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules) in the CRD documentation.
## ValidatingAdmissionPolicies graduate to beta
@ -87,6 +84,8 @@ This builds on the capabilities of the CRD Validation Rules feature that graduat
This will lower the infrastructure barrier to enforcing customizable policies as well as providing primitives that help the community establish and adhere to the best practices of both K8s and its extensions.
To use [ValidatingAdmissionPolicies](/docs/reference/access-authn-authz/validating-admission-policy/), you need to enable the `admissionregistration.k8s.io/v1beta1` API group in your cluster's control plane.
## Match conditions for admission webhooks
Kubernetes v1.27 lets you specify _match conditions_ for admission webhooks,