The registry needs Registry, Scheme, Codecs etc. Because we are in k8s.io/apiserver, we cannot import k8s.io/kubernetes/pkg/api, so i have to create this package.

We need to register the unversioned types to the Scheme, otherwise the API discovery endpoints won't work.

I think we can deprecate this field.

Without commenting it out, the API installation of apisever/v1alpha1 will fail with "no type ExportOptions is registered for v1". This error doesn't occur when installing other k8s APIs because their registry use the k8s.io/kubernetes/pkg/api.Scheme, which installs these metav1 types to all versions, including "v1".

Hrm - we will need this in the future - it's intended to control what version of generic APIs are defaulted by the server, like the forthcoming Table.

Meta types should be registered in your group for now - is there a reason you don't want to?

Shall we call it Verbs or Operations? rbac calls is Verbs, and the authorizer interface call it Verbs, but the admission interface calls it Operations

@whitlockjc and I lean towards Operations.

I agree.

Wow I really object to having a specific API type living in the generic apiserver's registry package. @deads2k did you really want this? ...

OK, Chao is going to move these registry classes into the main repo.

Wow I really object to having a specific API type living in the generic apiserver's registry package. @deads2k did you really want this? ..

I really want to have separate buckets for "generic API server types" and "kube-apiserver types". The types are two distinct buckets. It's easy to have separate buckets and later move them around. It's really hard to put it all into one bucket and then later try to separate some stuff that was mixed in the bucket. Because of that, putting them here is much easier to change than putting them in the main repo.

The first thing you're going to do is claim that the apiserver needs them and so you'll group them in a k8s.io/apis bucket.

What about an alternative where we actually model it as a separate API server that is added to the filter chain like we've done with kube-apiextensions-server? The integration ends up clean and these stay out of kube-apiserver. Until we get the third bucket, the types can live here to avoid a cyclical dependency, but my concerns about "making mud" in the shared API would be ameliorated and you'd have a clear delineation for a proper move once the cycle was resolved.

These are not generic apiserver types, though. The registration api is only going to be hosted by the main apiserver.

But are not the same category of thing as the bucket you are going to place them into for the sake of expedience and I sincerely doubt that any separation will ever be made, so this would live forever alongside jobs, hpas, pod disruption budgets, and a host of other APIs it doesn't belong with.

I think its a real shame to do this, you can't easily unmake soup, but ultimately I'm not willing to sacrifice the feature to keep separate things separate.

These are not generic apiserver types, though. The registration api is only going to be hosted by the main apiserver.

[edit] I think this is a strong argument to not put the api in k8s.io/apiserver

this would live forever alongside jobs, hpas, pod disruption budgets,

I agree. Admission configuration doesn't blend with jobs, hpa, etc. But currently we don't have another place to put API that is served by the apiserver.

I agree. Admission configuration doesn't blend with jobs, hpa, etc. But currently we don't have another place to put API that is served by the apiserver.

I'd prefer to see that place built for something net-new than continue a pattern of placing largely unrelated APIs into the same bucket. It's net new, so no one is going to complain that their cheese moved. If we can't make "the right" place, keeping it logically separate in a less than ideal location (here), makes it possible to move this later with minimal complaint. If we go in the other direction (put it into k8s.io/kubernetes/pkg/apis), then we are extremely unlikely to correct it later.

new place would be best, but we don't have time to build a new place IMO. As long as it's in its own group...

IMO this is a level 2 code separation concern, and we still haven't finished the level 1 code separation.

Put this in doc.go

typo

Comment that operations must match admission.Attributes?

update what about it?

@deads2k the code history is lost during the move to staging. It looks like we used to have a completely different criteria on QualifiedName. Shall I create my own function?

Fixed.

please implement this todo

why not? do we really need to distinguish between empty and nil?

why not?

(maybe 'empty or nil'?)

yeah, should be empty or nil. Done.