When doing kubectl apply on a manifest, --dry-run=server flag will perform a server-side dry run. There’s also a client-side dry run that doesn’t invoke admission webhooks etc, just basically validates the YAML on the client without talking to the API server.
We can tell Kubernetes that our admission webhook is “dry-run-aware” and it’s safe to call it during a dry run by adding sideEffects: None.
https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects
hihilla
commented
4 years ago
When doing
kubectl applyon a manifest,--dry-run=serverflag will perform a server-side dry run. There’s also a client-side dry run that doesn’t invoke admission webhooks etc, just basically validates the YAML on the client without talking to the API server. We can tell Kubernetes that our admission webhook is “dry-run-aware” and it’s safe to call it during a dry run by addingsideEffects: None. https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#side-effects