Fixed registration of the BanFlunder admission plugin #68417
Conversation
k8s-ci-robot
added
release-note
MikeSpreitzer
changed the title
MikeSpreitzer
force-pushed
the
sample-apiserver-admission-fixes
branch
from
e7c5675 to
a5f9c40
Compare
|
/retest |
|
/assign @cheftako @jennybuckley |
| func Register(plugins *admission.Plugins) { | ||
| plugins.Register("BanFlunder", func(config io.Reader) (admission.Interface, error) { | ||
| func Register(options *serveroptions.AdmissionOptions) { | ||
| options.RecommendedPluginOrder = append(options.RecommendedPluginOrder, "BanFlunder") |
There was a problem hiding this comment.
Plugins appending themselves doesn't seem right… they don't know about other plugins, or what order makes sense, right?
There was a problem hiding this comment.
+1, This seems like something which should be done in k8s.io/sample-apiserver/pkg/cmd/server/start.go.
| // register admission plugins | ||
| banflunder.Register(o.RecommendedOptions.Admission.Plugins) | ||
| banflunder.Register(o.RecommendedOptions.Admission) | ||
|
|
||
| // TODO have a "real" external address | ||
| if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil { |
There was a problem hiding this comment.
@sttts does this call have the info it needs in Complete()?
There was a problem hiding this comment.
If we fix plugin append I think this can go back to being in Config.
| func Register(plugins *admission.Plugins) { | ||
| plugins.Register("BanFlunder", func(config io.Reader) (admission.Interface, error) { | ||
| func Register(options *serveroptions.AdmissionOptions) { | ||
| options.RecommendedPluginOrder = append(options.RecommendedPluginOrder, "BanFlunder") |
There was a problem hiding this comment.
+1, This seems like something which should be done in k8s.io/sample-apiserver/pkg/cmd/server/start.go.
| // register admission plugins | ||
| banflunder.Register(o.RecommendedOptions.Admission.Plugins) | ||
| banflunder.Register(o.RecommendedOptions.Admission) | ||
|
|
||
| // TODO have a "real" external address | ||
| if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil { |
There was a problem hiding this comment.
If we fix plugin append I think this can go back to being in Config.
|
Thanks. I will look into that. |
MikeSpreitzer
force-pushed
the
sample-apiserver-admission-fixes
branch
from
a5f9c40 to
ace4f05
Compare
k8s-ci-robot
added
size/XS
MikeSpreitzer
force-pushed
the
sample-apiserver-admission-fixes
branch
from
ace4f05 to
a5a8885
Compare
|
/retest |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: liggitt, MikeSpreitzer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What this PR does / why we need it:
This PR advances some mutations in
k8s.io/sample-apiserver/pkg/cmd/server/start.gofromConfig()toComplete()so that they happen beforeValidate(). Without this fix, the BanFlunder admission plugin can not be used because it is not yet registered when Validate() happens.Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #68395
Special notes for your reviewer:
This fix reveals one other problem (which I opened as #68418): the instructions for standalone testing do not work when the BanFlunder admission plugin is enabled, its informer gets 404s. However, testing of a similarly patched version of another extension server in its real context does not suffer those 404s.
Release note: