add `ValidatingAdmissionPolicy` resource from k8s `v1.28.0`

BBBmau commented 1 year ago

Description

https://kubernetes.io/blog/2023/08/15/kubernetes-v1-28-release/#validatingadmissionpolicies-graduate-to-beta https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/

with ValidatingAdmissionPolicy being moved to the beta state in v1.28.0 we should consider whether this resource should be a high priority or wait until it has reached the stable state.

YAML configuration

apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy.example.com"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
    - apiGroups:   ["apps"]
      apiVersions: ["v1"]
      operations:  ["CREATE", "UPDATE"]
      resources:   ["deployments"]
  validations:
    - expression: "object.spec.replicas <= 5"

References

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

BBBmau commented 9 months ago

Referencing https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#validatingadmissionpolicy-v1beta1-admissionregistration-k8s-io

Since this would be the schema for the ValidatingAdmissionPolicy resource

appilon commented 9 months ago

The provider typically does not implement resources where there is a feature gate that defaults to false. This is because cloud provisioned clusters generally do not have the option to set feature gates to true. Unfortunately the feature gate ValidatingAdmissionPolicy defaults to false as of v1.28, see docs.

skraga commented 4 months ago

@appilon according to the doc that you've sharedValidatingAdmissionPolicy defaults to true nowadays (starting from k8s 1.30 is in GA)

BBBmau commented 4 months ago

@appilon according to the doc that you've sharedValidatingAdmissionPolicy defaults to true nowadays (starting from k8s 1.30 is in GA)

Thanks for the update! Marking this as good first issue / help wanted @skraga you're welcome to open a PR if interested. Refer to CONTRIBUTING.md

BBBmau commented 2 months ago

interested in this one @aayushsss1? @JaylonmcShan03 can review once the PR is open.

aayushsss1 commented 2 months ago

Hey @BBBmau thanks, I can take this up!

BBBmau commented 1 month ago

marked as blocked and moved to v3.0.0 since this requires a k8s version bump which will be addressed in the next major version release of the provider.

hashicorp / terraform-provider-kubernetes