Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admission Controller Validation #5250

Merged
merged 1 commit into from
Jun 11, 2018
Merged

Admission Controller Validation #5250

merged 1 commit into from
Jun 11, 2018

Conversation

gambol99
Copy link
Contributor

@gambol99 gambol99 commented Jun 2, 2018

Since v1.10.0 the --admission-control is being deprecated in favour or --enable-admission-plugin, we should enforce the behaviour in the validation code

I did a fix for this a moment ago, but yes, enforcement is a better option than trying to support both

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jun 2, 2018
@gambol99
Copy link
Contributor Author

gambol99 commented Jun 2, 2018

@justinsb ... you were right .. blocking it off completely is a better option as i just hit a PR where I had to support both :-|

@gambol99
Copy link
Contributor Author

gambol99 commented Jun 2, 2018

/assign @justinsb

@justinsb
Copy link
Member

justinsb commented Jun 3, 2018

So I think having both AdmissionControl and EnableAdmissionPlugins should be an error.

But it makes for difficult upgrades & rollbacks if we don't have a warning phase in between. So we can't have EnableAdmissionPlugins for 1.9, but with this PR we would require it for 1.10. So to upgrade to 1.10 we would force the user to edit their config, but then also they'd have to edit it back to downgrade if something went wrong with the update.

So we could do this PR, but only once we expect users have upgraded past the version which doesn't support EnableAdmissionPlugins. (That's why we have the 1 year deprecation policies on flags)

You said you hit an issue in another PR with supporting both - what was that?

@justinsb justinsb added this to the 1.10 milestone Jun 3, 2018
@KashifSaadat
Copy link
Contributor

Looks good :) Also following off Justin's comment, probably also best to include DisableAdmissionPlugins in that check also?

@gambol99 gambol99 force-pushed the verify_admissions branch 2 times, most recently from 00ee348 to 1b06386 Compare June 4, 2018 12:08
@gambol99
Copy link
Contributor Author

gambol99 commented Jun 4, 2018

So I think having both AdmissionControl and EnableAdmissionPlugins should be an error.
But it makes for difficult upgrades & rollbacks if we don't have a warning phase in between. So we can't have EnableAdmissionPlugins for 1.9, but with this PR we would require it for 1.10. So to upgrade to 1.10 we would force the user to edit their config, but then also they'd have to edit it back to downgrade if something went wrong with the update.

Yep .. good points! ... So i've changed the validation so that 'in the cluster spec' if both options are set it will fall. As for other condition where by the AdmissionControl is used but the model fills in the EnableAdmissionPlugin, will stay with the #5248 fix for now ..

@gambol99
Admission Controller Validation
1909210 
Since v1.10.0 the --admission-control is being deprecated in favour or --enable-admission-plugin, we should enforce the behaviour in the validation code

I did a fix for this a [moment ago](kubernetes#5248), but yes, enforcement is a better option than trying to support both
@gambol99 gambol99 force-pushed the verify_admissions branch from 1b06386 to 1909210 Compare June 5, 2018 09:39
@gambol99
Copy link
Contributor Author

gambol99 commented Jun 6, 2018

is this cool @justinsb?

@justinsb
Copy link
Member

/approve
/lgtm

Thanks @gambol99

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 11, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gambol99, justinsb

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 8a47058 into kubernetes:master Jun 11, 2018
@gambol99 gambol99 deleted the verify_admissions branch February 22, 2019 09:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@justinsb justinsb

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. blocks-next cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
1.10
Development

Successfully merging this pull request may close these issues.
5 participants
@gambol99 @justinsb @KashifSaadat @k8s-ci-robot @chrislovecnm