Open sharnoff opened 2 weeks ago
Does kubectl apply --validate=false
do something different? From the man:
--validate='strict':
Must be one of: strict (or true), warn, ignore (or false). "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not. "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise. "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields
I think it would be much more convenient to have a bypass method always-on.
I didn't know about kubectl apply --validate=false
, but the main benefit I was thinking of here was allowing neonvm-controller to make changes without validation. Specifically because:
Sometimes when trialing things on staging, we end up with objects in a bad state that can't be deleted because update validation fails when removing the finalizer (e.g., due to destructive CRD changes).
Could you elaborate on what you mean by
I think it would be much more convenient to have a bypass method always-on.
?
Copying the second commit's message:
This PR comes in two parts:
--skip-update-validation-for
flag to neonvm-controller, and using our newfound control over webhooks to skip the update webhook for objects named with the flag.Probably worth merging via rebase-and-merge.