refer: #1788
After Kubernetes 1.19, the webhook could respond with "warning"s, refer: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#response
Warnings for validation webhook would bring much help for users with interacting with API.
Currently, users of controller-runtime could implement their "customized" admission.Handler to respond with "warnings". But it's might be not easy to use. Also as mentioned in #1788, using util to wrap warning messages might be helpful. IMHO, controller-runtime should support warning "natively" with Validator and CustomValidator.
I am interested in this feature/enhancement, so maybe there are possible designs and steps to build this feature:
- extend
Allowed(), Denied(), ValidationResponse(), make them support warning []string
- bring an interface to extend error, called
ErrorWithWarnings like:
type ErrorWithWarnings interface {
error
Warnings() []string
}
- it means it user want to respond with warning, it should return this interface with
ValidateXXX()
- make type assertion when resolving the error from
Validator/CustomValidator, fill Warnings in v1.AdmissionResponse
Some changes might break the existing API, I think it's OK to controller-runtime. If not, I could still try to only introduce new API without breaking the exist one.
refer: #1788
After Kubernetes 1.19, the webhook could respond with "warning"s, refer: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#response
Warnings for validation webhook would bring much help for users with interacting with API.
Currently, users of controller-runtime could implement their "customized"
admission.Handlerto respond with "warnings". But it's might be not easy to use. Also as mentioned in #1788, using util to wrap warning messages might be helpful. IMHO, controller-runtime should support warning "natively" withValidatorandCustomValidator.I am interested in this feature/enhancement, so maybe there are possible designs and steps to build this feature:
Allowed(),Denied(),ValidationResponse(), make them supportwarning []stringErrorWithWarningslike:ValidateXXX()Validator/CustomValidator, fillWarningsinv1.AdmissionResponseSome changes might break the existing API, I think it's OK to controller-runtime. If not, I could still try to only introduce new API without breaking the exist one.