Merge pull request #120018 from liggitt/validating-admission-beta
Store validating admission as beta
This commit is contained in:
Kubernetes Prow Robot
@@ -11,7 +11,7 @@
|
|||||||
"name": "validatingadmissionpolicies",
|
"name": "validatingadmissionpolicies",
|
||||||
"namespaced": false,
|
"namespaced": false,
|
||||||
"singularName": "validatingadmissionpolicy",
|
"singularName": "validatingadmissionpolicy",
|
||||||
"storageVersionHash": "Vd+hadMG3gs=",
|
"storageVersionHash": "P/h9c6yIbaY=",
|
||||||
"verbs": [
|
"verbs": [
|
||||||
"create",
|
"create",
|
||||||
"delete",
|
"delete",
|
||||||
@@ -42,7 +42,7 @@
|
|||||||
"name": "validatingadmissionpolicybindings",
|
"name": "validatingadmissionpolicybindings",
|
||||||
"namespaced": false,
|
"namespaced": false,
|
||||||
"singularName": "validatingadmissionpolicybinding",
|
"singularName": "validatingadmissionpolicybinding",
|
||||||
"storageVersionHash": "Yc3M4GKADk4=",
|
"storageVersionHash": "XYju31JKYek=",
|
||||||
"verbs": [
|
"verbs": [
|
||||||
"create",
|
"create",
|
||||||
"delete",
|
"delete",
|
||||||
|
|||||||
@@ -11,7 +11,7 @@
|
|||||||
"name": "validatingadmissionpolicies",
|
"name": "validatingadmissionpolicies",
|
||||||
"namespaced": false,
|
"namespaced": false,
|
||||||
"singularName": "validatingadmissionpolicy",
|
"singularName": "validatingadmissionpolicy",
|
||||||
"storageVersionHash": "Vd+hadMG3gs=",
|
"storageVersionHash": "P/h9c6yIbaY=",
|
||||||
"verbs": [
|
"verbs": [
|
||||||
"create",
|
"create",
|
||||||
"delete",
|
"delete",
|
||||||
@@ -42,7 +42,7 @@
|
|||||||
"name": "validatingadmissionpolicybindings",
|
"name": "validatingadmissionpolicybindings",
|
||||||
"namespaced": false,
|
"namespaced": false,
|
||||||
"singularName": "validatingadmissionpolicybinding",
|
"singularName": "validatingadmissionpolicybinding",
|
||||||
"storageVersionHash": "Yc3M4GKADk4=",
|
"storageVersionHash": "XYju31JKYek=",
|
||||||
"verbs": [
|
"verbs": [
|
||||||
"create",
|
"create",
|
||||||
"delete",
|
"delete",
|
||||||
|
|||||||
@@ -69,8 +69,8 @@ func NewStorageFactoryConfig() *StorageFactoryConfig {
|
|||||||
//
|
//
|
||||||
// TODO (https://github.com/kubernetes/kubernetes/issues/108451): remove the override in 1.25.
|
// TODO (https://github.com/kubernetes/kubernetes/issues/108451): remove the override in 1.25.
|
||||||
// apisstorage.Resource("csistoragecapacities").WithVersion("v1beta1"),
|
// apisstorage.Resource("csistoragecapacities").WithVersion("v1beta1"),
|
||||||
admissionregistration.Resource("validatingadmissionpolicies").WithVersion("v1alpha1"),
|
admissionregistration.Resource("validatingadmissionpolicies").WithVersion("v1beta1"),
|
||||||
admissionregistration.Resource("validatingadmissionpolicybindings").WithVersion("v1alpha1"),
|
admissionregistration.Resource("validatingadmissionpolicybindings").WithVersion("v1beta1"),
|
||||||
networking.Resource("clustercidrs").WithVersion("v1alpha1"),
|
networking.Resource("clustercidrs").WithVersion("v1alpha1"),
|
||||||
networking.Resource("ipaddresses").WithVersion("v1alpha1"),
|
networking.Resource("ipaddresses").WithVersion("v1alpha1"),
|
||||||
certificates.Resource("clustertrustbundles").WithVersion("v1alpha1"),
|
certificates.Resource("clustertrustbundles").WithVersion("v1alpha1"),
|
||||||
|
|||||||
@@ -354,12 +354,10 @@ func GetEtcdStorageDataForNamespace(namespace string) map[schema.GroupVersionRes
|
|||||||
gvr("admissionregistration.k8s.io", "v1beta1", "validatingadmissionpolicies"): {
|
gvr("admissionregistration.k8s.io", "v1beta1", "validatingadmissionpolicies"): {
|
||||||
Stub: `{"metadata":{"name":"vap1b1","creationTimestamp":null},"spec":{"paramKind":{"apiVersion":"test.example.com/v1","kind":"Example"},"matchConstraints":{"resourceRules": [{"resourceNames": ["fakeName"], "apiGroups":["apps"],"apiVersions":["v1"],"operations":["CREATE", "UPDATE"], "resources":["deployments"]}]},"validations":[{"expression":"object.spec.replicas <= params.maxReplicas","message":"Too many replicas"}]}}`,
|
Stub: `{"metadata":{"name":"vap1b1","creationTimestamp":null},"spec":{"paramKind":{"apiVersion":"test.example.com/v1","kind":"Example"},"matchConstraints":{"resourceRules": [{"resourceNames": ["fakeName"], "apiGroups":["apps"],"apiVersions":["v1"],"operations":["CREATE", "UPDATE"], "resources":["deployments"]}]},"validations":[{"expression":"object.spec.replicas <= params.maxReplicas","message":"Too many replicas"}]}}`,
|
||||||
ExpectedEtcdPath: "/registry/validatingadmissionpolicies/vap1b1",
|
ExpectedEtcdPath: "/registry/validatingadmissionpolicies/vap1b1",
|
||||||
ExpectedGVK: gvkP("admissionregistration.k8s.io", "v1alpha1", "ValidatingAdmissionPolicy"),
|
|
||||||
},
|
},
|
||||||
gvr("admissionregistration.k8s.io", "v1beta1", "validatingadmissionpolicybindings"): {
|
gvr("admissionregistration.k8s.io", "v1beta1", "validatingadmissionpolicybindings"): {
|
||||||
Stub: `{"metadata":{"name":"pb1b1","creationTimestamp":null},"spec":{"policyName":"replicalimit-policy.example.com","paramRef":{"name":"replica-limit-test.example.com","parameterNotFoundAction":"Deny"},"validationActions":["Deny"]}}`,
|
Stub: `{"metadata":{"name":"pb1b1","creationTimestamp":null},"spec":{"policyName":"replicalimit-policy.example.com","paramRef":{"name":"replica-limit-test.example.com","parameterNotFoundAction":"Deny"},"validationActions":["Deny"]}}`,
|
||||||
ExpectedEtcdPath: "/registry/validatingadmissionpolicybindings/pb1b1",
|
ExpectedEtcdPath: "/registry/validatingadmissionpolicybindings/pb1b1",
|
||||||
ExpectedGVK: gvkP("admissionregistration.k8s.io", "v1alpha1", "ValidatingAdmissionPolicyBinding"),
|
|
||||||
},
|
},
|
||||||
// --
|
// --
|
||||||
|
|
||||||
@@ -367,10 +365,12 @@ func GetEtcdStorageDataForNamespace(namespace string) map[schema.GroupVersionRes
|
|||||||
gvr("admissionregistration.k8s.io", "v1alpha1", "validatingadmissionpolicies"): {
|
gvr("admissionregistration.k8s.io", "v1alpha1", "validatingadmissionpolicies"): {
|
||||||
Stub: `{"metadata":{"name":"vap1","creationTimestamp":null},"spec":{"paramKind":{"apiVersion":"test.example.com/v1","kind":"Example"},"matchConstraints":{"resourceRules": [{"resourceNames": ["fakeName"], "apiGroups":["apps"],"apiVersions":["v1"],"operations":["CREATE", "UPDATE"], "resources":["deployments"]}]},"validations":[{"expression":"object.spec.replicas <= params.maxReplicas","message":"Too many replicas"}]}}`,
|
Stub: `{"metadata":{"name":"vap1","creationTimestamp":null},"spec":{"paramKind":{"apiVersion":"test.example.com/v1","kind":"Example"},"matchConstraints":{"resourceRules": [{"resourceNames": ["fakeName"], "apiGroups":["apps"],"apiVersions":["v1"],"operations":["CREATE", "UPDATE"], "resources":["deployments"]}]},"validations":[{"expression":"object.spec.replicas <= params.maxReplicas","message":"Too many replicas"}]}}`,
|
||||||
ExpectedEtcdPath: "/registry/validatingadmissionpolicies/vap1",
|
ExpectedEtcdPath: "/registry/validatingadmissionpolicies/vap1",
|
||||||
|
ExpectedGVK: gvkP("admissionregistration.k8s.io", "v1beta1", "ValidatingAdmissionPolicy"),
|
||||||
},
|
},
|
||||||
gvr("admissionregistration.k8s.io", "v1alpha1", "validatingadmissionpolicybindings"): {
|
gvr("admissionregistration.k8s.io", "v1alpha1", "validatingadmissionpolicybindings"): {
|
||||||
Stub: `{"metadata":{"name":"pb1","creationTimestamp":null},"spec":{"policyName":"replicalimit-policy.example.com","paramRef":{"name":"replica-limit-test.example.com"},"validationActions":["Deny"]}}`,
|
Stub: `{"metadata":{"name":"pb1","creationTimestamp":null},"spec":{"policyName":"replicalimit-policy.example.com","paramRef":{"name":"replica-limit-test.example.com"},"validationActions":["Deny"]}}`,
|
||||||
ExpectedEtcdPath: "/registry/validatingadmissionpolicybindings/pb1",
|
ExpectedEtcdPath: "/registry/validatingadmissionpolicybindings/pb1",
|
||||||
|
ExpectedGVK: gvkP("admissionregistration.k8s.io", "v1beta1", "ValidatingAdmissionPolicyBinding"),
|
||||||
},
|
},
|
||||||
// --
|
// --
|
||||||
|
|
||||||
|
|||||||
@@ -169,28 +169,37 @@ func TestEtcdStoragePath(t *testing.T) {
|
|||||||
fixtureFilenameGroup = "core"
|
fixtureFilenameGroup = "core"
|
||||||
}
|
}
|
||||||
// find all versions of this group/kind in all versions of the serialization fixture testdata
|
// find all versions of this group/kind in all versions of the serialization fixture testdata
|
||||||
previousReleaseGroupKindFiles, err := filepath.Glob("../../../staging/src/k8s.io/api/testdata/*/" + fixtureFilenameGroup + ".*." + expectedGVK.Kind + ".yaml")
|
releaseGroupKindFiles, err := filepath.Glob("../../../staging/src/k8s.io/api/testdata/*/" + fixtureFilenameGroup + ".*." + expectedGVK.Kind + ".yaml")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
if len(previousReleaseGroupKindFiles) == 0 && !allowMissingTestdataFixtures[expectedGVK] {
|
if len(releaseGroupKindFiles) == 0 && !allowMissingTestdataFixtures[expectedGVK] {
|
||||||
// We should at least find the HEAD fixtures
|
// We should at least find the HEAD fixtures
|
||||||
t.Errorf("No testdata serialization files found for %#v, cannot determine if previous releases could read this group/kind. Add this group-version to k8s.io/api/roundtrip_test.go", expectedGVK)
|
t.Errorf("No testdata serialization files found for %#v, cannot determine if previous releases could read this group/kind. Add this group-version to k8s.io/api/roundtrip_test.go", expectedGVK)
|
||||||
}
|
}
|
||||||
// find non-alpha versions of this group/kind understood by previous releases
|
|
||||||
|
// find non-alpha versions of this group/kind understood by current and previous releases
|
||||||
|
currentNonAlphaVersions := sets.NewString()
|
||||||
previousNonAlphaVersions := sets.NewString()
|
previousNonAlphaVersions := sets.NewString()
|
||||||
for _, previousReleaseGroupKindFile := range previousReleaseGroupKindFiles {
|
for _, previousReleaseGroupKindFile := range releaseGroupKindFiles {
|
||||||
if serverVersion := filepath.Base(filepath.Dir(previousReleaseGroupKindFile)); serverVersion == "HEAD" {
|
|
||||||
continue
|
|
||||||
}
|
|
||||||
parts := strings.Split(filepath.Base(previousReleaseGroupKindFile), ".")
|
parts := strings.Split(filepath.Base(previousReleaseGroupKindFile), ".")
|
||||||
version := parts[len(parts)-3]
|
version := parts[len(parts)-3]
|
||||||
if !strings.Contains(version, "alpha") {
|
if !strings.Contains(version, "alpha") {
|
||||||
previousNonAlphaVersions.Insert(version)
|
if serverVersion := filepath.Base(filepath.Dir(previousReleaseGroupKindFile)); serverVersion == "HEAD" {
|
||||||
|
currentNonAlphaVersions.Insert(version)
|
||||||
|
} else {
|
||||||
|
previousNonAlphaVersions.Insert(version)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(previousNonAlphaVersions) > 0 && !previousNonAlphaVersions.Has(expectedGVK.Version) {
|
if len(currentNonAlphaVersions) > 0 && strings.Contains(expectedGVK.Version, "alpha") {
|
||||||
t.Errorf("Previous releases understand non-alpha versions %q, but do not understand the expected current storage version %q. "+
|
t.Errorf("Non-alpha versions %q exist, but the expected storage version is %q. Prefer beta or GA storage versions over alpha.",
|
||||||
|
currentNonAlphaVersions.List(),
|
||||||
|
expectedGVK.Version,
|
||||||
|
)
|
||||||
|
}
|
||||||
|
if !strings.Contains(expectedGVK.Version, "alpha") && len(previousNonAlphaVersions) > 0 && !previousNonAlphaVersions.Has(expectedGVK.Version) {
|
||||||
|
t.Errorf("Previous releases understand non-alpha versions %q, but do not understand the expected current non-alpha storage version %q. "+
|
||||||
"This means a current server will store data in etcd that is not understood by a previous version.",
|
"This means a current server will store data in etcd that is not understood by a previous version.",
|
||||||
previousNonAlphaVersions.List(),
|
previousNonAlphaVersions.List(),
|
||||||
expectedGVK.Version,
|
expectedGVK.Version,
|
||||||
|
|||||||
Reference in New Issue
Block a user