terraform-provider-kubernetes icon indicating copy to clipboard operation
terraform-provider-kubernetes copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

add `ValidatingAdmissionPolicy` resource from k8s `v1.28.0`

Open BBBmau opened this issue 1 year ago • 7 comments

Description

https://kubernetes.io/blog/2023/08/15/kubernetes-v1-28-release/#validatingadmissionpolicies-graduate-to-beta https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/

with ValidatingAdmissionPolicy being moved to the beta state in v1.28.0 we should consider whether this resource should be a high priority or wait until it has reached the stable state.

YAML configuration

apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy.example.com"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
    - apiGroups:   ["apps"]
      apiVersions: ["v1"]
      operations:  ["CREATE", "UPDATE"]
      resources:   ["deployments"]
  validations:
    - expression: "object.spec.replicas <= 5"

References

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

BBBmau avatar Aug 30 '23 16:08 BBBmau

Referencing https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#validatingadmissionpolicy-v1beta1-admissionregistration-k8s-io

Since this would be the schema for the ValidatingAdmissionPolicy resource

BBBmau avatar Jan 10 '24 20:01 BBBmau

The provider typically does not implement resources where there is a feature gate that defaults to false. This is because cloud provisioned clusters generally do not have the option to set feature gates to true. Unfortunately the feature gate ValidatingAdmissionPolicy defaults to false as of v1.28, see docs.

appilon avatar Jan 17 '24 17:01 appilon

@appilon according to the doc that you've sharedValidatingAdmissionPolicy defaults to true nowadays (starting from k8s 1.30 is in GA)

skraga avatar Jul 05 '24 14:07 skraga

@appilon according to the doc that you've sharedValidatingAdmissionPolicy defaults to true nowadays (starting from k8s 1.30 is in GA)

Thanks for the update! Marking this as good first issue / help wanted @skraga you're welcome to open a PR if interested. Refer to CONTRIBUTING.md

BBBmau avatar Jul 05 '24 15:07 BBBmau

interested in this one @aayushsss1? @JaylonmcShan03 can review once the PR is open.

BBBmau avatar Aug 12 '24 22:08 BBBmau

Hey @BBBmau thanks, I can take this up!

aayushsss1 avatar Aug 13 '24 04:08 aayushsss1