mirror of https://github.com/k3s-io/k3s
07f85565a2
Automatic merge from submit-queue Add initializer support to admission and uninitialized filtering to rest storage Initializers are the opposite of finalizers - they allow API clients to react to object creation and populate fields prior to other clients seeing them. High level description: 1. Add `metadata.initializers` field to all objects 2. By default, filter objects with > 0 initializers from LIST and WATCH to preserve legacy client behavior (known as partially-initialized objects) 3. Add an admission controller that populates .initializer values per type, and denies mutation of initializers except by certain privilege levels (you must have the `initialize` verb on a resource) 4. Allow partially-initialized objects to be viewed via LIST and WATCH for initializer types 5. When creating objects, the object is "held" by the server until the initializers list is empty 6. Allow some creators to bypass initialization (set initializers to `[]`), or to have the result returned immediately when the object is created. The code here should be backwards compatible for all clients because they do not see partially initialized objects unless they GET the resource directly. The watch cache makes checking for partially initialized objects cheap. Some reflectors may need to change to ask for partially-initialized objects. ```release-note Kubernetes resources, when the `Initializers` admission controller is enabled, can be initialized (defaulting or other additive functions) by other agents in the system prior to those resources being visible to other clients. An initialized resource is not visible to clients unless they request (for get, list, or watch) to see uninitialized resources with the `?includeUninitialized=true` query parameter. Once the initializers have completed the resource is then visible. Clients must have the the ability to perform the `initialize` action on a resource in order to modify it prior to initialization being completed. ``` |
||
|---|---|---|
| .. | ||
| boilerplate | ||
| cmd/teststale | ||
| e2e-internal | ||
| gen-swagger-doc | ||
| jenkins | ||
| lib | ||
| make-rules | ||
| testdata | ||
| verify-flags | ||
| .linted_packages | ||
| BUILD | ||
| OWNERS | ||
| autogenerated_placeholder.txt | ||
| benchmark-go.sh | ||
| build-cross.sh | ||
| build-go.sh | ||
| build-ui.sh | ||
| cherry_pick_pull.sh | ||
| dev-build-and-push.sh | ||
| dev-build-and-up.sh | ||
| dev-push-hyperkube.sh | ||
| e2e-node-test.sh | ||
| e2e.go | ||
| e2e_test.go | ||
| federated-ginkgo-e2e.sh | ||
| generate-bindata.sh | ||
| generate-docs.sh | ||
| get-build.sh | ||
| ginkgo-e2e.sh | ||
| godep-restore.sh | ||
| godep-save.sh | ||
| grab-profiles.sh | ||
| install-etcd.sh | ||
| list-feature-tests.sh | ||
| local-up-cluster.sh | ||
| lookup_pull.py | ||
| print-workspace-status.sh | ||
| run-in-gopath.sh | ||
| test-cmd.sh | ||
| test-go.sh | ||
| test-integration.sh | ||
| test-update-storage-objects.sh | ||
| update-all.sh | ||
| update-api-reference-docs.sh | ||
| update-bazel.sh | ||
| update-codecgen.sh | ||
| update-codegen.sh | ||
| update-federation-api-reference-docs.sh | ||
| update-federation-generated-swagger-docs.sh | ||
| update-federation-openapi-spec.sh | ||
| update-federation-swagger-spec.sh | ||
| update-generated-docs.sh | ||
| update-generated-protobuf-dockerized.sh | ||
| update-generated-protobuf.sh | ||
| update-generated-runtime-dockerized.sh | ||
| update-generated-runtime.sh | ||
| update-generated-swagger-docs.sh | ||
| update-godep-licenses.sh | ||
| update-gofmt.sh | ||
| update-openapi-spec.sh | ||
| update-staging-client-go.sh | ||
| update-staging-godeps.sh | ||
| update-swagger-spec.sh | ||
| update-translations.sh | ||
| update_owners.py | ||
| verify-all.sh | ||
| verify-api-groups.sh | ||
| verify-api-reference-docs.sh | ||
| verify-bazel.sh | ||
| verify-boilerplate.sh | ||
| verify-cli-conventions.sh | ||
| verify-codecgen.sh | ||
| verify-codegen.sh | ||
| verify-description.sh | ||
| verify-federation-api-reference-docs.sh | ||
| verify-federation-generated-swagger-docs.sh | ||
| verify-federation-openapi-spec.sh | ||
| verify-federation-swagger-spec.sh | ||
| verify-flags-underscore.py | ||
| verify-generated-docs.sh | ||
| verify-generated-protobuf.sh | ||
| verify-generated-runtime.sh | ||
| verify-generated-swagger-docs.sh | ||
| verify-godep-licenses.sh | ||
| verify-godeps.sh | ||
| verify-gofmt.sh | ||
| verify-golint.sh | ||
| verify-govet.sh | ||
| verify-import-boss.sh | ||
| verify-linkcheck.sh | ||
| verify-no-vendor-cycles.sh | ||
| verify-openapi-spec.sh | ||
| verify-pkg-names.sh | ||
| verify-readonly-packages.sh | ||
| verify-staging-client-go.sh | ||
| verify-staging-godeps.sh | ||
| verify-staging-imports.sh | ||
| verify-swagger-spec.sh | ||
| verify-symbols.sh | ||
| verify-test-images.sh | ||
| verify-test-owners.sh | ||