Merge pull request #92667 from liggitt/admission-warnings

Admission webhook warnings
2020-07-01 23:14:17 -07:00 · 2020-07-01 23:14:17 -07:00 · f7a13de36c
commit f7a13de36c
parent 94e1c54735 03d322035d
29 changed files with 447 additions and 127 deletions
--- a/pkg/apis/admission/types.go
+++ b/pkg/apis/admission/types.go
@ -138,6 +138,12 @@ type AdmissionResponse struct {
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	AuditAnnotations map[string]string
 	// warnings is a list of warning messages to return to the requesting API client.
 	// Warning messages describe a problem the client making the API request should correct or be aware of.
 	// Limit warnings to 120 characters if possible.
 	// Warnings over 256 characters and large numbers of warnings may be truncated.
 	// +optional
 	Warnings []string
 }
 // PatchType is the type of patch being used to represent the mutated object
--- a/pkg/apis/admission/v1/zz_generated.conversion.go
+++ b/pkg/apis/admission/v1/zz_generated.conversion.go
@ -143,6 +143,7 @@ func autoConvert_v1_AdmissionResponse_To_admission_AdmissionResponse(in *v1.Admi
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
 	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }
@ -158,6 +159,7 @@ func autoConvert_admission_AdmissionResponse_To_v1_AdmissionResponse(in *admissi
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*v1.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
 	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }
--- a/pkg/apis/admission/v1beta1/zz_generated.conversion.go
+++ b/pkg/apis/admission/v1beta1/zz_generated.conversion.go
@ -143,6 +143,7 @@ func autoConvert_v1beta1_AdmissionResponse_To_admission_AdmissionResponse(in *v1
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*admission.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
 	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }
@ -158,6 +159,7 @@ func autoConvert_admission_AdmissionResponse_To_v1beta1_AdmissionResponse(in *ad
 	out.Patch = *(*[]byte)(unsafe.Pointer(&in.Patch))
 	out.PatchType = (*v1beta1.PatchType)(unsafe.Pointer(in.PatchType))
 	out.AuditAnnotations = *(*map[string]string)(unsafe.Pointer(&in.AuditAnnotations))
 	out.Warnings = *(*[]string)(unsafe.Pointer(&in.Warnings))
 	return nil
 }
--- a/pkg/apis/admission/zz_generated.deepcopy.go
+++ b/pkg/apis/admission/zz_generated.deepcopy.go
@ -93,6 +93,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
 			(*out)[key] = val
 		}
 	}
 	if in.Warnings != nil {
 		in, out := &in.Warnings, &out.Warnings
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
 	return
 }
--- a/staging/src/k8s.io/api/admission/v1/generated.pb.go
+++ b/staging/src/k8s.io/api/admission/v1/generated.pb.go
@ -143,64 +143,65 @@ func init() {
 }
 var fileDescriptor_4b73421fd5edef9f = []byte{
-	// 898 bytes of a gzipped FileDescriptorProto
+	// 919 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4d, 0x6f, 0x1b, 0x45,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0x1b, 0x45,
-	0x18, 0xf6, 0xc6, 0x89, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0x58, 0xf9, 0xb0, 0x36, 0x39, 0x20,
+	0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0x58, 0xf9, 0xb0, 0x36, 0x39, 0x20,
-	0x17, 0xb5, 0xb3, 0x24, 0x82, 0x2a, 0xaa, 0x38, 0x34, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda,
+	0x17, 0xb5, 0xbb, 0x24, 0x82, 0x2a, 0xaa, 0x38, 0x34, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda,
-	0xa0, 0x8a, 0x03, 0xd2, 0xd8, 0x3b, 0xb5, 0x17, 0xdb, 0x33, 0xcb, 0xce, 0xac, 0x83, 0x6f, 0x9c,
+	0x40, 0xc5, 0x01, 0x69, 0xec, 0x9d, 0xda, 0x83, 0xed, 0x99, 0x65, 0x67, 0xd6, 0xc1, 0x37, 0x4e,
-	0x38, 0xf3, 0x0f, 0xf8, 0x1d, 0xfc, 0x83, 0x1c, 0x7b, 0xec, 0xc9, 0x22, 0xe6, 0x5f, 0x44, 0x42,
+	0x9c, 0xf9, 0x06, 0x1c, 0xf9, 0x0c, 0x7c, 0x83, 0x1c, 0x7b, 0xec, 0xc9, 0x22, 0xe6, 0x5b, 0xe4,
-	0x42, 0x33, 0x3b, 0xfb, 0xd1, 0x7c, 0x88, 0xd0, 0xf4, 0xe4, 0x79, 0x3f, 0x9e, 0xe7, 0x7d, 0xfd,
+	0x84, 0x66, 0x76, 0xf6, 0x4f, 0xf3, 0x47, 0x84, 0x96, 0x93, 0xf7, 0xfd, 0xf9, 0xfd, 0xde, 0xf3,
-	0xbc, 0x3b, 0xef, 0x80, 0x27, 0x93, 0x5d, 0x81, 0x42, 0xee, 0x4d, 0x92, 0x01, 0x8d, 0x19, 0x95,
+	0xef, 0xed, 0x7b, 0x0b, 0x1e, 0x4f, 0x77, 0x85, 0x47, 0xb9, 0x3f, 0x4d, 0x86, 0x24, 0x66, 0x44,
-	0x54, 0x78, 0x73, 0xca, 0x02, 0x1e, 0x7b, 0x26, 0x40, 0xa2, 0xd0, 0x23, 0xc1, 0x2c, 0x14, 0x22,
+	0x12, 0xe1, 0x2f, 0x08, 0x0b, 0x79, 0xec, 0x9b, 0x00, 0x8e, 0xa8, 0x8f, 0xc3, 0x39, 0x15, 0x82,
-	0xe4, 0xcc, 0x9b, 0x6f, 0x7b, 0x23, 0xca, 0x68, 0x4c, 0x24, 0x0d, 0x50, 0x14, 0x73, 0xc9, 0xe1,
+	0x72, 0xe6, 0x2f, 0xb6, 0xfd, 0x31, 0x61, 0x24, 0xc6, 0x92, 0x84, 0x5e, 0x14, 0x73, 0xc9, 0xe1,
-	0xc7, 0x69, 0x22, 0x22, 0x51, 0x88, 0xf2, 0x44, 0x34, 0xdf, 0xee, 0x3c, 0x1c, 0x85, 0x72, 0x9c,
+	0x87, 0x69, 0xa2, 0x87, 0x23, 0xea, 0xe5, 0x89, 0xde, 0x62, 0xbb, 0xfb, 0x60, 0x4c, 0xe5, 0x24,
-	0x0c, 0xd0, 0x90, 0xcf, 0xbc, 0x11, 0x1f, 0x71, 0x4f, 0xe7, 0x0f, 0x92, 0x57, 0xda, 0xd2, 0x86,
+	0x19, 0x7a, 0x23, 0x3e, 0xf7, 0xc7, 0x7c, 0xcc, 0x7d, 0x9d, 0x3f, 0x4c, 0x5e, 0x6a, 0x4b, 0x1b,
-	0x3e, 0xa5, 0x3c, 0x9d, 0x07, 0xe5, 0x82, 0x89, 0x1c, 0x53, 0x26, 0xc3, 0x21, 0x91, 0x57, 0x57,
+	0xfa, 0x29, 0xe5, 0xe9, 0xde, 0x2f, 0x17, 0x4c, 0xe4, 0x84, 0x30, 0x49, 0x47, 0x58, 0x5e, 0x5d,
-	0xed, 0x7c, 0x51, 0x64, 0xcf, 0xc8, 0x70, 0x1c, 0x32, 0x1a, 0x2f, 0xbc, 0x68, 0x32, 0x52, 0x0e,
+	0xb5, 0xfb, 0x59, 0x91, 0x3d, 0xc7, 0xa3, 0x09, 0x65, 0x24, 0x5e, 0xfa, 0xd1, 0x74, 0xac, 0x1c,
-	0xe1, 0xcd, 0xa8, 0x24, 0x57, 0xa1, 0xbc, 0xeb, 0x50, 0x71, 0xc2, 0x64, 0x38, 0xa3, 0x97, 0x00,
+	0xc2, 0x9f, 0x13, 0x89, 0xaf, 0x42, 0xf9, 0xd7, 0xa1, 0xe2, 0x84, 0x49, 0x3a, 0x27, 0x97, 0x00,
-	0x8f, 0xfe, 0x0b, 0x20, 0x86, 0x63, 0x3a, 0x23, 0x17, 0x71, 0x5b, 0x7f, 0xd8, 0xa0, 0xbd, 0x97,
+	0x0f, 0xff, 0x0d, 0x20, 0x46, 0x13, 0x32, 0xc7, 0x17, 0x71, 0x5b, 0xbf, 0xdb, 0xa0, 0xb3, 0x97,
-	0x89, 0x81, 0xe9, 0xcf, 0x09, 0x15, 0x12, 0xfa, 0xa0, 0x9a, 0x84, 0x81, 0x63, 0xf5, 0xac, 0xbe,
+	0x89, 0x81, 0xc8, 0x4f, 0x09, 0x11, 0x12, 0x06, 0xa0, 0x9a, 0xd0, 0xd0, 0xb1, 0xfa, 0xd6, 0xc0,
-	0xed, 0x7f, 0x7e, 0xba, 0xec, 0x56, 0x56, 0xcb, 0x6e, 0xf5, 0xf8, 0x60, 0xff, 0x7c, 0xd9, 0xfd,
+	0x0e, 0x3e, 0x3d, 0x5d, 0xf5, 0x2a, 0xeb, 0x55, 0xaf, 0x7a, 0x7c, 0xb0, 0x7f, 0xbe, 0xea, 0x7d,
-	0xe4, 0xba, 0x42, 0x72, 0x11, 0x51, 0x81, 0x8e, 0x0f, 0xf6, 0xb1, 0x02, 0xc3, 0x97, 0x60, 0x7d,
+	0x74, 0x5d, 0x21, 0xb9, 0x8c, 0x88, 0xf0, 0x8e, 0x0f, 0xf6, 0x91, 0x02, 0xc3, 0x17, 0xa0, 0x36,
-	0x12, 0xb2, 0xc0, 0x59, 0xeb, 0x59, 0xfd, 0xe6, 0xce, 0x23, 0x54, 0x88, 0x9f, 0xc3, 0x50, 0x34,
+	0xa5, 0x2c, 0x74, 0x6e, 0xf5, 0xad, 0x41, 0x6b, 0xe7, 0xa1, 0x57, 0x88, 0x9f, 0xc3, 0xbc, 0x68,
-	0x19, 0x29, 0x87, 0x40, 0x4a, 0x06, 0x34, 0xdf, 0x46, 0xdf, 0xc4, 0x3c, 0x89, 0xbe, 0xa7, 0xb1,
+	0x3a, 0x56, 0x0e, 0xe1, 0x29, 0x19, 0xbc, 0xc5, 0xb6, 0xf7, 0x55, 0xcc, 0x93, 0xe8, 0x5b, 0x12,
-	0x6a, 0xe6, 0xbb, 0x90, 0x05, 0xfe, 0xa6, 0x29, 0xbe, 0xae, 0x2c, 0xac, 0x19, 0xe1, 0x18, 0x34,
+	0xab, 0x66, 0xbe, 0xa1, 0x2c, 0x0c, 0x36, 0x4d, 0xf1, 0x9a, 0xb2, 0x90, 0x66, 0x84, 0x13, 0xd0,
-	0x62, 0x2a, 0x78, 0x12, 0x0f, 0xa9, 0x53, 0xd5, 0xec, 0x8f, 0xff, 0x3f, 0x3b, 0x36, 0x0c, 0x7e,
+	0x8c, 0x89, 0xe0, 0x49, 0x3c, 0x22, 0x4e, 0x55, 0xb3, 0x3f, 0xfa, 0xef, 0xec, 0xc8, 0x30, 0x04,
-	0xdb, 0x54, 0x68, 0x64, 0x1e, 0x9c, 0xb3, 0xc3, 0x2f, 0x41, 0x53, 0x24, 0x83, 0x2c, 0xe0, 0xac,
+	0x1d, 0x53, 0xa1, 0x99, 0x79, 0x50, 0xce, 0x0e, 0x3f, 0x07, 0x2d, 0x91, 0x0c, 0xb3, 0x80, 0x53,
-	0x6b, 0x3d, 0xee, 0x19, 0x40, 0xf3, 0x79, 0x11, 0xc2, 0xe5, 0x3c, 0x18, 0x82, 0x66, 0x9c, 0x2a,
+	0xd3, 0x7a, 0xdc, 0x35, 0x80, 0xd6, 0xb3, 0x22, 0x84, 0xca, 0x79, 0x90, 0x82, 0x56, 0x9c, 0x2a,
-	0xa9, 0xba, 0x76, 0x3e, 0xb8, 0x95, 0x02, 0x2d, 0x55, 0x0a, 0x17, 0x74, 0xb8, 0xcc, 0x0d, 0x17,
+	0xa9, 0xba, 0x76, 0xde, 0x7b, 0x27, 0x05, 0xda, 0xaa, 0x14, 0x2a, 0xe8, 0x50, 0x99, 0x1b, 0x2e,
-	0xa0, 0x65, 0xcc, 0xbc, 0xcb, 0x3b, 0xb7, 0x96, 0xe4, 0xde, 0x6a, 0xd9, 0x6d, 0xe1, 0xb7, 0x69,
+	0x41, 0xdb, 0x98, 0x79, 0x97, 0xb7, 0xdf, 0x59, 0x92, 0xbb, 0xeb, 0x55, 0xaf, 0x8d, 0xde, 0xa4,
-	0xf1, 0xc5, 0x3a, 0xf0, 0x5b, 0x00, 0x8d, 0xab, 0x24, 0x84, 0xd3, 0xd2, 0x1a, 0x75, 0x8c, 0x46,
+	0x45, 0x17, 0xeb, 0xc0, 0xaf, 0x01, 0x34, 0xae, 0x92, 0x10, 0x4e, 0x5b, 0x6b, 0xd4, 0x35, 0x1a,
-	0x10, 0x5f, 0xca, 0xc0, 0x57, 0xa0, 0x60, 0x0f, 0xac, 0x33, 0x32, 0xa3, 0xce, 0x86, 0x46, 0xe7,
+	0x41, 0x74, 0x29, 0x03, 0x5d, 0x81, 0x82, 0x7d, 0x50, 0x63, 0x78, 0x4e, 0x9c, 0x0d, 0x8d, 0xce,
-	0x43, 0x7f, 0x46, 0x66, 0x14, 0xeb, 0x08, 0xf4, 0x80, 0xad, 0x7e, 0x45, 0x44, 0x86, 0xd4, 0xa9,
+	0x87, 0xfe, 0x14, 0xcf, 0x09, 0xd2, 0x11, 0xe8, 0x03, 0x5b, 0xfd, 0x8a, 0x08, 0x8f, 0x88, 0x53,
-	0xe9, 0xb4, 0xbb, 0x26, 0xcd, 0x7e, 0x96, 0x05, 0x70, 0x91, 0x03, 0xbf, 0x02, 0x36, 0x8f, 0xd4,
+	0xd7, 0x69, 0x77, 0x4c, 0x9a, 0xfd, 0x34, 0x0b, 0xa0, 0x22, 0x07, 0x7e, 0x01, 0x6c, 0x1e, 0xa9,
-	0xa7, 0x1e, 0x72, 0xe6, 0xd4, 0x35, 0xc0, 0xcd, 0x00, 0x87, 0x59, 0xe0, 0xbc, 0x6c, 0xe0, 0x02,
+	0x57, 0x9d, 0x72, 0xe6, 0x34, 0x34, 0xc0, 0xcd, 0x00, 0x87, 0x59, 0xe0, 0xbc, 0x6c, 0xa0, 0x02,
-	0x00, 0x5f, 0x80, 0x46, 0x22, 0x68, 0x7c, 0xc0, 0x5e, 0x71, 0xa7, 0xa1, 0x05, 0xfd, 0x14, 0x95,
+	0x00, 0x9f, 0x83, 0x66, 0x22, 0x48, 0x7c, 0xc0, 0x5e, 0x72, 0xa7, 0xa9, 0x05, 0xfd, 0xd8, 0x2b,
-	0xd7, 0xc7, 0x5b, 0xd7, 0x5e, 0x09, 0x79, 0x6c, 0xb2, 0x8b, 0xef, 0x29, 0xf3, 0xe0, 0x9c, 0x09,
+	0x9f, 0x8f, 0x37, 0xd6, 0x5e, 0x09, 0x79, 0x6c, 0xb2, 0x8b, 0xf7, 0x29, 0xf3, 0xa0, 0x9c, 0x09,
-	0x1e, 0x83, 0x1a, 0x1f, 0xfc, 0x44, 0x87, 0xd2, 0xb1, 0x35, 0xe7, 0xc3, 0x6b, 0x87, 0x64, 0x6e,
+	0x1e, 0x83, 0x3a, 0x1f, 0xfe, 0x48, 0x46, 0xd2, 0xb1, 0x35, 0xe7, 0x83, 0x6b, 0x87, 0x64, 0xb6,
-	0x2d, 0xc2, 0xe4, 0xe4, 0xe9, 0x2f, 0x92, 0x32, 0x35, 0x1f, 0xff, 0x8e, 0xa1, 0xae, 0x1d, 0x6a,
+	0xd6, 0x43, 0xf8, 0xe4, 0xc9, 0xcf, 0x92, 0x30, 0x35, 0x9f, 0xe0, 0xb6, 0xa1, 0xae, 0x1f, 0x6a,
-	0x12, 0x6c, 0xc8, 0xe0, 0x8f, 0xc0, 0xe6, 0xd3, 0x20, 0x75, 0x3a, 0xe0, 0x5d, 0x98, 0x73, 0x29,
+	0x12, 0x64, 0xc8, 0xe0, 0x0f, 0xc0, 0xe6, 0xb3, 0x30, 0x75, 0x3a, 0xe0, 0x6d, 0x98, 0x73, 0x29,
-	0x0f, 0x33, 0x1e, 0x5c, 0x50, 0xc2, 0x2d, 0x50, 0x0b, 0xe2, 0x05, 0x4e, 0x98, 0xd3, 0xec, 0x59,
+	0x0f, 0x33, 0x1e, 0x54, 0x50, 0xc2, 0x2d, 0x50, 0x0f, 0xe3, 0x25, 0x4a, 0x98, 0xd3, 0xea, 0x5b,
-	0xfd, 0x86, 0x0f, 0x54, 0x0f, 0xfb, 0xda, 0x83, 0x4d, 0x04, 0xbe, 0x04, 0x75, 0x1e, 0x29, 0x31,
+	0x83, 0x66, 0x00, 0x54, 0x0f, 0xfb, 0xda, 0x83, 0x4c, 0x04, 0xbe, 0x00, 0x0d, 0x1e, 0x29, 0x31,
-	0x84, 0xb3, 0xf9, 0x2e, 0x1d, 0xb4, 0x4c, 0x07, 0xf5, 0xc3, 0x94, 0x05, 0x67, 0x74, 0x5b, 0xff,
+	0x84, 0xb3, 0xf9, 0x36, 0x1d, 0xb4, 0x4d, 0x07, 0x8d, 0xc3, 0x94, 0x05, 0x65, 0x74, 0x5b, 0x7f,
-	0x54, 0xc1, 0xdd, 0xd2, 0x86, 0x12, 0x11, 0x67, 0x82, 0xbe, 0x97, 0x15, 0x75, 0x1f, 0xd4, 0xc9,
+	0xd4, 0xc0, 0x9d, 0xd2, 0x85, 0x12, 0x11, 0x67, 0x82, 0xfc, 0x2f, 0x27, 0xea, 0x1e, 0x68, 0xe0,
-	0x74, 0xca, 0x4f, 0x68, 0xba, 0xa5, 0x1a, 0x45, 0x13, 0x7b, 0xa9, 0x1b, 0x67, 0x71, 0x78, 0x04,
+	0xd9, 0x8c, 0x9f, 0x90, 0xf4, 0x4a, 0x35, 0x8b, 0x26, 0xf6, 0x52, 0x37, 0xca, 0xe2, 0xf0, 0x08,
-	0x6a, 0x42, 0x12, 0x99, 0x08, 0xb3, 0x71, 0x1e, 0xdc, 0xec, 0x7a, 0x3d, 0xd7, 0x98, 0x54, 0x30,
+	0xd4, 0x85, 0xc4, 0x32, 0x11, 0xe6, 0xe2, 0xdc, 0xbf, 0xd9, 0x7a, 0x3d, 0xd3, 0x98, 0x54, 0x30,
-	0x4c, 0x45, 0x32, 0x95, 0xd8, 0xf0, 0xc0, 0x2e, 0xd8, 0x88, 0x88, 0x1c, 0x8e, 0xf5, 0x56, 0xd9,
+	0x44, 0x44, 0x32, 0x93, 0xc8, 0xf0, 0xc0, 0x1e, 0xd8, 0x88, 0xb0, 0x1c, 0x4d, 0xf4, 0x55, 0xd9,
-	0xf4, 0xed, 0xd5, 0xb2, 0xbb, 0x71, 0xa4, 0x1c, 0x38, 0xf5, 0xc3, 0x5d, 0x60, 0xeb, 0xc3, 0x8b,
+	0x0c, 0xec, 0xf5, 0xaa, 0xb7, 0x71, 0xa4, 0x1c, 0x28, 0xf5, 0xc3, 0x5d, 0x60, 0xeb, 0x87, 0xe7,
-	0x45, 0x94, 0x5d, 0x8c, 0x8e, 0x1a, 0xd1, 0x51, 0xe6, 0x3c, 0x2f, 0x1b, 0xb8, 0x48, 0x86, 0xbf,
+	0xcb, 0x28, 0x5b, 0x8c, 0xae, 0x1a, 0xd1, 0x51, 0xe6, 0x3c, 0x2f, 0x1b, 0xa8, 0x48, 0x86, 0xbf,
-	0x59, 0xa0, 0x4d, 0x92, 0x20, 0x94, 0x7b, 0x8c, 0x71, 0x49, 0xd2, 0xa9, 0xd4, 0x7a, 0xd5, 0x7e,
+	0x5a, 0xa0, 0x83, 0x93, 0x90, 0xca, 0x3d, 0xc6, 0xb8, 0xc4, 0xe9, 0x54, 0xea, 0xfd, 0xea, 0xa0,
-	0x73, 0xe7, 0x09, 0xba, 0xe6, 0x11, 0x44, 0x97, 0x24, 0x46, 0x7b, 0x17, 0x28, 0x9e, 0x32, 0x19,
+	0xb5, 0xf3, 0xd8, 0xbb, 0xe6, 0x23, 0xe8, 0x5d, 0x92, 0xd8, 0xdb, 0xbb, 0x40, 0xf1, 0x84, 0xc9,
-	0x2f, 0x7c, 0xc7, 0x68, 0xd4, 0xbe, 0x18, 0xc6, 0x97, 0x6a, 0x76, 0xbe, 0x06, 0x1f, 0x5d, 0x49,
+	0x78, 0x19, 0x38, 0x46, 0xa3, 0xce, 0xc5, 0x30, 0xba, 0x54, 0x13, 0x0e, 0x40, 0xf3, 0x04, 0xc7,
-	0x02, 0xdb, 0xa0, 0x3a, 0xa1, 0x8b, 0x74, 0x7a, 0x58, 0x1d, 0xe1, 0x87, 0x60, 0x63, 0x4e, 0xa6,
+	0x8c, 0xb2, 0xb1, 0x70, 0x1a, 0xfd, 0xaa, 0x5a, 0x6d, 0xb5, 0x19, 0xdf, 0x19, 0x1f, 0xca, 0xa3,
-	0x09, 0xd5, 0x93, 0xb0, 0x71, 0x6a, 0x3c, 0x5e, 0xdb, 0xb5, 0xb6, 0xfe, 0xb4, 0x40, 0xab, 0xd4,
+	0xdd, 0x2f, 0xc1, 0x07, 0x57, 0x96, 0x83, 0x1d, 0x50, 0x9d, 0x92, 0x65, 0x3a, 0x67, 0xa4, 0x1e,
-	0xdc, 0x3c, 0xa4, 0x27, 0xf0, 0x08, 0xd4, 0xcd, 0x16, 0xd1, 0x1c, 0xcd, 0x9d, 0xfb, 0x37, 0xf9,
+	0xe1, 0xfb, 0x60, 0x63, 0x81, 0x67, 0x09, 0xd1, 0x33, 0xb3, 0x51, 0x6a, 0x3c, 0xba, 0xb5, 0x6b,
-	0x5f, 0x1a, 0xe0, 0x37, 0xd5, 0x80, 0xb3, 0xed, 0x96, 0xd1, 0xa8, 0x0b, 0x1f, 0x9b, 0x3f, 0x6e,
+	0x6d, 0xfd, 0x69, 0x81, 0x76, 0xe9, 0x6f, 0x2c, 0x28, 0x39, 0x81, 0x47, 0xa0, 0x61, 0xee, 0x8d,
-	0x9e, 0xac, 0xcf, 0x6e, 0x2e, 0x95, 0xbf, 0x69, 0x1e, 0x10, 0x6d, 0xe1, 0x9c, 0xc9, 0xef, 0x9f,
+	0xe6, 0x68, 0xed, 0xdc, 0xbb, 0x89, 0x02, 0x1a, 0x10, 0xb4, 0xd4, 0xab, 0x90, 0xdd, 0xc1, 0x8c,
-	0x9e, 0xb9, 0x95, 0xd7, 0x67, 0x6e, 0xe5, 0xcd, 0x99, 0x5b, 0xf9, 0x75, 0xe5, 0x5a, 0xa7, 0x2b,
+	0x46, 0x9d, 0x86, 0xd8, 0x48, 0x64, 0x3e, 0x6e, 0x9f, 0xdc, 0x5c, 0xd4, 0x54, 0x80, 0xcc, 0x42,
-	0xd7, 0x7a, 0xbd, 0x72, 0xad, 0x37, 0x2b, 0xd7, 0xfa, 0x6b, 0xe5, 0x5a, 0xbf, 0xff, 0xed, 0x56,
+	0x39, 0x53, 0x30, 0x38, 0x3d, 0x73, 0x2b, 0xaf, 0xce, 0xdc, 0xca, 0xeb, 0x33, 0xb7, 0xf2, 0xcb,
-	0x7e, 0x58, 0x9b, 0x6f, 0xff, 0x1b, 0x00, 0x00, 0xff, 0xff, 0x37, 0xc7, 0x3f, 0x71, 0xdf, 0x08,
+	0xda, 0xb5, 0x4e, 0xd7, 0xae, 0xf5, 0x6a, 0xed, 0x5a, 0xaf, 0xd7, 0xae, 0xf5, 0xd7, 0xda, 0xb5,
-	0x00, 0x00,
+	0x7e, 0xfb, 0xdb, 0xad, 0x7c, 0x7f, 0x6b, 0xb1, 0xfd, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x62,
 	0xcb, 0x64, 0xf1, 0x09, 0x09, 0x00, 0x00,
 }
 func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) {
@ -370,6 +371,15 @@ func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
 	if len(m.Warnings) > 0 {
 		for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.Warnings[iNdEx])
 			copy(dAtA[i:], m.Warnings[iNdEx])
 			i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx])))
 			i--
 			dAtA[i] = 0x3a
 		}
 	}
 	if len(m.AuditAnnotations) > 0 {
 		keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations))
 		for k := range m.AuditAnnotations {
@ -567,6 +577,12 @@ func (m *AdmissionResponse) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
 	if len(m.Warnings) > 0 {
 		for _, s := range m.Warnings {
 			l = len(s)
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
 	return n
 }
@ -638,6 +654,7 @@ func (this *AdmissionResponse) String() string {
 		`Patch:` + valueToStringGenerated(this.Patch) + `,`,
 		`PatchType:` + valueToStringGenerated(this.PatchType) + `,`,
 		`AuditAnnotations:` + mapStringForAuditAnnotations + `,`,
 		`Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1508,6 +1525,38 @@ func (m *AdmissionResponse) Unmarshal(dAtA []byte) error {
 			}
 			m.AuditAnnotations[mapkey] = mapvalue
 			iNdEx = postIndex
 		case 7:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			intStringLen := int(stringLen)
 			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/staging/src/k8s.io/api/admission/v1/generated.proto
+++ b/staging/src/k8s.io/api/admission/v1/generated.proto
@ -145,6 +145,13 @@ message AdmissionResponse {
  // the admission webhook to add additional context to the audit log for this request.
  // +optional
  map<string, string> auditAnnotations = 6;
  // warnings is a list of warning messages to return to the requesting API client.
  // Warning messages describe a problem the client making the API request should correct or be aware of.
  // Limit warnings to 120 characters if possible.
  // Warnings over 256 characters and large numbers of warnings may be truncated.
  // +optional
  repeated string warnings = 7;
 }
 // AdmissionReview describes an admission review request/response.
--- a/staging/src/k8s.io/api/admission/v1/types.go
+++ b/staging/src/k8s.io/api/admission/v1/types.go
@ -140,6 +140,13 @@ type AdmissionResponse struct {
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
 	// warnings is a list of warning messages to return to the requesting API client.
 	// Warning messages describe a problem the client making the API request should correct or be aware of.
 	// Limit warnings to 120 characters if possible.
 	// Warnings over 256 characters and large numbers of warnings may be truncated.
 	// +optional
 	Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"`
 }
 // PatchType is the type of patch being used to represent the mutated object
--- a/staging/src/k8s.io/api/admission/v1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/admission/v1/types_swagger_doc_generated.go
@ -58,6 +58,7 @@ var map_AdmissionResponse = map[string]string{
 	"patch":            "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
 	"patchType":        "The type of Patch. Currently we only allow \"JSONPatch\".",
 	"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
 	"warnings":         "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.",
 }
 func (AdmissionResponse) SwaggerDoc() map[string]string {
--- a/staging/src/k8s.io/api/admission/v1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/admission/v1/zz_generated.deepcopy.go
@ -87,6 +87,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
 			(*out)[key] = val
 		}
 	}
 	if in.Warnings != nil {
 		in, out := &in.Warnings, &out.Warnings
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
 	return
 }
--- a/staging/src/k8s.io/api/admission/v1beta1/generated.pb.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/generated.pb.go
@ -143,64 +143,65 @@ func init() {
 }
 var fileDescriptor_b87c2352de86eab9 = []byte{
-	// 902 bytes of a gzipped FileDescriptorProto
+	// 925 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0x1b, 0x45,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcb, 0x6e, 0x23, 0x45,
-	0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0xb4, 0xb2, 0xd0, 0xda, 0xe4, 0x80,
+	0x17, 0x76, 0x8f, 0x1d, 0xdb, 0x5d, 0xce, 0x3f, 0xf6, 0xd4, 0xfc, 0x48, 0x2d, 0x0b, 0xb5, 0x4d,
-	0x82, 0xd4, 0xcc, 0x92, 0x08, 0xaa, 0xa8, 0xe2, 0x92, 0x25, 0x11, 0x0a, 0x48, 0x4d, 0x34, 0xad,
+	0x16, 0xc8, 0x48, 0x93, 0x6a, 0x12, 0xc1, 0x28, 0x1a, 0xb1, 0x49, 0x93, 0x08, 0x05, 0xa4, 0x49,
-	0x51, 0xe1, 0x80, 0x34, 0xf6, 0x4e, 0xed, 0xc5, 0xf6, 0xcc, 0xb2, 0x33, 0xeb, 0xe0, 0x1b, 0xe2,
+	0x54, 0x33, 0x86, 0x81, 0x05, 0x52, 0xd9, 0xae, 0xb1, 0x1b, 0xdb, 0x55, 0x4d, 0x57, 0xb5, 0x83,
-	0xca, 0x85, 0x6f, 0xc0, 0x87, 0xe1, 0x92, 0x63, 0x8f, 0x3d, 0x59, 0xc4, 0x7c, 0x8b, 0x9c, 0xd0,
+	0x77, 0xec, 0xd9, 0xf0, 0x06, 0xbc, 0x00, 0x6f, 0xc1, 0x26, 0xcb, 0x59, 0xce, 0xca, 0x22, 0xe6,
-	0xcc, 0xce, 0x7a, 0xb7, 0x76, 0x02, 0xfd, 0xc3, 0xc9, 0xf3, 0xfe, 0xfc, 0x7e, 0xef, 0xf9, 0xf7,
+	0x2d, 0xb2, 0x42, 0x55, 0x5d, 0x7d, 0x19, 0x27, 0x81, 0xb9, 0xb0, 0x72, 0x9f, 0xcb, 0xf7, 0x9d,
-	0x76, 0xde, 0x80, 0x93, 0xf1, 0xa1, 0x40, 0x21, 0xf7, 0xc6, 0x49, 0x9f, 0xc6, 0x8c, 0x4a, 0x2a,
+	0xe3, 0xef, 0xf4, 0x39, 0x0d, 0x8e, 0xa7, 0x07, 0x02, 0x05, 0xdc, 0x9b, 0xc6, 0x03, 0x1a, 0x31,
-	0xbc, 0x19, 0x65, 0x01, 0x8f, 0x3d, 0x13, 0x20, 0x51, 0xe8, 0x91, 0x60, 0x1a, 0x0a, 0x11, 0x72,
+	0x2a, 0xa9, 0xf0, 0x16, 0x94, 0x8d, 0x78, 0xe4, 0x99, 0x00, 0x09, 0x03, 0x8f, 0x8c, 0xe6, 0x81,
-	0xe6, 0xcd, 0xf6, 0xfb, 0x54, 0x92, 0x7d, 0x6f, 0x48, 0x19, 0x8d, 0x89, 0xa4, 0x01, 0x8a, 0x62,
+	0x10, 0x01, 0x67, 0xde, 0x62, 0x6f, 0x40, 0x25, 0xd9, 0xf3, 0xc6, 0x94, 0xd1, 0x88, 0x48, 0x3a,
-	0x2e, 0x39, 0xfc, 0x30, 0xcd, 0x46, 0x24, 0x0a, 0xd1, 0x2a, 0x1b, 0x99, 0xec, 0xf6, 0xde, 0x30,
+	0x42, 0x61, 0xc4, 0x25, 0x87, 0xef, 0x27, 0xd9, 0x88, 0x84, 0x01, 0xca, 0xb2, 0x91, 0xc9, 0x6e,
-	0x94, 0xa3, 0xa4, 0x8f, 0x06, 0x7c, 0xea, 0x0d, 0xf9, 0x90, 0x7b, 0x1a, 0xd4, 0x4f, 0x9e, 0x6b,
+	0xef, 0x8e, 0x03, 0x39, 0x89, 0x07, 0x68, 0xc8, 0xe7, 0xde, 0x98, 0x8f, 0xb9, 0xa7, 0x41, 0x83,
-	0x4b, 0x1b, 0xfa, 0x94, 0x92, 0xb5, 0x1f, 0x14, 0x4b, 0x27, 0x72, 0x44, 0x99, 0x0c, 0x07, 0x44,
+	0xf8, 0xb9, 0xb6, 0xb4, 0xa1, 0x9f, 0x12, 0xb2, 0xf6, 0x83, 0x62, 0xe9, 0x58, 0x4e, 0x28, 0x93,
-	0xa6, 0xf5, 0xd7, 0x4b, 0xb7, 0x3f, 0xcb, 0xb3, 0xa7, 0x64, 0x30, 0x0a, 0x19, 0x8d, 0xe7, 0x5e,
+	0xc1, 0x90, 0xc8, 0xa4, 0xfe, 0x66, 0xe9, 0xf6, 0x27, 0x79, 0xf6, 0x9c, 0x0c, 0x27, 0x01, 0xa3,
-	0x34, 0x1e, 0x2a, 0x87, 0xf0, 0xa6, 0x54, 0x92, 0x9b, 0x50, 0xde, 0x6d, 0xa8, 0x38, 0x61, 0x32,
+	0xd1, 0xd2, 0x0b, 0xa7, 0x63, 0xe5, 0x10, 0xde, 0x9c, 0x4a, 0x72, 0x13, 0xca, 0xbb, 0x0d, 0x15,
-	0x9c, 0xd2, 0x0d, 0xc0, 0xc3, 0xff, 0x02, 0x88, 0xc1, 0x88, 0x4e, 0xc9, 0x3a, 0x6e, 0xe7, 0x0f,
+	0xc5, 0x4c, 0x06, 0x73, 0x7a, 0x0d, 0xf0, 0xf0, 0xdf, 0x00, 0x62, 0x38, 0xa1, 0x73, 0xb2, 0x89,
-	0x1b, 0xb4, 0x8e, 0x32, 0x45, 0x30, 0xfd, 0x29, 0xa1, 0x42, 0x42, 0x1f, 0x94, 0x93, 0x30, 0x70,
+	0xdb, 0xf9, 0xcd, 0x06, 0xad, 0xc3, 0x54, 0x11, 0x4c, 0x7f, 0x8c, 0xa9, 0x90, 0xd0, 0x07, 0xe5,
-	0xac, 0xae, 0xb5, 0x6b, 0xfb, 0x9f, 0x5e, 0x2e, 0x3a, 0xa5, 0xe5, 0xa2, 0x53, 0xee, 0x9d, 0x1e,
+	0x38, 0x18, 0x39, 0x56, 0xd7, 0xea, 0xd9, 0xfe, 0xc7, 0x17, 0xab, 0x4e, 0x69, 0xbd, 0xea, 0x94,
-	0x5f, 0x2f, 0x3a, 0x1f, 0xdd, 0x56, 0x48, 0xce, 0x23, 0x2a, 0x50, 0xef, 0xf4, 0x18, 0x2b, 0x30,
+	0xfb, 0x27, 0x47, 0x57, 0xab, 0xce, 0x07, 0xb7, 0x15, 0x92, 0xcb, 0x90, 0x0a, 0xd4, 0x3f, 0x39,
-	0x7c, 0x06, 0x2a, 0xe3, 0x90, 0x05, 0xce, 0x9d, 0xae, 0xb5, 0xdb, 0x38, 0x78, 0x88, 0xf2, 0x09,
+	0xc2, 0x0a, 0x0c, 0x9f, 0x81, 0xca, 0x34, 0x60, 0x23, 0xe7, 0x4e, 0xd7, 0xea, 0x35, 0xf6, 0x1f,
-	0xac, 0x60, 0x28, 0x1a, 0x0f, 0x95, 0x43, 0x20, 0x25, 0x03, 0x9a, 0xed, 0xa3, 0xaf, 0x62, 0x9e,
+	0xa2, 0x7c, 0x02, 0x19, 0x0c, 0x85, 0xd3, 0xb1, 0x72, 0x08, 0xa4, 0x64, 0x40, 0x8b, 0x3d, 0xf4,
-	0x44, 0xdf, 0xd2, 0x58, 0x35, 0xf3, 0x4d, 0xc8, 0x02, 0x7f, 0xdb, 0x14, 0xaf, 0x28, 0x0b, 0x6b,
+	0x45, 0xc4, 0xe3, 0xf0, 0x6b, 0x1a, 0xa9, 0x66, 0xbe, 0x0a, 0xd8, 0xc8, 0xdf, 0x36, 0xc5, 0x2b,
-	0x46, 0x38, 0x02, 0xf5, 0x98, 0x0a, 0x9e, 0xc4, 0x03, 0xea, 0x94, 0x35, 0xfb, 0xa3, 0x37, 0x67,
+	0xca, 0xc2, 0x9a, 0x11, 0x4e, 0x40, 0x3d, 0xa2, 0x82, 0xc7, 0xd1, 0x90, 0x3a, 0x65, 0xcd, 0xfe,
-	0xc7, 0x86, 0xc1, 0x6f, 0x99, 0x0a, 0xf5, 0xcc, 0x83, 0x57, 0xec, 0xf0, 0x73, 0xd0, 0x10, 0x49,
+	0xe8, 0xcd, 0xd9, 0xb1, 0x61, 0xf0, 0x5b, 0xa6, 0x42, 0x3d, 0xf5, 0xe0, 0x8c, 0x1d, 0x7e, 0x0a,
-	0x3f, 0x0b, 0x38, 0x15, 0xad, 0xc7, 0x7d, 0x03, 0x68, 0x3c, 0xc9, 0x43, 0xb8, 0x98, 0x07, 0x43,
+	0x1a, 0x22, 0x1e, 0xa4, 0x01, 0xa7, 0xa2, 0xf5, 0xb8, 0x6f, 0x00, 0x8d, 0x27, 0x79, 0x08, 0x17,
-	0xd0, 0x88, 0x53, 0x25, 0x55, 0xd7, 0xce, 0x7b, 0xef, 0xa4, 0x40, 0x53, 0x95, 0xc2, 0x39, 0x1d,
+	0xf3, 0x60, 0x00, 0x1a, 0x51, 0xa2, 0xa4, 0xea, 0xda, 0xf9, 0xdf, 0x3b, 0x29, 0xd0, 0x54, 0xa5,
-	0x2e, 0x72, 0xc3, 0x39, 0x68, 0x1a, 0x73, 0xd5, 0xe5, 0xdd, 0x77, 0x96, 0xe4, 0xfe, 0x72, 0xd1,
+	0x70, 0x4e, 0x87, 0x8b, 0xdc, 0x70, 0x09, 0x9a, 0xc6, 0xcc, 0xba, 0xbc, 0xfb, 0xce, 0x92, 0xdc,
-	0x69, 0xe2, 0x57, 0x69, 0xf1, 0x7a, 0x1d, 0xf8, 0x35, 0x80, 0xc6, 0x55, 0x10, 0xc2, 0x69, 0x6a,
+	0x5f, 0xaf, 0x3a, 0x4d, 0xfc, 0x2a, 0x2d, 0xde, 0xac, 0x03, 0xbf, 0x04, 0xd0, 0xb8, 0x0a, 0x42,
-	0x8d, 0xda, 0x46, 0x23, 0x88, 0x37, 0x32, 0xf0, 0x0d, 0x28, 0xd8, 0x05, 0x15, 0x46, 0xa6, 0xd4,
+	0x38, 0x4d, 0xad, 0x51, 0xdb, 0x68, 0x04, 0xf1, 0xb5, 0x0c, 0x7c, 0x03, 0x0a, 0x76, 0x41, 0x85,
-	0xd9, 0xd2, 0xe8, 0xd5, 0xd0, 0x1f, 0x93, 0x29, 0xc5, 0x3a, 0x02, 0x3d, 0x60, 0xab, 0x5f, 0x11,
+	0x91, 0x39, 0x75, 0xb6, 0x34, 0x3a, 0x1b, 0xfa, 0x63, 0x32, 0xa7, 0x58, 0x47, 0xa0, 0x07, 0x6c,
-	0x91, 0x01, 0x75, 0xaa, 0x3a, 0xed, 0x9e, 0x49, 0xb3, 0x1f, 0x67, 0x01, 0x9c, 0xe7, 0xc0, 0x2f,
+	0xf5, 0x2b, 0x42, 0x32, 0xa4, 0x4e, 0x55, 0xa7, 0xdd, 0x33, 0x69, 0xf6, 0xe3, 0x34, 0x80, 0xf3,
-	0x80, 0xcd, 0x23, 0xf5, 0xa9, 0x87, 0x9c, 0x39, 0x35, 0x0d, 0x70, 0x33, 0xc0, 0x59, 0x16, 0xb8,
+	0x1c, 0xf8, 0x19, 0xb0, 0x79, 0xa8, 0x5e, 0xf5, 0x80, 0x33, 0xa7, 0xa6, 0x01, 0x6e, 0x0a, 0x38,
-	0x2e, 0x1a, 0x38, 0x07, 0xc0, 0xa7, 0xa0, 0x9e, 0x08, 0x1a, 0x9f, 0xb2, 0xe7, 0xdc, 0xa9, 0x6b,
+	0x4d, 0x03, 0x57, 0x45, 0x03, 0xe7, 0x00, 0xf8, 0x14, 0xd4, 0x63, 0x41, 0xa3, 0x13, 0xf6, 0x9c,
-	0x41, 0x3f, 0x46, 0xc5, 0x1d, 0xf2, 0xca, 0xb5, 0x57, 0x42, 0xf6, 0x4c, 0x76, 0xfe, 0x3d, 0x65,
+	0x3b, 0x75, 0x2d, 0xe8, 0x87, 0xa8, 0x78, 0x43, 0x5e, 0x59, 0x7b, 0x25, 0x64, 0xdf, 0x64, 0xe7,
-	0x1e, 0xbc, 0x62, 0x82, 0x3d, 0x50, 0xe5, 0xfd, 0x1f, 0xe9, 0x40, 0x3a, 0xb6, 0xe6, 0xdc, 0xbb,
+	0xef, 0x53, 0xea, 0xc1, 0x19, 0x13, 0xec, 0x83, 0x2a, 0x1f, 0xfc, 0x40, 0x87, 0xd2, 0xb1, 0x35,
-	0x75, 0x48, 0xe6, 0xd6, 0x22, 0x4c, 0x2e, 0x4e, 0x7e, 0x96, 0x94, 0xa9, 0xf9, 0xf8, 0x77, 0x0d,
+	0xe7, 0xee, 0xad, 0x43, 0x32, 0x5b, 0x8b, 0x30, 0x39, 0x3f, 0xfe, 0x49, 0x52, 0xa6, 0xe6, 0xe3,
-	0x75, 0xf5, 0x4c, 0x93, 0x60, 0x43, 0x06, 0x7f, 0x00, 0x36, 0x9f, 0x04, 0xa9, 0xd3, 0x01, 0x6f,
+	0xdf, 0x35, 0xd4, 0xd5, 0x53, 0x4d, 0x82, 0x0d, 0x19, 0xfc, 0x1e, 0xd8, 0x7c, 0x36, 0x4a, 0x9c,
-	0xc3, 0xbc, 0x92, 0xf2, 0x2c, 0xe3, 0xc1, 0x39, 0x25, 0xdc, 0x01, 0xd5, 0x20, 0x9e, 0xe3, 0x84,
+	0x0e, 0x78, 0x1b, 0xe6, 0x4c, 0xca, 0xd3, 0x94, 0x07, 0xe7, 0x94, 0x70, 0x07, 0x54, 0x47, 0xd1,
-	0x39, 0x8d, 0xae, 0xb5, 0x5b, 0xf7, 0x81, 0xea, 0xe1, 0x58, 0x7b, 0xb0, 0x89, 0xc0, 0x67, 0xa0,
+	0x12, 0xc7, 0xcc, 0x69, 0x74, 0xad, 0x5e, 0xdd, 0x07, 0xaa, 0x87, 0x23, 0xed, 0xc1, 0x26, 0x02,
-	0xc6, 0x23, 0x25, 0x86, 0x70, 0xb6, 0xdf, 0xa6, 0x83, 0xa6, 0xe9, 0xa0, 0x76, 0x96, 0xb2, 0xe0,
+	0x9f, 0x81, 0x1a, 0x0f, 0x95, 0x18, 0xc2, 0xd9, 0x7e, 0x9b, 0x0e, 0x9a, 0xa6, 0x83, 0xda, 0x69,
-	0x8c, 0x6e, 0xe7, 0xd7, 0x0a, 0xb8, 0x57, 0xd8, 0x50, 0x22, 0xe2, 0x4c, 0xd0, 0xff, 0x65, 0x45,
+	0xc2, 0x82, 0x53, 0xba, 0x9d, 0xdf, 0x2b, 0xe0, 0x5e, 0xe1, 0x42, 0x89, 0x90, 0x33, 0x41, 0xff,
-	0x7d, 0x02, 0x6a, 0x64, 0x32, 0xe1, 0x17, 0x34, 0xdd, 0x52, 0xf5, 0xbc, 0x89, 0xa3, 0xd4, 0x8d,
+	0x93, 0x13, 0xf5, 0x11, 0xa8, 0x91, 0xd9, 0x8c, 0x9f, 0xd3, 0xe4, 0x4a, 0xd5, 0xf3, 0x26, 0x0e,
-	0xb3, 0x38, 0x3c, 0x07, 0x55, 0x21, 0x89, 0x4c, 0x84, 0xd9, 0x38, 0x0f, 0x5e, 0xef, 0x7a, 0x3d,
+	0x13, 0x37, 0x4e, 0xe3, 0xf0, 0x0c, 0x54, 0x85, 0x24, 0x32, 0x16, 0xe6, 0xe2, 0x3c, 0x78, 0xbd,
-	0xd1, 0x98, 0x54, 0x30, 0x4c, 0x45, 0x32, 0x91, 0xd8, 0xf0, 0xc0, 0x0e, 0xd8, 0x8a, 0x88, 0x1c,
+	0xf5, 0x7a, 0xa2, 0x31, 0x89, 0x60, 0x98, 0x8a, 0x78, 0x26, 0xb1, 0xe1, 0x81, 0x1d, 0xb0, 0x15,
-	0x8c, 0xf4, 0x56, 0xd9, 0xf6, 0xed, 0xe5, 0xa2, 0xb3, 0x75, 0xae, 0x1c, 0x38, 0xf5, 0xc3, 0x43,
+	0x12, 0x39, 0x9c, 0xe8, 0xab, 0xb2, 0xed, 0xdb, 0xeb, 0x55, 0x67, 0xeb, 0x4c, 0x39, 0x70, 0xe2,
-	0x60, 0xeb, 0xc3, 0xd3, 0x79, 0x94, 0x5d, 0x8c, 0xb6, 0x1a, 0xd1, 0x79, 0xe6, 0xbc, 0x2e, 0x1a,
+	0x87, 0x07, 0xc0, 0xd6, 0x0f, 0x4f, 0x97, 0x61, 0xba, 0x18, 0x6d, 0x35, 0xa2, 0xb3, 0xd4, 0x79,
-	0x38, 0x4f, 0x86, 0xbf, 0x59, 0xa0, 0x45, 0x92, 0x20, 0x94, 0x47, 0x8c, 0x71, 0x49, 0xd2, 0xa9,
+	0x55, 0x34, 0x70, 0x9e, 0x0c, 0x7f, 0xb1, 0x40, 0x8b, 0xc4, 0xa3, 0x40, 0x1e, 0x32, 0xc6, 0x25,
-	0x54, 0xbb, 0xe5, 0xdd, 0xc6, 0xc1, 0x09, 0xfa, 0xb7, 0x97, 0x10, 0x6d, 0xe8, 0x8c, 0x8e, 0xd6,
+	0x49, 0xa6, 0x52, 0xed, 0x96, 0x7b, 0x8d, 0xfd, 0x63, 0xf4, 0x4f, 0x5f, 0x42, 0x74, 0x4d, 0x67,
-	0x78, 0x4e, 0x98, 0x8c, 0xe7, 0xbe, 0x63, 0x84, 0x6a, 0xad, 0x87, 0xf1, 0x46, 0xe1, 0xf6, 0x97,
+	0x74, 0xb8, 0xc1, 0x73, 0xcc, 0x64, 0xb4, 0xf4, 0x1d, 0x23, 0x54, 0x6b, 0x33, 0x8c, 0xaf, 0x15,
-	0xe0, 0x83, 0x1b, 0x49, 0x60, 0x0b, 0x94, 0xc7, 0x74, 0x9e, 0x8e, 0x10, 0xab, 0x23, 0x7c, 0x1f,
+	0x86, 0x3d, 0x50, 0x3f, 0x27, 0x11, 0x0b, 0xd8, 0x58, 0x38, 0xb5, 0x6e, 0x59, 0xed, 0xb7, 0x5a,
-	0x6c, 0xcd, 0xc8, 0x24, 0xa1, 0x7a, 0x1c, 0x36, 0x4e, 0x8d, 0x47, 0x77, 0x0e, 0xad, 0x9d, 0x3f,
+	0x8f, 0x6f, 0x8c, 0x0f, 0x67, 0xd1, 0xf6, 0xe7, 0xe0, 0xbd, 0x1b, 0xcb, 0xc1, 0x16, 0x28, 0x4f,
-	0x2d, 0xd0, 0x2c, 0x34, 0x37, 0x0b, 0xe9, 0x05, 0xec, 0x81, 0x9a, 0x59, 0x25, 0x9a, 0xa3, 0x71,
+	0xe9, 0x32, 0x19, 0x36, 0x56, 0x8f, 0xf0, 0xff, 0x60, 0x6b, 0x41, 0x66, 0x31, 0xd5, 0x83, 0xb3,
-	0x80, 0x5e, 0xfb, 0xcf, 0x69, 0x94, 0xdf, 0x50, 0xa3, 0xce, 0xf6, 0x5c, 0xc6, 0x05, 0xbf, 0xd3,
+	0x71, 0x62, 0x3c, 0xba, 0x73, 0x60, 0xed, 0xfc, 0x61, 0x81, 0x66, 0xe1, 0x6f, 0x2c, 0x02, 0x7a,
-	0xcf, 0x8b, 0xfe, 0xf7, 0xe6, 0xf1, 0xf2, 0xde, 0x50, 0x34, 0x7f, 0xdb, 0xbc, 0x27, 0xda, 0xc2,
+	0x0e, 0xfb, 0xa0, 0x66, 0x8e, 0x8e, 0xe6, 0x68, 0xec, 0xa3, 0xd7, 0x96, 0x41, 0xa3, 0xfc, 0x86,
-	0x2b, 0x3a, 0x7f, 0xef, 0xf2, 0xca, 0x2d, 0xbd, 0xb8, 0x72, 0x4b, 0x2f, 0xaf, 0xdc, 0xd2, 0x2f,
+	0x7a, 0x29, 0xd2, 0x8b, 0x98, 0x72, 0xc1, 0x6f, 0xf5, 0x87, 0x48, 0xeb, 0x64, 0x3e, 0x73, 0xde,
-	0x4b, 0xd7, 0xba, 0x5c, 0xba, 0xd6, 0x8b, 0xa5, 0x6b, 0xbd, 0x5c, 0xba, 0xd6, 0x5f, 0x4b, 0xd7,
+	0x1b, 0xca, 0x9b, 0x48, 0x91, 0x5a, 0x38, 0xa3, 0xf3, 0x77, 0x2f, 0x2e, 0xdd, 0xd2, 0x8b, 0x4b,
-	0xfa, 0xfd, 0x6f, 0xb7, 0xf4, 0x7d, 0xcd, 0x10, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x8b, 0xd1,
+	0xb7, 0xf4, 0xf2, 0xd2, 0x2d, 0xfd, 0xbc, 0x76, 0xad, 0x8b, 0xb5, 0x6b, 0xbd, 0x58, 0xbb, 0xd6,
-	0x27, 0x74, 0xfd, 0x08, 0x00, 0x00,
+	0xcb, 0xb5, 0x6b, 0xfd, 0xb9, 0x76, 0xad, 0x5f, 0xff, 0x72, 0x4b, 0xdf, 0xd5, 0x0c, 0xf1, 0xdf,
 	0x01, 0x00, 0x00, 0xff, 0xff, 0x6c, 0x23, 0xa1, 0xd9, 0x27, 0x09, 0x00, 0x00,
 }
 func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) {
@ -370,6 +371,15 @@ func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	_ = i
 	var l int
 	_ = l
 	if len(m.Warnings) > 0 {
 		for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
 			i -= len(m.Warnings[iNdEx])
 			copy(dAtA[i:], m.Warnings[iNdEx])
 			i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx])))
 			i--
 			dAtA[i] = 0x3a
 		}
 	}
 	if len(m.AuditAnnotations) > 0 {
 		keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations))
 		for k := range m.AuditAnnotations {
@ -567,6 +577,12 @@ func (m *AdmissionResponse) Size() (n int) {
 			n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize))
 		}
 	}
 	if len(m.Warnings) > 0 {
 		for _, s := range m.Warnings {
 			l = len(s)
 			n += 1 + l + sovGenerated(uint64(l))
 		}
 	}
 	return n
 }
@ -638,6 +654,7 @@ func (this *AdmissionResponse) String() string {
 		`Patch:` + valueToStringGenerated(this.Patch) + `,`,
 		`PatchType:` + valueToStringGenerated(this.PatchType) + `,`,
 		`AuditAnnotations:` + mapStringForAuditAnnotations + `,`,
 		`Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1508,6 +1525,38 @@ func (m *AdmissionResponse) Unmarshal(dAtA []byte) error {
 			}
 			m.AuditAnnotations[mapkey] = mapvalue
 			iNdEx = postIndex
 		case 7:
 			if wireType != 2 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType)
 			}
 			var stringLen uint64
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowGenerated
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				stringLen |= uint64(b&0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			intStringLen := int(stringLen)
 			if intStringLen < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			postIndex := iNdEx + intStringLen
 			if postIndex < 0 {
 				return ErrInvalidLengthGenerated
 			}
 			if postIndex > l {
 				return io.ErrUnexpectedEOF
 			}
 			m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex]))
 			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipGenerated(dAtA[iNdEx:])
--- a/staging/src/k8s.io/api/admission/v1beta1/generated.proto
+++ b/staging/src/k8s.io/api/admission/v1beta1/generated.proto
@ -145,6 +145,13 @@ message AdmissionResponse {
  // the admission webhook to add additional context to the audit log for this request.
  // +optional
  map<string, string> auditAnnotations = 6;
  // warnings is a list of warning messages to return to the requesting API client.
  // Warning messages describe a problem the client making the API request should correct or be aware of.
  // Limit warnings to 120 characters if possible.
  // Warnings over 256 characters and large numbers of warnings may be truncated.
  // +optional
  repeated string warnings = 7;
 }
 // AdmissionReview describes an admission review request/response.
--- a/staging/src/k8s.io/api/admission/v1beta1/types.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/types.go
@ -145,6 +145,13 @@ type AdmissionResponse struct {
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"`
 	// warnings is a list of warning messages to return to the requesting API client.
 	// Warning messages describe a problem the client making the API request should correct or be aware of.
 	// Limit warnings to 120 characters if possible.
 	// Warnings over 256 characters and large numbers of warnings may be truncated.
 	// +optional
 	Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"`
 }
 // PatchType is the type of patch being used to represent the mutated object
--- a/staging/src/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go
@ -58,6 +58,7 @@ var map_AdmissionResponse = map[string]string{
 	"patch":            "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.",
 	"patchType":        "The type of Patch. Currently we only allow \"JSONPatch\".",
 	"auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.",
 	"warnings":         "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.",
 }
 func (AdmissionResponse) SwaggerDoc() map[string]string {
--- a/staging/src/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go
+++ b/staging/src/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go
@ -87,6 +87,11 @@ func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) {
 			(*out)[key] = val
 		}
 	}
 	if in.Warnings != nil {
 		in, out := &in.Warnings, &out.Warnings
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
 	return
 }
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.json
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.json
@ -76,6 +76,9 @@
    "patchType": "-Ǐ忄*齧獚敆Ȏțê",
    "auditAnnotations": {
      "30": "31"
-    }
+    },
    "warnings": [
      "32"
    ]
  }
 }
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.pb
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.pb
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.yaml
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1.AdmissionReview.yaml
@ -78,3 +78,5 @@ response:
    reason: Hr鯹)晿<o,c鮽ort昍řČ扷5Ɨ
    status: "23"
  uid: 輂]¨&桰]]æȌ殸2爟¼ªov鈶
  warnings:
  - "32"
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.json
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.json
@ -76,6 +76,9 @@
    "patchType": "-Ǐ忄*齧獚敆Ȏțê",
    "auditAnnotations": {
      "30": "31"
-    }
+    },
    "warnings": [
      "32"
    ]
  }
 }
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.pb
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.pb
--- a/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.yaml
+++ b/staging/src/k8s.io/api/testdata/HEAD/admission.k8s.io.v1beta1.AdmissionReview.yaml
@ -78,3 +78,5 @@ response:
    reason: Hr鯹)晿<o,c鮽ort昍řČ扷5Ɨ
    status: "23"
  uid: 輂]¨&桰]]æȌ殸2爟¼ªov鈶
  warnings:
  - "32"
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/BUILD
@ -30,6 +30,7 @@ go_library(
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/apis/audit:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/warning:go_default_library",
        "//vendor/github.com/evanphx/json-patch:go_default_library",
        "//vendor/k8s.io/klog/v2:go_default_library",
        "//vendor/k8s.io/utils/trace:go_default_library",
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
@ -43,6 +43,7 @@ import (
 	webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
 	auditinternal "k8s.io/apiserver/pkg/apis/audit"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
 	"k8s.io/apiserver/pkg/warning"
 	utiltrace "k8s.io/utils/trace"
 )
@ -267,6 +268,9 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
 			klog.Warningf("Failed to set admission audit annotation %s to %s for mutating webhook %s: %v", key, v, h.Name, err)
 		}
 	}
 	for _, w := range result.Warnings {
 		warning.AddWarning(ctx, "", w)
 	}
 	if !result.Allowed {
 		return false, &webhookutil.ErrWebhookRejection{Status: webhookerrors.ToStatusErr(h.Name, result.Result)}
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request/admissionreview.go
@ -36,6 +36,7 @@ type AdmissionResponse struct {
 	Patch            []byte
 	PatchType        admissionv1.PatchType
 	Result           *metav1.Status
 	Warnings         []string
 }
 // VerifyAdmissionResponse checks the validity of the provided admission review object, and returns the
@ -93,6 +94,7 @@ func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object
 			Patch:            patch,
 			PatchType:        patchType,
 			Result:           r.Response.Result,
 			Warnings:         r.Response.Warnings,
 		}, nil
 	case *admissionv1beta1.AdmissionReview:
@ -118,6 +120,7 @@ func VerifyAdmissionResponse(uid types.UID, mutating bool, review runtime.Object
 			Patch:            patch,
 			PatchType:        patchType,
 			Result:           r.Response.Result,
 			Warnings:         r.Response.Warnings,
 		}, nil
 	default:
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/BUILD
@ -23,6 +23,7 @@ go_library(
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/generic:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/request:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/warning:go_default_library",
        "//vendor/k8s.io/klog/v2:go_default_library",
        "//vendor/k8s.io/utils/trace:go_default_library",
    ],
--- a/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go
+++ b/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go
@ -33,6 +33,7 @@ import (
 	"k8s.io/apiserver/pkg/admission/plugin/webhook/generic"
 	webhookrequest "k8s.io/apiserver/pkg/admission/plugin/webhook/request"
 	webhookutil "k8s.io/apiserver/pkg/util/webhook"
 	"k8s.io/apiserver/pkg/warning"
 	"k8s.io/klog/v2"
 	utiltrace "k8s.io/utils/trace"
 )
@ -227,6 +228,9 @@ func (d *validatingDispatcher) callHook(ctx context.Context, h *v1.ValidatingWeb
 			klog.Warningf("Failed to set admission audit annotation %s to %s for validating webhook %s: %v", key, v, h.Name, err)
 		}
 	}
 	for _, w := range result.Warnings {
 		warning.AddWarning(ctx, "", w)
 	}
 	if result.Allowed {
 		return nil
 	}
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning.go
@ -17,10 +17,13 @@ limitations under the License.
 package filters
 import (
 	"fmt"
 	"net/http"
 	"sync"
 	"unicode/utf8"
 	"k8s.io/apimachinery/pkg/util/net"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apiserver/pkg/warning"
 )
@ -33,10 +36,34 @@ func WithWarningRecorder(handler http.Handler) http.Handler {
 	})
 }
 var (
 	truncateAtTotalRunes = 4 * 1024
 	truncateItemRunes    = 256
 )
 type recordedWarning struct {
 	agent string
 	text  string
 }
 type recorder struct {
-	lock     sync.Mutex
+	// lock guards calls to AddWarning from multiple threads
 	lock sync.Mutex
 	// recorded tracks whether AddWarning was already called with a given text
 	recorded map[string]bool
-	writer   http.ResponseWriter
+
 	// ordered tracks warnings added so they can be replayed and truncated if needed
 	ordered []recordedWarning
 	// written tracks how many runes of text have been added as warning headers
 	written int
 	// truncating tracks if we have already exceeded truncateAtTotalRunes and are now truncating warning messages as we add them
 	truncating bool
 	// writer is the response writer to add warning headers to
 	writer http.ResponseWriter
 }
 func (r *recorder) AddWarning(agent, text string) {
@ -47,6 +74,11 @@ func (r *recorder) AddWarning(agent, text string) {
 	r.lock.Lock()
 	defer r.lock.Unlock()
 	// if we've already exceeded our limit and are already truncating, return early
 	if r.written >= truncateAtTotalRunes && r.truncating {
 		return
 	}
 	// init if needed
 	if r.recorded == nil {
 		r.recorded = map[string]bool{}
@ -57,13 +89,45 @@ func (r *recorder) AddWarning(agent, text string) {
 		return
 	}
 	r.recorded[text] = true
 	r.ordered = append(r.ordered, recordedWarning{agent: agent, text: text})
-	// TODO(liggitt): track total message characters written:
+	// truncate on a rune boundary, if needed
-	// * if this takes us over 4k truncate individual messages to 256 chars and regenerate headers
+	textRuneLength := utf8.RuneCountInString(text)
-	// * if we're already truncating truncate this message to 256 chars
+	if r.truncating && textRuneLength > truncateItemRunes {
-	// * if we're still over 4k omit this message
+		text = string([]rune(text)[:truncateItemRunes])
 		textRuneLength = truncateItemRunes
 	}
-	if header, err := net.NewWarningHeader(299, agent, text); err == nil {
+	// compute the header
 	header, err := net.NewWarningHeader(299, agent, text)
 	if err != nil {
 		return
 	}
 	// if this fits within our limit, or we're already truncating, write and return
 	if r.written+textRuneLength <= truncateAtTotalRunes || r.truncating {
 		r.written += textRuneLength
 		r.writer.Header().Add("Warning", header)
 		return
 	}
 	// otherwise, enable truncation, reset, and replay the existing items as truncated warnings
 	r.truncating = true
 	r.written = 0
 	r.writer.Header().Del("Warning")
 	utilruntime.HandleError(fmt.Errorf("exceeded max warning header size, truncating"))
 	for _, w := range r.ordered {
 		agent := w.agent
 		text := w.text
 		textRuneLength := utf8.RuneCountInString(text)
 		if textRuneLength > truncateItemRunes {
 			text = string([]rune(text)[:truncateItemRunes])
 			textRuneLength = truncateItemRunes
 		}
 		if header, err := net.NewWarningHeader(299, agent, text); err == nil {
 			r.written += textRuneLength
 			r.writer.Header().Add("Warning", header)
 		}
 	}
 }
--- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning_test.go
+++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/warning_test.go
@ -98,3 +98,35 @@ func Test_recorder_AddWarning(t *testing.T) {
 		})
 	}
 }
 func TestTruncation(t *testing.T) {
 	originalTotalRunes, originalItemRunes := truncateAtTotalRunes, truncateItemRunes
 	truncateAtTotalRunes, truncateItemRunes = 25, 5
 	defer func() {
 		truncateAtTotalRunes, truncateItemRunes = originalTotalRunes, originalItemRunes
 	}()
 	responseRecorder := httptest.NewRecorder()
 	warningRecorder := &recorder{writer: responseRecorder}
 	// add items longer than the individual length
 	warningRecorder.AddWarning("", "aaaaaaaaaa")  // long item
 	warningRecorder.AddWarning("-", "aaaaaaaaaa") // duplicate item
 	warningRecorder.AddWarning("", "bb")          // short item
 	warningRecorder.AddWarning("", "ccc")         // short item
 	warningRecorder.AddWarning("", "Iñtërnâtiô")  // long item
 	// check they are preserved
 	if e, a := []string{`299 - "aaaaaaaaaa"`, `299 - "bb"`, `299 - "ccc"`, `299 - "Iñtërnâtiô"`}, responseRecorder.Header()["Warning"]; !reflect.DeepEqual(e, a) {
 		t.Errorf("expected\n%#v\ngot\n%#v", e, a)
 	}
 	// add an item that exceeds the length and triggers truncation, reducing existing items to 15 runes
 	warningRecorder.AddWarning("", "e")          // triggering item, 16 total
 	warningRecorder.AddWarning("", "ffffffffff") // long item to get truncated, 21 total
 	warningRecorder.AddWarning("", "ffffffffff") // duplicate item
 	warningRecorder.AddWarning("", "gggggggggg") // item to get truncated, 26 total
 	warningRecorder.AddWarning("", "h")          // item to get ignored since we're over our limit
 	// check that existing items are truncated, and order preserved
 	if e, a := []string{`299 - "aaaaa"`, `299 - "bb"`, `299 - "ccc"`, `299 - "Iñtër"`, `299 - "e"`, `299 - "fffff"`, `299 - "ggggg"`}, responseRecorder.Header()["Warning"]; !reflect.DeepEqual(e, a) {
 		t.Errorf("expected\n%#v\ngot\n%#v", e, a)
 	}
 }
--- a/test/images/agnhost/webhook/convert.go
+++ b/test/images/agnhost/webhook/convert.go
@ -75,6 +75,7 @@ func convertAdmissionResponseToV1(r *v1beta1.AdmissionResponse) *v1.AdmissionRes
 		Patch:            r.Patch,
 		PatchType:        pt,
 		Result:           r.Result,
 		Warnings:         r.Warnings,
 	}
 }
@ -91,6 +92,7 @@ func convertAdmissionResponseToV1beta1(r *v1.AdmissionResponse) *v1beta1.Admissi
 		Patch:            r.Patch,
 		PatchType:        pt,
 		Result:           r.Result,
 		Warnings:         r.Warnings,
 	}
 }
--- a/test/integration/apiserver/admissionwebhook/admission_test.go
+++ b/test/integration/apiserver/admissionwebhook/admission_test.go
@ -169,6 +169,8 @@ type holder struct {
 	t *testing.T
 	warningHandler *warningHandler
 	recordGVR       metav1.GroupVersionResource
 	recordOperation string
 	recordNamespace string
@ -203,6 +205,7 @@ func (h *holder) reset(t *testing.T) {
 	h.expectOldObject = false
 	h.expectOptionsGVK = schema.GroupVersionKind{}
 	h.expectOptions = false
 	h.warningHandler.reset()
 	// Set up the recorded map with nil records for all combinations
 	h.recorded = map[webhookOptions]*admissionRequest{}
@ -231,6 +234,7 @@ func (h *holder) expect(gvr schema.GroupVersionResource, gvk, optionsGVK schema.
 	h.expectOldObject = oldObject
 	h.expectOptionsGVK = optionsGVK
 	h.expectOptions = options
 	h.warningHandler.reset()
 	// Set up the recorded map with nil records for all combinations
 	h.recorded = map[webhookOptions]*admissionRequest{}
@ -314,13 +318,15 @@ func (h *holder) verify(t *testing.T) {
 	defer h.lock.Unlock()
 	for options, value := range h.recorded {
-		if err := h.verifyRequest(options.converted, value); err != nil {
+		if err := h.verifyRequest(options, value); err != nil {
 			t.Errorf("version: %v, phase:%v, converted:%v error: %v", options.version, options.phase, options.converted, err)
 		}
 	}
 }
-func (h *holder) verifyRequest(converted bool, request *admissionRequest) error {
+func (h *holder) verifyRequest(webhookOptions webhookOptions, request *admissionRequest) error {
 	converted := webhookOptions.converted
 	// Check if current resource should be exempted from Admission processing
 	if admissionExemptResources[gvr(h.recordGVR.Group, h.recordGVR.Version, h.recordGVR.Resource)] {
 		if request == nil {
@ -357,6 +363,10 @@ func (h *holder) verifyRequest(converted bool, request *admissionRequest) error
 		return fmt.Errorf("unexpected options: %#v", request.Options.Object)
 	}
 	if !h.warningHandler.hasWarning(makeWarning(webhookOptions.version, webhookOptions.phase, webhookOptions.converted)) {
 		return fmt.Errorf("no warning received from webhook")
 	}
 	return nil
 }
@ -384,6 +394,34 @@ func (h *holder) verifyOptions(options runtime.Object) error {
 	return nil
 }
 type warningHandler struct {
 	lock     sync.Mutex
 	warnings map[string]bool
 }
 func (w *warningHandler) reset() {
 	w.lock.Lock()
 	defer w.lock.Unlock()
 	w.warnings = map[string]bool{}
 }
 func (w *warningHandler) hasWarning(warning string) bool {
 	w.lock.Lock()
 	defer w.lock.Unlock()
 	return w.warnings[warning]
 }
 func makeWarning(version string, phase string, converted bool) string {
 	return fmt.Sprintf("%v/%v/%v", version, phase, converted)
 }
 func (w *warningHandler) HandleWarningHeader(code int, agent string, message string) {
 	if code != 299 || len(message) == 0 {
 		return
 	}
 	w.lock.Lock()
 	defer w.lock.Unlock()
 	w.warnings[message] = true
 }
 // TestWebhookAdmissionWithWatchCache tests communication between API server and webhook process.
 func TestWebhookAdmissionWithWatchCache(t *testing.T) {
 	testWebhookAdmission(t, true)
@ -399,6 +437,7 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
 	// holder communicates expectations to webhooks, and results from webhooks
 	holder := &holder{
 		t:                 t,
 		warningHandler:    &warningHandler{warnings: map[string]bool{}},
 		gvrToConvertedGVR: map[metav1.GroupVersionResource]metav1.GroupVersionResource{},
 		gvrToConvertedGVK: map[metav1.GroupVersionResource]schema.GroupVersionKind{},
 	}
@ -451,6 +490,7 @@ func testWebhookAdmission(t *testing.T, watchCache bool) {
 	clientConfig := rest.CopyConfig(server.ClientConfig)
 	clientConfig.Impersonate.UserName = testClientUsername
 	clientConfig.Impersonate.Groups = []string{"system:masters", "system:authenticated"}
 	clientConfig.WarningHandler = holder.warningHandler
 	client, err := clientset.NewForConfig(clientConfig)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
@ -1265,6 +1305,9 @@ func newV1beta1WebhookHandler(t *testing.T, holder *holder, phase string, conver
 		review.Kind = ""
 		review.Response.UID = ""
 		// test plumbing warnings back to the client
 		review.Response.Warnings = []string{makeWarning("v1beta1", phase, converted)}
 		// If we're mutating, and have an object, return a patch to exercise conversion
 		if phase == mutation && len(review.Request.Object.Raw) > 0 {
 			review.Response.Patch = []byte(`[{"op":"add","path":"/foo","value":"test"}]`)
@ -1355,6 +1398,9 @@ func newV1WebhookHandler(t *testing.T, holder *holder, phase string, converted b
 			Allowed: true,
 			UID:     review.Request.UID,
 			Result:  &metav1.Status{Message: "admitted"},
 			// test plumbing warnings back
 			Warnings: []string{makeWarning("v1", phase, converted)},
 		}
 		// If we're mutating, and have an object, return a patch to exercise conversion
 		if phase == mutation && len(review.Request.Object.Raw) > 0 {