![]() ![]() If your webhook does not have the latest version of the client-go package, or whatever package that contains the types for the resource you're manipulating, all fields not known in that version will be deleted.įor example, if your webhook mutate Service resources, a user could set the field. There's also one other downside to the above example. You can find a detailed description of that problem and its resolution in this GitHub issue. Mutating the original pod object or a copy is up to you, as long as you use the raw bytes of the AdmissionReview object to generate the patch. req is a k8s.io/api/admission/v1.AdmissionRequest object jsondiff. Comparing between the unmarshaled and copied versions can generate add and change patches below a path not in the original JSON, and the API server will reject your patch.Ī realistic usage would be similar to the following snippet: These will exist when you unmarshal from JSON, because of how Go structs work, but are not in the original JSON. Optional fields being ones that are a struct type, but are not pointers to those structs. Below is a quote of the original comment: As pointed out by user /u/terinjokes on Reddit, due to the nature of Go structs, the "hydrated" corev1.Pod object may contain "optional fields", resulting in a patch that state added/changed values that the Kubernetes API server doesn't know about. Note that the above example is used for simplicity, but in a real-world admission controller, you should create the diff from the raw bytes of the field. The JSON patch can then be used in the response payload of you Kubernetes webhook. "path": "/spec/volumes/0/emptyDir/medium "
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |