mirror of https://github.com/k3s-io/k3s
983a47d876
Automatic merge from submit-queue (batch tested with PRs 39807, 37505, 39844, 39525, 39109) Admission control support for versioned configuration files **What this PR does / why we need it**: Today, the `--admission-control-config-file=` argument takes an opaque file that is shared across all admission controllers to provide configuration. This file is not well-versioned and it's shared across multiple plug-ins. Some plugins take file based configuration (`ImagePolicyWebhook`) and others abuse flags to provide configuration because we lacked a good example (`InitialResources`). This PR defines a versioned configuration format that we can use moving forward to provide configuration input to admission controllers that is well-versioned, and does not require the addition of new flags. The sample configuration file would look as follows: ``` apiVersion: componentconfig/v1alpha1 kind: AdmissionConfiguration plugins: - name: "ImagePolicyWebhook" path: "image-policy-webhook.json" ``` The general behavior is each plugin that requires additional configuration is enumerated by name. An alternate file location is provided for its specific configuration, or the configuration can be embedded as a raw extension via the configuration section. **Special notes for your reviewer**: A follow-on PR will be needed to make `ImagePolicyWebhook` to use versioned configuration. This PR maintains backwards compatibility by ignoring configuration it cannot understand and therefore treating the file as opaque. I plan to make use of this PR to complete https://github.com/kubernetes/kubernetes/pull/36765 which attempts to allow more configuration parameters to the `ResourceQuota` admission plugin. |
||
|---|---|---|
| .. | ||
| cmd/kube-scheduler | ||
| pkg | ||
| BUILD | ||
| OWNERS | ||