Cluster-api: Use MatchPolicy on conversion webhooks to intercept all convertible versions

Created on 25 Feb 2020  路  5Comments  路  Source: kubernetes-sigs/cluster-api

Currently, our validating and mutating webhooks only intercept v1alpha3 objects. We should make use of the proper matchPolicy when registering the webhooks. More specifically, we should set matchPolicy: Equivalent when registering webhooks.

Ideally, this option should be part of controller-tools and be exposed as a kubebuilder marker.

Relevant documentation: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy

/kind feature
/priority important-soon
/milestone v0.3.0
/help

help wanted kinfeature prioritimportant-soon
Source
picture vincepri

Most helpful comment

I can wrap up this issue if it is okay. Assigning it to myself.

/assign

picture sedefsavas on 4 Mar 2020
👍2

All 5 comments

@vincepri:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

Currently, our validating and mutating webhooks only intercept v1alpha3 objects. We should make use of the proper matchPolicy when registering the webhooks. More specifically, we should set matchPolicy: Equivalent when registering webhooks.

Ideally, this option should be part of controller-tools and be exposed as a kubebuilder marker.

Relevant documentation: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy

/kind feature
/priority important-soon
/milestone v0.3.0
/help

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 25 Feb 2020

/assign

SataQiu picture SataQiu on 26 Feb 2020

Ref: https://github.com/kubernetes-sigs/controller-tools/commit/1d4053e3d795222fef7a3a4aa2441af3a6d3a514

vincepri picture vincepri on 2 Mar 2020

@SataQiu if you still have time to work on this, we can update to controller-tools latest master in hack/tools and use the new option for webhooks

vincepri picture vincepri on 2 Mar 2020

I can wrap up this issue if it is okay. Assigning it to myself.

/assign

sedefsavas picture sedefsavas on 4 Mar 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alexeldeib picture alexeldeib  路  4Comments
oneilcin picture oneilcin  路  6Comments
fabriziopandini picture fabriziopandini  路  3Comments
detiber picture detiber  路  5Comments
gyliu513 picture gyliu513  路  6Comments