HNC: Implement validation webhook for HierarchicalNamespace (HNS) #458

yiqigao217 · 2020-02-26T17:57:44Z

This is part of #457

The HNS webhook should deny the requests to:

The namespace (core type) webhook should deny the request to:

Delete an owned namespace. It will say "please delete the hns instance in the owner instead".
Delete an owner namespace if it doesn't allow cascading deletion and has owned ns.

The deletion/updating of an hc instance will not be implemented using webhook, but just RBAC rules. See #596

jiachengxu · 2020-04-03T06:12:29Z

Hi @yiqigao217 @adrianludwin I am interested in this issue, and I have experience with webhook, can I try to work on this?

yiqigao217 · 2020-04-03T13:22:09Z

Hi @jiachengxu , sorry that I almost finished this one and will send out a PR shortly.

yiqigao217 mentioned this issue Mar 2, 2020

HNC: Add allowCascadingDelete to HC spec and toggle it with kubectl #480

Closed

adrianludwin added this to the hnc-v0.3 milestone Mar 24, 2020

yiqigao217 mentioned this issue Mar 26, 2020

HNC: kubectl hns create should fail if the namespace already exists #309

Closed

yiqigao217 mentioned this issue Apr 3, 2020

Implement hns validation webhook #602

Merged

k8s-ci-robot closed this as completed in #602 Apr 6, 2020

Provide feedback