From d5f8058bd1821b7ed9f909e1d30faccde3413a1b Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Fri, 20 Aug 2021 21:16:46 +0000
Subject: [PATCH 01/16] First draft - server-side unknown field validation

---
 .../README.md                                 | 887 ++++++++++++++++++
 .../kep.yaml                                  |  48 +
 2 files changed, 935 insertions(+)
 create mode 100644 keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
 create mode 100644 keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
new file mode 100644
index 00000000000..4193f2eaf53
--- /dev/null
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -0,0 +1,887 @@
+<!--
+**Note:** When your KEP is complete, all of these comment blocks should be removed.
+
+To get started with this template:
+
+- [ ] **Pick a hosting SIG.**
+  Make sure that the problem space is something the SIG is interested in taking
+  up. KEPs should not be checked in without a sponsoring SIG.
+- [ ] **Create an issue in kubernetes/enhancements**
+  When filing an enhancement tracking issue, please make sure to complete all
+  fields in that template. One of the fields asks for a link to the KEP. You
+  can leave that blank until this KEP is filed, and then go back to the
+  enhancement and add the link.
+- [ ] **Make a copy of this template directory.**
+  Copy this template into the owning SIG's directory and name it
+  `NNNN-short-descriptive-title`, where `NNNN` is the issue number (with no
+  leading-zero padding) assigned to your enhancement above.
+- [ ] **Fill out as much of the kep.yaml file as you can.**
+  At minimum, you should fill in the "Title", "Authors", "Owning-sig",
+  "Status", and date-related fields.
+- [ ] **Fill out this file as best you can.**
+  At minimum, you should fill in the "Summary" and "Motivation" sections.
+  These should be easy if you've preflighted the idea of the KEP with the
+  appropriate SIG(s).
+- [ ] **Create a PR for this KEP.**
+  Assign it to people in the SIG who are sponsoring this process.
+- [ ] **Merge early and iterate.**
+  Avoid getting hung up on specific details and instead aim to get the goals of
+  the KEP clarified and merged quickly. The best way to do this is to just
+  start with the high-level sections and fill out details incrementally in
+  subsequent PRs.
+
+Just because a KEP is merged does not mean it is complete or approved. Any KEP
+marked as `provisional` is a working document and subject to change. You can
+denote sections that are under active debate as follows:
+
+```
+<<[UNRESOLVED optional short context or usernames ]>>
+Stuff that is being argued.
+<<[/UNRESOLVED]>>
+```
+
+When editing KEPS, aim for tightly-scoped, single-topic PRs to keep discussions
+focused. If you disagree with what is already in a document, open a new PR
+with suggested changes.
+
+One KEP corresponds to one "feature" or "enhancement" for its whole lifecycle.
+You do not need a new KEP to move from beta to GA, for example. If
+new details emerge that belong in the KEP, edit the KEP. Once a feature has become
+"implemented", major changes should get new KEPs.
+
+The canonical place for the latest set of instructions (and the likely source
+of this file) is [here](/keps/NNNN-kep-template/README.md).
+
+**Note:** Any PRs to move a KEP to `implementable`, or significant changes once
+it is marked `implementable`, must be approved by each of the KEP approvers.
+If none of those approvers are still appropriate, then changes to that list
+should be approved by the remaining approvers and/or the owning SIG (or
+SIG Architecture for cross-cutting KEPs).
+-->
+# KEP-2885: Server Side Unknown Field Validation
+
+<!--
+This is the title of your KEP. Keep it short, simple, and descriptive. A good
+title can help communicate what the KEP is and should be considered as part of
+any review.
+-->
+
+<!--
+A table of contents is helpful for quickly jumping to sections of a KEP and for
+highlighting any additional information provided beyond the standard KEP
+template.
+
+Ensure the TOC is wrapped with
+  <code>&lt;!-- toc --&rt;&lt;!-- /toc --&rt;</code>
+tags, and then generate with `hack/update-toc.sh`.
+-->
+
+<!-- toc -->
+- [Release Signoff Checklist](#release-signoff-checklist)
+- [Summary](#summary)
+- [Motivation](#motivation)
+  - [Goals](#goals)
+  - [Non-Goals](#non-goals)
+- [Proposal](#proposal)
+  - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
+  - [Risks and Mitigations](#risks-and-mitigations)
+- [Design Details](#design-details)
+  - [Test Plan](#test-plan)
+- [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
+  - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Scalability](#scalability)
+- [Implementation History](#implementation-history)
+- [Alternatives](#alternatives)
+- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
+<!-- /toc -->
+
+## Release Signoff Checklist
+
+<!--
+**ACTION REQUIRED:** In order to merge code into a release, there must be an
+issue in [kubernetes/enhancements] referencing this KEP and targeting a release
+milestone **before the [Enhancement Freeze](https://git.k8s.io/sig-release/releases)
+of the targeted release**.
+
+For enhancements that make changes to code or processes/procedures in core
+Kubernetes—i.e., [kubernetes/kubernetes], we require the following Release
+Signoff checklist to be completed.
+
+Check these off as they are completed for the Release Team to track. These
+checklist items _must_ be updated for the enhancement to be released.
+-->
+
+Items marked with (R) are required *prior to targeting to a milestone / release*.
+
+- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [ ] (R) KEP approvers have approved the KEP status as `implementable`
+- [ ] (R) Design details are appropriately documented
+- [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
+  - [ ] e2e Tests for all Beta API Operations (endpoints)
+  - [ ] (R) Ensure GA e2e tests for meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+  - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
+- [ ] (R) Graduation criteria is in place
+  - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+- [ ] (R) Production readiness review completed
+- [ ] (R) Production readiness review approved
+- [ ] "Implementation History" section is up-to-date for milestone
+- [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
+- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+
+<!--
+**Note:** This checklist is iterative and should be reviewed and updated every time this enhancement is being considered for a milestone.
+-->
+
+[kubernetes.io]: https://kubernetes.io/
+[kubernetes/enhancements]: https://git.k8s.io/enhancements
+[kubernetes/kubernetes]: https://git.k8s.io/kubernetes
+[kubernetes/website]: https://git.k8s.io/website
+
+## Summary
+
+<!--
+This section is incredibly important for producing high-quality, user-focused
+documentation such as release notes or a development roadmap. It should be
+possible to collect this information before implementation begins, in order to
+avoid requiring implementors to split their attention between writing release
+notes and implementing the feature itself. KEP editors and SIG Docs
+should help to ensure that the tone and content of the `Summary` section is
+useful for a wide audience.
+
+A good summary is probably at least a paragraph in length.
+
+Both in this section and below, follow the guidelines of the [documentation
+style guide]. In particular, wrap lines to a reasonable length, to make it
+easier for reviewers to cite specific portions, and to minimize diff churn on
+updates.
+
+[documentation style guide]: https://github.com/kubernetes/community/blob/master/contributors/guide/style-guide.md
+-->
+As a client sending a create, update, or patch request to the server, I want to
+be able to instruct the server to fail when the kubernetes object I send has
+fields that are not valid fields of the kubernetes resource.
+
+This will allow us to remove client-side validation from kubectl while
+maintaining the same core functionality of erroring out on requests that contain
+unknown or invalid fields.
+
+## Motivation
+
+<!--
+This section is for explicitly listing the motivation, goals, and non-goals of
+this KEP.  Describe why the change is important and the benefits to users. The
+motivation section can optionally provide links to [experience reports] to
+demonstrate the interest in a KEP within the wider Kubernetes community.
+
+[experience reports]: https://github.com/golang/go/wiki/ExperienceReports
+-->
+`kubectl –validate=true` is the current mechanism to indicate that a request
+should fail if it specifies unknown fields on the object.
+
+There are a few issues with this as highlighted by the [previous
+effort](https://docs.google.com/document/d/18nrtJ0gizVHnIhx5NIkGXvSaQ1wT2i6XVDUmmQqc7_4/edit#heading=h.q9616qdce0l9) to do
+server-side validation, primarily these issues include:
+* Bug Fixes are utilized slower because client-side upgrades are hard to get in
+people’s hands.
+* Each client needs to implement validation.
+
+This is the last remaining step for removing client-side validation according to
+[this
+comment](https://github.com/kubernetes/kubernetes/issues/39434#issuecomment-270486105)
+* Client-side validation is [very
+  painful](https://github.com/kubernetes/kubernetes/issues/39434#issuecomment-270443399)
+
+Additional problems have been highlighted in the relevant github issues:
+* https://github.com/kubernetes/kubernetes/issues/39434
+* https://github.com/kubernetes/kubernetes/issues/5889
+The community has been asking for this feature as recently as [August 8th,
+2021](https://github.com/kubernetes/kubernetes/issues/104090#issuecomment-895228540)
+
+### Goals
+
+<!--
+List the specific goals of the KEP. What is it trying to achieve? How will we
+know that this has succeeded?
+-->
+* Server should validate that no extra fields are present or invalid (e.g.
+misspelled), nor are any fields duplicated (for json and yaml data).
+* We must maintain compatibility with all existing clients, thus server side
+unknown field validation should be opt-in
+
+### Non-Goals
+
+<!--
+What is out of scope for this KEP? Listing non-goals helps to focus discussion
+and make progress.
+-->
+* Complete (business-logic) server-side validation of every aspect of an object
+(i.e. we’re only focused on mismatched fields between the object in the request
+body and its schema).
+* Protobuf support. Theoretically, unknown protobuf fields could occur if clients
+on version X send a request to the server of version less than X which does not recognize
+some of the fields (or a similar situation). We do not think it is worth
+supporting this use case initially and will error if clients attempt to validate
+schema server-side with protobuf data.
+
+
+## Proposal
+
+<!--
+This is where we get down to the specifics of what the proposal actually is.
+This should have enough detail that reviewers can understand exactly what
+you're proposing, but should not include things like API designs or
+implementation. What is the desired outcome and how do we measure success?.
+The "Design Details" section below is for the real
+nitty-gritty.
+-->
+We propose using an opt-in API mechanism (such as content-type header or query
+param) to indicate to the server that it should fail when the kubernetes object
+in the request body supplied to POST, PUT, and PATCH requests contains
+extra/unknown fields.
+
+Clients such as kubectl will continue to use the `--validate=true` flag as
+before, but instead of triggering validation on the client-side, it will
+instruct the server to validate for unknown fields server-side.
+
+This change will be made in at least two steps, one where we introduce the
+server side validation and a second where we modify kubectl to use the
+server-side validation (and mark the existing client-side validation as
+deprecated).
+
+### Notes/Constraints/Caveats (Optional)
+
+#### Future Work
+After server side unknown field validation is implemented we can begin work to
+deprecate and remove client side validate and have kubectl use server side
+validation instead. A separate KEP will be published for that.
+
+<!--
+What are the caveats to the proposal?
+What are some important details that didn't come across above?
+Go in to as much detail as necessary here.
+This might be a good place to talk about core concepts and how they relate.
+-->
+
+### Risks and Mitigations
+
+<!--
+What are the risks of this proposal, and how do we mitigate? Think broadly.
+For example, consider both security and how this will impact the larger
+Kubernetes ecosystem.
+
+How will security be reviewed, and by whom?
+
+How will UX be reviewed, and by whom?
+
+Consider including folks who also work outside the SIG or subproject.
+-->
+
+### Performance Considerations
+It is worth noting that checking for unknown fields whether via a json unmarshal
+that explicitly breaks if it encounters unknown fields (as in the case of
+create, update, or json patch) or extra logic around a merge step (as in
+strategic merge patch or apply) will be less performant than not doing so.
+[Initial
+benchmarks](https://github.com/kubernetes/kubernetes/pull/104433#issuecomment-901398507) estimate ~20% slower 25-30% more memory consumption.
+
+This is deemed acceptable and insignificant because the use case we are
+replacing is client side validation that happens from kubectl (i.e. via a human
+that should not be too impacted by a slight performance hit). Any existing
+automated clients that would be impacted by performance do not currently have a
+way of leveraging server side validation and thus will remain opted-out of this
+by default (or will be willing to tradeoff the performance if they do choose to
+opt-in to server side schema validation).
+
+
+## Design Details
+
+<!--
+This section should contain enough information that the specifics of your
+change are understandable. This may include API specs (though not always
+required) or even code snippets. If there's any ambiguity about HOW your
+proposal will be implemented, this is the place to discuss them.
+-->
+### Opt-in API Mechanism
+
+There are a few ways we could allow a client to opt-in to server-side unknown
+field validation, we present two options **Content-Type Header** and **query
+parameter**.
+
+#### Content-Type Header
+
+Requests that contain a kubernetes object, also pass along with it a
+content-type header such as “application/json”. One way to indicate to the
+server that it should use strict schema validation and fail when unknown fields
+are passed is to send a mime-type parameter indicating the strict validation
+such as “application/json;validation=strict”. Alternatively we could use a new
+header such as “X-Kubernetes-Validation:strict”.
+
+One could argue that this is the more appropriate way to parameterize opting-in
+to server side schema validation because on the server we are fundamentally
+treating the content as a different type (“application/json” is json data that
+we don’t care if it has extra fields, “application/json;validation=strict” is
+json data that is sensitive to extra fields).
+
+A precedent for using a mime-type parameter is from how we [receive resources as
+tables](https://kubernetes.io/docs/reference/using-api/_print/#receiving-resources-as-tables).
+
+On the other hand, one could also argue that interpreting input strictly or not
+according to the target schema is independent of the content type and that this
+is an inappropriate way to parameterize validation opt-in.
+
+Another argument against this method is that for patch, strictness is handled
+when decoding the *result* of the patch, so it wouldn’t make sense to use
+Content-Type which is providing information about the inbound request body.
+
+#### Query Parameter
+
+Alternatively, if we don’t like the idea of using Content-Type header to
+determine whether the apiserver should accept or fail on unknown fields, we
+could pass a query param such as “?validate=true”.
+
+This might make it more obvious to consumers of the API that strict schema
+validation is a choice of the client. On the other hand, query parameters are
+more typically used for filtering/sorting data returned from the API server.
+
+Precedent for using query parameters is that we already have CreateOptions,
+PatchOptions, UpdateOptions for write requests that are communicated via query
+parameters.
+
+We believe that using a query parameter is the best approach.
+
+### Create (POST) and Update (PUT)
+
+Implementation of this validation for Patch requests differ significantly and
+are discussed in the Patch section below.
+
+At a high level, for create and update requests we have the opportunity to
+validate the object when we unmarshal the object from wire format into the go
+type.
+
+This happens in the [serializer
+implementation](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/runtime/serializer/json/json.go#L264-L291), where depending on if a “strict”
+option is set (or not), the unmarshalling step will error (or not) if
+extra/malformatted fields exist on the data being unmarshalled.
+
+This in turn, gets used by
+[create](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/create.go#L95-L120) and [update](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/update.go#L106-L107)  handlers when they attempt to
+decode the request body.
+
+One major advantage of the “Content-Type” header approach is that it requires
+little to no change existing code in the request handlers.
+
+When the API server is started and we create the [negotiated
+serializer](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go#L616), we
+create a [separate serializer](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/runtime/serializer/codec_factory.go#L167) for each content type/media type. To support strict
+validation all we would need to do is add [another
+serializer](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/runtime/serializer/codec_factory.go#L51-L106) to the
+NegotiatedSerializer for strict validation that is identical to the serializer
+of “application/json” but has the “strict” option set (as well as ones for
+yaml).
+
+The request handler will then proceed unchanged, and the [Decode
+step](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/create.go#L120) will fail
+if it encounters fields in the request body that are not part of the schema.
+
+### Patch (PATCH)
+
+Unlike create and update requests, patch requests are more complicated because
+they do not ever unmarshal/decode the request body into a kubernetes object.
+Instead patching involves, serializing the existing object to json, then using a
+jsonpatch or mergepatch library to combine the patch sent from the client with
+the existing object, and finally deserializing the combined object into the
+kubernetes object.
+
+During the jsonpatch or mergepatch step we don’t currently check if the patch
+sent by the client has any erroneous fields. Now we need to.
+
+This all happens in the
+[patchMechanism](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go#L293-L296) used by the patch handler.
+
+There are three types of patchers used by the patch handler: jsonPatcher,
+smpPatcher, and applyPatcher that are each discussed individually.
+
+#### JSON Patch
+
+JSON patching is most commonly called when client-side apply looks to patch an
+existing custom resource.
+
+For the jsonPatch implementation of
+[applyPatchToCurrentObject](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go#L304), This is similar
+to create and update where after using the jsonpatch library to generate the
+[patchedObjJS](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go#L312) we then call [DecodeInto](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go#L319). 
+
+Based on the presence of the validate query param, we should be able to use a
+codec that is or is not doing strict decoding that will fail, in the strict
+case, when invalid fields are present on the patched json blob.
+
+Currently, like create and update, the handler generates the [serializer from the
+scope](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go#L136-L146) and the codec from the serializer. We just need to ensure that it
+conditionally uses a StrictSerializer based on the presence of the validate
+query param.
+
+#### Strategic Merge Patch
+
+Strategic merge patching is most commonly called when client-side apply attempts
+to patch an existing object of a builtin type.
+
+For the strategic merge patch (SMP) implementation, it calls into the
+apimachinery strategicpatch library to update the fields of the original object
+with the data from the patch. This goes through a few layers but it eventually
+boils down to this
+[mergeMap](https://github.com/kubernetes/kubernetes/blob/dadecb2c8932fd28de9dfb94edbc7bdac7d0d28f/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go#L1280) call that does the actual merge of the patch into
+the original.
+
+mergeMap takes a mergeOptions argument that we can update to have some
+configuration for strict validation. Within mergeMap, we can add a branch of
+code to fail with an error if mergeOptions specify strict validation and we
+encounter fields on the patch that do not exist on the original.
+
+#### Apply Patch
+
+Apply Patching is called whenever we send a server side apply request to the
+server.
+
+For apply patch, server side schema validation already occurs and is not
+optional, no new behavior is needed here. The exception to this is that one can
+create an arbitrary schema that is still a valid structural schema  (see [docs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema) on
+structural schema). If one manages to do this and permits unknown fields, then
+server-side schema validation will not be responsible for invalidating these.
+
+For further context, the applyPatch path of the patch handler calls into the
+fieldmanager’s [Apply](https://github.com/kubernetes/kubernetes/blob/9ff3b7e744b34c099c1405d9add192adbef0b6b1/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/patch.go#L441) method in order to generate the newly patched object that
+will be stored to etcd
+
+This in turn, calls
+[apply](https://github.com/kubernetes/kubernetes/blob/9ff3b7e744b34c099c1405d9add192adbef0b6b1/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go#L106) on it’s own internal fieldmanager (which is what
+actually implements the joining of the live object to the patch object to
+produce the new object). It attempts to [convert the patch object into a
+TypedValue](https://github.com/kubernetes/kubernetes/blob/9ff3b7e744b34c099c1405d9add192adbef0b6b1/staging/src/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go#L129). This checks the object against its schema and will error if the
+object has any unknown or duplicate fields.
+
+
+### Test Plan
+
+<!--
+**Note:** *Not required until targeted at a release.*
+
+Consider the following in developing a test plan for this enhancement:
+- Will there be e2e and integration tests, in addition to unit tests?
+- How will it be tested in isolation vs with other components?
+
+No need to outline all of the test cases, just the general strategy. Anything
+that would count as tricky in the implementation, and anything particularly
+challenging to test, should be called out.
+
+All code is expected to have adequate tests (eventually with coverage
+expectations). Please adhere to the [Kubernetes testing guidelines][testing-guidelines]
+when drafting this test plan.
+
+[testing-guidelines]: https://git.k8s.io/community/contributors/devel/sig-testing/testing.md
+-->
+We can unit test and benchmark the performance of each endpoint in
+[apiserver/pkg/endpoints/apiserver_test.go](https://github.com/kubernetes/kubernetes/blob/dadecb2c8932fd28de9dfb94edbc7bdac7d0d28f/staging/src/k8s.io/apiserver/pkg/endpoints/apiserver_test.go). We will need to test that requests
+fail with invalid fields for all types of fields (embedding, free-form fields,
+etc).
+
+We will also have additional testing for changes to the strategic merge patch
+logic in
+[apimachinery/pkg/util/strategicpatch/patch_test.go](https://github.com/kubernetes/kubernetes/blob/dadecb2c8932fd28de9dfb94edbc7bdac7d0d28f/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch/patch_test.go)
+
+<!--
+### Graduation Criteria
+
+**Note:** *Not required until targeted at a release.*
+
+Define graduation milestones.
+
+These may be defined in terms of API maturity, or as something else. The KEP
+should keep this high-level with a focus on what signals will be looked at to
+determine graduation.
+
+Consider the following in developing the graduation criteria for this enhancement:
+- [Maturity levels (`alpha`, `beta`, `stable`)][maturity-levels]
+- [Deprecation policy][deprecation-policy]
+
+Clearly define what graduation means by either linking to the [API doc
+definition](https://kubernetes.io/docs/concepts/overview/kubernetes-api/#api-versioning)
+or by redefining what graduation means.
+
+In general we try to use the same stages (alpha, beta, GA), regardless of how the
+functionality is accessed.
+
+[maturity-levels]: https://git.k8s.io/community/contributors/devel/sig-architecture/api_changes.md#alpha-beta-and-stable-versions
+[deprecation-policy]: https://kubernetes.io/docs/reference/using-api/deprecation-policy/
+
+Below are some examples to consider, in addition to the aforementioned [maturity levels][maturity-levels].
+
+#### Alpha
+
+- Feature implemented behind a feature flag
+- Initial e2e tests completed and enabled
+
+#### Beta
+
+- Gather feedback from developers and surveys
+- Complete features A, B, C
+- Additional tests are in Testgrid and linked in KEP
+
+#### GA
+
+- N examples of real-world usage
+- N installs
+- More rigorous forms of testing—e.g., downgrade tests and scalability tests
+- Allowing time for feedback
+
+**Note:** Generally we also wait at least two releases between beta and
+GA/stable, because there's no opportunity for user feedback, or even bug reports,
+in back-to-back releases.
+
+**For non-optional features moving to GA, the graduation criteria must include
+[conformance tests].**
+
+[conformance tests]: https://git.k8s.io/community/contributors/devel/sig-architecture/conformance-tests.md
+
+#### Deprecation
+
+- Announce deprecation and support policy of the existing flag
+- Two versions passed since introducing the functionality that deprecates the flag (to address version skew)
+- Address feedback on usage/changed behavior, provided on GitHub issues
+- Deprecate the flag
+
+### Upgrade / Downgrade Strategy
+
+If applicable, how will the component be upgraded and downgraded? Make sure
+this is in the test plan.
+
+Consider the following in developing an upgrade/downgrade strategy for this
+enhancement:
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  cluster required to make on upgrade, in order to maintain previous behavior?
+- What changes (in invocations, configurations, API use, etc.) is an existing
+  cluster required to make on upgrade, in order to make use of the enhancement?
+
+### Version Skew Strategy
+
+If applicable, how will the component handle version skew with other
+components? What are the guarantees? Make sure this is in the test plan.
+
+Consider the following in developing a version skew strategy for this
+enhancement:
+- Does this enhancement involve coordinating behavior in the control plane and
+  in the kubelet? How does an n-2 kubelet without this feature available behave
+  when this feature is used?
+- Will any other components on the node change? For example, changes to CSI,
+  CRI or CNI may require updating that component before the kubelet.
+-->
+
+## Production Readiness Review Questionnaire
+
+<!--
+
+Production readiness reviews are intended to ensure that features merging into
+Kubernetes are observable, scalable and supportable; can be safely operated in
+production environments, and can be disabled or rolled back in the event they
+cause increased failures in production. See more in the PRR KEP at
+https://git.k8s.io/enhancements/keps/sig-architecture/1194-prod-readiness.
+
+The production readiness review questionnaire must be completed and approved
+for the KEP to move to `implementable` status and be included in the release.
+
+In some cases, the questions below should also have answers in `kep.yaml`. This
+is to enable automation to verify the presence of the review, and to reduce review
+burden and latency.
+
+The KEP must have a approver from the
+[`prod-readiness-approvers`](http://git.k8s.io/enhancements/OWNERS_ALIASES)
+team. Please reach out on the
+[#prod-readiness](https://kubernetes.slack.com/archives/CPNHUMN74) channel if
+you need any help or guidance.
+-->
+
+### Feature Enablement and Rollback
+
+<!--
+This section must be completed when targeting alpha to a release.
+-->
+
+###### How can this feature be enabled / disabled in a live cluster?
+
+<!--
+Pick one of these and delete the rest.
+-->
+
+- [x] Feature gate (also fill in values in `kep.yaml`)
+  - Feature gate name: UnknownFieldValidation
+  - Components depending on the feature gate: kube-apiserver
+- [x] Other
+  - Describe the mechanism: query parameter
+  - Will enabling / disabling the feature require downtime of the control
+    plane? NO
+  - Will enabling / disabling the feature require downtime or reprovisioning
+    of a node? (Do not assume `Dynamic Kubelet Config` feature is enabled). NO
+
+<!--
+###### Does enabling the feature change any default behavior?
+
+Any change of default behavior may be surprising to users or break existing
+automations, so be extremely careful here.
+
+###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
+
+Describe the consequences on existing workloads (e.g., if this is a runtime
+feature, can it break the existing applications?).
+
+NOTE: Also set `disable-supported` to `true` or `false` in `kep.yaml`.
+
+###### What happens if we reenable the feature if it was previously rolled back?
+
+###### Are there any tests for feature enablement/disablement?
+
+The e2e framework does not currently support enabling or disabling feature
+gates. However, unit tests in each component dealing with managing data, created
+with and without the feature, are necessary. At the very least, think about
+conversion tests if API types are being modified.
+
+### Rollout, Upgrade and Rollback Planning
+
+This section must be completed when targeting beta to a release.
+
+###### How can a rollout or rollback fail? Can it impact already running workloads?
+
+Try to be as paranoid as possible - e.g., what if some components will restart
+mid-rollout?
+
+Be sure to consider highly-available clusters, where, for example,
+feature flags will be enabled on some API servers and not others during the
+rollout. Similarly, consider large clusters and how enablement/disablement
+will rollout across nodes.
+
+###### What specific metrics should inform a rollback?
+
+What signals should users be paying attention to when the feature is young
+that might indicate a serious problem?
+
+###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
+
+Describe manual testing that was done and the outcomes.
+Longer term, we may want to require automated upgrade/rollback tests, but we
+are missing a bunch of machinery and tooling and can't do that now.
+
+###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
+
+Even if applying deprecation policies, they may still surprise some users.
+
+### Monitoring Requirements
+
+This section must be completed when targeting beta to a release.
+
+###### How can an operator determine if the feature is in use by workloads?
+
+Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
+checking if there are objects with field X set) may be a last resort. Avoid
+logs or events for this purpose.
+
+###### How can someone using this feature know that it is working for their instance?
+
+For instance, if this is a pod-related feature, it should be possible to determine if the feature is functioning properly
+for each individual pod.
+Pick one more of these and delete the rest.
+Please describe all items visible to end users below with sufficient detail so that they can verify correct enablement
+and operation of this feature.
+Recall that end users cannot usually observe component logs or access metrics.
+
+- [ ] Events
+  - Event Reason: 
+- [ ] API .status
+  - Condition name: 
+  - Other field: 
+- [ ] Other (treat as last resort)
+  - Details:
+
+###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
+
+This is your opportunity to define what "normal" quality of service looks like
+for a feature.
+
+It's impossible to provide comprehensive guidance, but at the very
+high level (needs more precise definitions) those may be things like:
+  - per-day percentage of API calls finishing with 5XX errors <= 1%
+  - 99% percentile over day of absolute value from (job creation time minus expected
+    job creation time) for cron job <= 10%
+  - 99.9% of /health requests per day finish with 200 code
+
+These goals will help you determine what you need to measure (SLIs) in the next
+question.
+
+###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
+
+Pick one more of these and delete the rest.
+
+- [ ] Metrics
+  - Metric name:
+  - [Optional] Aggregation method:
+  - Components exposing the metric:
+- [ ] Other (treat as last resort)
+  - Details:
+
+###### Are there any missing metrics that would be useful to have to improve observability of this feature?
+
+Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
+implementation difficulties, etc.).
+
+### Dependencies
+
+This section must be completed when targeting beta to a release.
+
+###### Does this feature depend on any specific services running in the cluster?
+
+Think about both cluster-level services (e.g. metrics-server) as well
+as node-level agents (e.g. specific version of CRI). Focus on external or
+optional services that are needed. For example, if this feature depends on
+a cloud provider API, or upon an external software-defined storage or network
+control plane.
+
+For each of these, fill in the following—thinking about running existing user workloads
+and creating new ones, as well as about cluster-level services (e.g. DNS):
+  - [Dependency name]
+    - Usage description:
+      - Impact of its outage on the feature:
+      - Impact of its degraded performance or high-error rates on the feature:
+-->
+
+### Scalability
+
+<!--
+For alpha, this section is encouraged: reviewers should consider these questions
+and attempt to answer them.
+
+For beta, this section is required: reviewers must answer these questions.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+
+###### Will enabling / using this feature result in any new API calls?
+
+Describe them, providing:
+  - API call type (e.g. PATCH pods)
+  - estimated throughput
+  - originating component(s) (e.g. Kubelet, Feature-X-controller)
+Focusing mostly on:
+  - components listing and/or watching resources they didn't before
+  - API calls that may be triggered by changes of some Kubernetes resources
+    (e.g. update of object X triggers new updates of object Y)
+  - periodic API calls to reconcile state (e.g. periodic fetching state,
+    heartbeats, leader election, etc.)
+
+###### Will enabling / using this feature result in introducing new API types?
+
+Describe them, providing:
+  - API type
+  - Supported number of objects per cluster
+  - Supported number of objects per namespace (for namespace-scoped objects)
+
+###### Will enabling / using this feature result in any new calls to the cloud provider?
+
+Describe them, providing:
+  - Which API(s):
+  - Estimated increase:
+
+###### Will enabling / using this feature result in increasing size or count of the existing API objects?
+
+Describe them, providing:
+  - API type(s):
+  - Estimated increase in size: (e.g., new annotation of size 32B)
+  - Estimated amount of new objects: (e.g., new Object X for every existing Pod)
+-->
+
+###### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs?
+
+<!--
+Look at the [existing SLIs/SLOs].
+
+Think about adding additional work or introducing new steps in between
+(e.g. need to do X to start a container), etc. Please describe the details.
+
+[existing SLIs/SLOs]: https://git.k8s.io/community/sig-scalability/slos/slos.md#kubernetes-slisslos
+-->
+Mutating API calls that opt-in to validation will be slower ([initial
+benchmarks](https://github.com/kubernetes/kubernetes/pull/104433#issuecomment-901398507)
+estimate ~20% slower 25-30% more memory consumption)
+
+<!--
+###### Will enabling / using this feature result in non-negligible increase of resource usage (CPU, RAM, disk, IO, ...) in any components?
+
+Things to keep in mind include: additional in-memory state, additional
+non-trivial computations, excessive access to disks (including increased log
+volume), significant amount of data sent and/or received over network, etc.
+This through this both in small and large cases, again with respect to the
+[supported limits].
+
+[supported limits]: https://git.k8s.io/community//sig-scalability/configs-and-limits/thresholds.md
+
+### Troubleshooting
+
+This section must be completed when targeting beta to a release.
+
+The Troubleshooting section currently serves the `Playbook` role. We may consider
+splitting it into a dedicated `Playbook` document (potentially with some monitoring
+details). For now, we leave it here.
+
+###### How does this feature react if the API server and/or etcd is unavailable?
+
+###### What are other known failure modes?
+
+For each of them, fill in the following information by copying the below template:
+  - [Failure mode brief description]
+    - Detection: How can it be detected via metrics? Stated another way:
+      how can an operator troubleshoot without logging into a master or worker node?
+    - Mitigations: What can be done to stop the bleeding, especially for already
+      running user workloads?
+    - Diagnostics: What are the useful log messages and their required logging
+      levels that could help debug the issue?
+      Not required until feature graduated to beta.
+    - Testing: Are there any tests for failure mode? If not, describe why.
+
+###### What steps should be taken if SLOs are not being met to determine the problem?
+-->
+
+## Implementation History
+
+<!--
+Major milestones in the lifecycle of a KEP should be tracked in this section.
+Major milestones might include:
+- the `Summary` and `Motivation` sections being merged, signaling SIG acceptance
+- the `Proposal` section being merged, signaling agreement on a proposed design
+- the date implementation started
+- the first Kubernetes release where an initial version of the KEP was available
+- the version of Kubernetes where the KEP graduated to general availability
+- when the KEP was retired or superseded
+-->
+* Proof of Concept [PR](https://github.com/kubernetes/kubernetes/pull/104433) for Create and Update.
+
+<!--
+## Drawbacks
+
+Why should this KEP _not_ be implemented?
+-->
+
+## Alternatives
+* Content-Type Header vs Query Param (see #proposal)
+* Passing multiple decoders around in the request scope
+* Change the Decode signature itself (or adding a new DecodeStrict that Decode
+  calls into)
+
+<!--
+What other approaches did you consider, and why did you rule them out? These do
+not need to be as detailed as the proposal, but should include enough
+information to express the idea and why it was not acceptable.
+-->
+
+<!--
+## Infrastructure Needed (Optional)
+
+Use this section if you need things from the project/SIG. Examples include a
+new subproject, repos requested, or GitHub details. Listing these here allows a
+SIG to get the process for these resources started right away.
+-->
diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
new file mode 100644
index 00000000000..15e17f22ae6
--- /dev/null
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
@@ -0,0 +1,48 @@
+title: Server Side Unknown Field Validation
+kep-number: 2885
+authors:
+  - "@kevindelgado"
+owning-sig: sig-api-machinery
+participating-sigs:
+status: provisional
+creation-date: 2021-08-20
+reviewers:
+  - "@apelisse"
+  - "@jpbetz"
+approvers:
+  - "@lavalamp"
+
+##### WARNING !!! ######
+# prr-approvers has been moved to its own location
+# You should create your own in keps/prod-readiness
+# Please make a copy of keps/prod-readiness/template/nnnn.yaml
+# to keps/prod-readiness/sig-xxxxx/00000.yaml (replace with kep number)
+#prr-approvers:
+
+see-also:
+replaces:
+
+# The target maturity stage in the current dev cycle for this KEP.
+stage: alpha
+
+# The most recent milestone for which work toward delivery of this KEP has been
+# done. This can be the current (upcoming) milestone, if it is being actively
+# worked on.
+latest-milestone: "v1.23"
+
+# The milestone at which this feature was, or is targeted to be, at each stage.
+milestone:
+  alpha: "v1.23"
+  beta: "v1.24"
+  stable: "v1.25"
+
+# The following PRR answers are required at alpha release
+# List the feature gate name and the components for which it must be enabled
+feature-gates:
+  - name: UnknownFieldValidation
+    components:
+      - kube-apiserver
+disable-supported: true
+
+# The following PRR answers are required at beta release
+metrics:

From e690a74b3dfc1a9cf77d13ab5bdbf51aefb61b49 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Tue, 24 Aug 2021 04:45:19 +0000
Subject: [PATCH 02/16] Respond to smarterclayton feedback on mergeMap and
 param advantages

---
 .../README.md                                 | 24 +++++++++++++------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 4193f2eaf53..05ef87a7271 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -343,9 +343,13 @@ This might make it more obvious to consumers of the API that strict schema
 validation is a choice of the client. On the other hand, query parameters are
 more typically used for filtering/sorting data returned from the API server.
 
-Precedent for using query parameters is that we already have CreateOptions,
-PatchOptions, UpdateOptions for write requests that are communicated via query
-parameters.
+Arguments for using query parameter include:
+* Being able version them with the API version (unlike content-type which must
+  be versioned with the type)
+* Parameters are more discoverable in openapi, less so for mime types.
+* We have precedent for using query parameters for write requests already (via CreateOptions,
+  PatchOptions, UpdateOptions)
+
 
 We believe that using a query parameter is the best approach.
 
@@ -432,10 +436,16 @@ boils down to this
 [mergeMap](https://github.com/kubernetes/kubernetes/blob/dadecb2c8932fd28de9dfb94edbc7bdac7d0d28f/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch/patch.go#L1280) call that does the actual merge of the patch into
 the original.
 
-mergeMap takes a mergeOptions argument that we can update to have some
-configuration for strict validation. Within mergeMap, we can add a branch of
-code to fail with an error if mergeOptions specify strict validation and we
-encounter fields on the patch that do not exist on the original.
+`mergeMap` goest field-by-field through the existing object, checking to see if
+data should be merged in from the patch. Currently, if there are any
+extra/unknown fields in patch, they will never be encountered and will just be
+ignored.
+
+`mergeMap` takes a mergeOptions argument that we can update to have some
+configuration for strict validation. Within `mergeMap`, we can track the fields
+of the patch as they are meged in the existing object. After all fields that can
+be merged from the patch are, we will know that any fields on the patch that
+were not merged are unknown fields and can error out.
 
 #### Apply Patch
 

From 7473cff81f8181a06622b90c745099d449b5cf9e Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Thu, 26 Aug 2021 22:16:15 +0000
Subject: [PATCH 03/16] add JSON Patch POC

---
 .../2885-server-side-unknown-field-validation/README.md          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 05ef87a7271..e1beb687fdb 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -869,6 +869,7 @@ Major milestones might include:
 - when the KEP was retired or superseded
 -->
 * Proof of Concept [PR](https://github.com/kubernetes/kubernetes/pull/104433) for Create and Update.
+* Proof of Concept [PR](https://github.com/kubernetes/kubernetes/pull/104619) for JSON Patch.
 
 <!--
 ## Drawbacks

From 98c513425464098122db7c4cfb11ec7a2f494da6 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Mon, 30 Aug 2021 19:55:45 +0000
Subject: [PATCH 04/16] Update TOC to fix CI

---
 .../README.md                                         | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index e1beb687fdb..980ada2963d 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -84,15 +84,24 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Non-Goals](#non-goals)
 - [Proposal](#proposal)
   - [Notes/Constraints/Caveats (Optional)](#notesconstraintscaveats-optional)
+    - [Future Work](#future-work)
   - [Risks and Mitigations](#risks-and-mitigations)
+  - [Performance Considerations](#performance-considerations)
 - [Design Details](#design-details)
+  - [Opt-in API Mechanism](#opt-in-api-mechanism)
+    - [Content-Type Header](#content-type-header)
+    - [Query Parameter](#query-parameter)
+  - [Create (POST) and Update (PUT)](#create-post-and-update-put)
+  - [Patch (PATCH)](#patch-patch)
+    - [JSON Patch](#json-patch)
+    - [Strategic Merge Patch](#strategic-merge-patch)
+    - [Apply Patch](#apply-patch)
   - [Test Plan](#test-plan)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
   - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
   - [Scalability](#scalability)
 - [Implementation History](#implementation-history)
 - [Alternatives](#alternatives)
-- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
 <!-- /toc -->
 
 ## Release Signoff Checklist

From 4b1a17d942ebf1402ed0e1dc36bc2ab7d7a6f233 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Mon, 30 Aug 2021 20:09:12 +0000
Subject: [PATCH 05/16] Update PRR

---
 .../README.md                                 | 31 ++++++++++++-------
 1 file changed, 19 insertions(+), 12 deletions(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 980ada2963d..20b72d687cc 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -99,6 +99,9 @@ tags, and then generate with `hack/update-toc.sh`.
   - [Test Plan](#test-plan)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
   - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
+  - [Monitoring Requirements](#monitoring-requirements)
+  - [Dependencies](#dependencies)
   - [Scalability](#scalability)
 - [Implementation History](#implementation-history)
 - [Alternatives](#alternatives)
@@ -640,32 +643,30 @@ Pick one of these and delete the rest.
   - Will enabling / disabling the feature require downtime or reprovisioning
     of a node? (Do not assume `Dynamic Kubelet Config` feature is enabled). NO
 
-<!--
 ###### Does enabling the feature change any default behavior?
 
-Any change of default behavior may be surprising to users or break existing
-automations, so be extremely careful here.
+No, strict validation is false by default.
 
 ###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
 
-Describe the consequences on existing workloads (e.g., if this is a runtime
-feature, can it break the existing applications?).
-
-NOTE: Also set `disable-supported` to `true` or `false` in `kep.yaml`.
+Yes, disabling the feature flag will cause us to ignore the validation query
+param, effectively rolling back this feature.
 
 ###### What happens if we reenable the feature if it was previously rolled back?
 
+No harm, requests will resume performing strict validation
+
 ###### Are there any tests for feature enablement/disablement?
 
-The e2e framework does not currently support enabling or disabling feature
-gates. However, unit tests in each component dealing with managing data, created
-with and without the feature, are necessary. At the very least, think about
-conversion tests if API types are being modified.
+Testing for both presenence and absence of query param.
 
 ### Rollout, Upgrade and Rollback Planning
 
 This section must be completed when targeting beta to a release.
 
+N/A
+
+<!--
 ###### How can a rollout or rollback fail? Can it impact already running workloads?
 
 Try to be as paranoid as possible - e.g., what if some components will restart
@@ -690,11 +691,13 @@ are missing a bunch of machinery and tooling and can't do that now.
 ###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
 
 Even if applying deprecation policies, they may still surprise some users.
-
+-->
 ### Monitoring Requirements
 
 This section must be completed when targeting beta to a release.
 
+N/A
+<!--
 ###### How can an operator determine if the feature is in use by workloads?
 
 Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
@@ -749,10 +752,14 @@ Pick one more of these and delete the rest.
 Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
 implementation difficulties, etc.).
 
+-->
 ### Dependencies
 
 This section must be completed when targeting beta to a release.
 
+N/A
+
+<!--
 ###### Does this feature depend on any specific services running in the cluster?
 
 Think about both cluster-level services (e.g. metrics-server) as well

From efcbc65d4658971995cf8ff8dc821807dda9513f Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Tue, 31 Aug 2021 00:11:44 +0000
Subject: [PATCH 06/16] Remove feature flag, add prod-readiness, set to
 implementable

---
 keps/prod-readiness/sig-api-machinery/2885.yaml          | 3 +++
 .../2885-server-side-unknown-field-validation/README.md  | 6 +++---
 .../2885-server-side-unknown-field-validation/kep.yaml   | 9 +++------
 3 files changed, 9 insertions(+), 9 deletions(-)
 create mode 100644 keps/prod-readiness/sig-api-machinery/2885.yaml

diff --git a/keps/prod-readiness/sig-api-machinery/2885.yaml b/keps/prod-readiness/sig-api-machinery/2885.yaml
new file mode 100644
index 00000000000..e4c8157dcbd
--- /dev/null
+++ b/keps/prod-readiness/sig-api-machinery/2885.yaml
@@ -0,0 +1,3 @@
+kep-number: 2885
+alpha:
+        approver: "@deads2k"
diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 20b72d687cc..140fcfe59e4 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -631,11 +631,11 @@ This section must be completed when targeting alpha to a release.
 
 <!--
 Pick one of these and delete the rest.
--->
 
 - [x] Feature gate (also fill in values in `kep.yaml`)
   - Feature gate name: UnknownFieldValidation
   - Components depending on the feature gate: kube-apiserver
+-->
 - [x] Other
   - Describe the mechanism: query parameter
   - Will enabling / disabling the feature require downtime of the control
@@ -649,8 +649,8 @@ No, strict validation is false by default.
 
 ###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
 
-Yes, disabling the feature flag will cause us to ignore the validation query
-param, effectively rolling back this feature.
+Yes, not setting the query param will ensure we are not doing strict validation
+(i.e. disable the feature)
 
 ###### What happens if we reenable the feature if it was previously rolled back?
 
diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
index 15e17f22ae6..4025e3fcf6d 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
@@ -4,13 +4,14 @@ authors:
   - "@kevindelgado"
 owning-sig: sig-api-machinery
 participating-sigs:
-status: provisional
+status: implementable
 creation-date: 2021-08-20
 reviewers:
   - "@apelisse"
   - "@jpbetz"
 approvers:
-  - "@lavalamp"
+  - "@smarterclayton"
+  - "@deads2k"
 
 ##### WARNING !!! ######
 # prr-approvers has been moved to its own location
@@ -38,10 +39,6 @@ milestone:
 
 # The following PRR answers are required at alpha release
 # List the feature gate name and the components for which it must be enabled
-feature-gates:
-  - name: UnknownFieldValidation
-    components:
-      - kube-apiserver
 disable-supported: true
 
 # The following PRR answers are required at beta release

From accbe4740e10d43ec3f6734e138cfd902067b55c Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Tue, 31 Aug 2021 20:04:01 +0000
Subject: [PATCH 07/16] Add feature gate

---
 .../2885-server-side-unknown-field-validation/README.md       | 3 +--
 .../2885-server-side-unknown-field-validation/kep.yaml        | 4 ++++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 140fcfe59e4..948acae1390 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -631,11 +631,10 @@ This section must be completed when targeting alpha to a release.
 
 <!--
 Pick one of these and delete the rest.
-
+-->
 - [x] Feature gate (also fill in values in `kep.yaml`)
   - Feature gate name: UnknownFieldValidation
   - Components depending on the feature gate: kube-apiserver
--->
 - [x] Other
   - Describe the mechanism: query parameter
   - Will enabling / disabling the feature require downtime of the control
diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
index 4025e3fcf6d..3b390137138 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
@@ -39,6 +39,10 @@ milestone:
 
 # The following PRR answers are required at alpha release
 # List the feature gate name and the components for which it must be enabled
+feature-gates:
+  - name: UnknownFieldValidation
+    components:
+      - kube-apiserver
 disable-supported: true
 
 # The following PRR answers are required at beta release

From 469c95114b09db61280eba40b494e89e88a7c600 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 1 Sep 2021 17:22:15 +0000
Subject: [PATCH 08/16] Add note about client-go support

---
 .../2885-server-side-unknown-field-validation/README.md        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 948acae1390..6ccd9f7a575 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -362,6 +362,9 @@ Arguments for using query parameter include:
 * We have precedent for using query parameters for write requests already (via CreateOptions,
   PatchOptions, UpdateOptions)
 
+For client-go support, we will add a `UnknownFieldValidation` field to
+CreateOptions, PatchOptions, and UpdateOptions that can supply the query
+parameter to the request.
 
 We believe that using a query parameter is the best approach.
 

From 6e21736d87a928d3174ae156c3a371764f80906b Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 1 Sep 2021 20:07:17 +0000
Subject: [PATCH 09/16] PRR feedback

---
 .../README.md                                 | 78 +++++++++++++------
 1 file changed, 55 insertions(+), 23 deletions(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 6ccd9f7a575..4c6461a7f0a 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -125,18 +125,18 @@ checklist items _must_ be updated for the enhancement to be released.
 
 Items marked with (R) are required *prior to targeting to a milestone / release*.
 
-- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
-- [ ] (R) KEP approvers have approved the KEP status as `implementable`
-- [ ] (R) Design details are appropriately documented
-- [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
+- [x] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [x] (R) KEP approvers have approved the KEP status as `implementable`
+- [x] (R) Design details are appropriately documented
+- [x] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
   - [ ] e2e Tests for all Beta API Operations (endpoints)
   - [ ] (R) Ensure GA e2e tests for meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
   - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
-- [ ] (R) Graduation criteria is in place
+- [x] (R) Graduation criteria is in place
   - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
-- [ ] (R) Production readiness review completed
-- [ ] (R) Production readiness review approved
-- [ ] "Implementation History" section is up-to-date for milestone
+- [x] (R) Production readiness review completed
+- [x] (R) Production readiness review approved
+- [x] "Implementation History" section is up-to-date for milestone
 - [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
 - [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
 
@@ -513,9 +513,8 @@ We will also have additional testing for changes to the strategic merge patch
 logic in
 [apimachinery/pkg/util/strategicpatch/patch_test.go](https://github.com/kubernetes/kubernetes/blob/dadecb2c8932fd28de9dfb94edbc7bdac7d0d28f/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch/patch_test.go)
 
-<!--
 ### Graduation Criteria
-
+<!--
 **Note:** *Not required until targeted at a release.*
 
 Define graduation milestones.
@@ -540,11 +539,13 @@ functionality is accessed.
 
 Below are some examples to consider, in addition to the aforementioned [maturity levels][maturity-levels].
 
+-->
 #### Alpha
 
 - Feature implemented behind a feature flag
-- Initial e2e tests completed and enabled
+- Integration tests added for all relevant verbs (POST, PUT, and PATCH)
 
+<!--
 #### Beta
 
 - Gather feedback from developers and surveys
@@ -651,16 +652,23 @@ No, strict validation is false by default.
 
 ###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
 
-Yes, not setting the query param will ensure we are not doing strict validation
-(i.e. disable the feature)
+Yes. From the cluster operator's side, they can restart the kube-apiserver without
+the UnknownFieldValidation flag set and this will disable the feature
+cluster-wide.
+
+For end-users that no longer wish to perform server-side strict validation,
+simply not setting the query param will ensure the server is not doing strict
+validation.
 
 ###### What happens if we reenable the feature if it was previously rolled back?
 
-No harm, requests will resume performing strict validation
+No harm, requests will resume performing strict validation. The content of
+stored data does not change when the feature is used compared to when it is off,
+only new requests to the api-server will trigger strict validation.
 
 ###### Are there any tests for feature enablement/disablement?
 
-Testing for both presenence and absence of query param.
+Testing for both presence and absence of query param.
 
 ### Rollout, Upgrade and Rollback Planning
 
@@ -698,16 +706,27 @@ Even if applying deprecation policies, they may still surprise some users.
 
 This section must be completed when targeting beta to a release.
 
-N/A
 <!--
 ###### How can an operator determine if the feature is in use by workloads?
 
 Ideally, this should be a metric. Operations against the Kubernetes API (e.g.,
 checking if there are objects with field X set) may be a last resort. Avoid
 logs or events for this purpose.
-
+-->
 ###### How can someone using this feature know that it is working for their instance?
 
+The easiest way to know that the feature is enabled and working is to query the
+API server with the query param set and passing an object with deliberately
+invalid, unknown fields. An error from the server will indicate that the feature
+is enabled as expected.
+
+Alternatively, and end-user can cross-reference the results of client-side
+validation (i.e. `kubectl --validate=true`) with the results of server-side. If
+client-side validation indicates an error but server-side does not, then the
+feature is disabled.
+
+<!--
+
 For instance, if this is a pod-related feature, it should be possible to determine if the feature is functioning properly
 for each individual pod.
 Pick one more of these and delete the rest.
@@ -722,9 +741,17 @@ Recall that end users cannot usually observe component logs or access metrics.
   - Other field: 
 - [ ] Other (treat as last resort)
   - Details:
+-->
 
 ###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
 
+Users should expect to see an increase in request latency and memory usage
+(~20-25% increase) for requests that desire server side schema validation.
+
+Cluster operators can also use cpu usage monitoring to determine whether
+increased usage of server-side schema validation dramatically increases CPU usage after feature enablement.
+
+<!--
 This is your opportunity to define what "normal" quality of service looks like
 for a feature.
 
@@ -738,17 +765,22 @@ high level (needs more precise definitions) those may be things like:
 These goals will help you determine what you need to measure (SLIs) in the next
 question.
 
+-->
 ###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
 
 Pick one more of these and delete the rest.
 
-- [ ] Metrics
-  - Metric name:
-  - [Optional] Aggregation method:
-  - Components exposing the metric:
-- [ ] Other (treat as last resort)
-  - Details:
+- [x] Metrics
+  - Metric name: CPU Usage
+  - Components exposing the metric: kube-apiserver
+- [x] Metrics
+  - Metric name: Memory Consumption
+  - Components exposing the metric: kube-apiserver
+- [x] Metrics
+  - Metric name: Request Latency
+  - Components exposing the metric: kube-apiserver
 
+<!--
 ###### Are there any missing metrics that would be useful to have to improve observability of this feature?
 
 Describe the metrics themselves and the reasons why they weren't added (e.g., cost,

From 662849cca013c7c71f3a67f109fc9f2329d5cf7c Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 1 Sep 2021 20:22:38 +0000
Subject: [PATCH 10/16] Update TOC

---
 .../2885-server-side-unknown-field-validation/README.md         | 2 ++
 .../2885-server-side-unknown-field-validation/kep.yaml          | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 4c6461a7f0a..abc8a92373b 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -97,6 +97,8 @@ tags, and then generate with `hack/update-toc.sh`.
     - [Strategic Merge Patch](#strategic-merge-patch)
     - [Apply Patch](#apply-patch)
   - [Test Plan](#test-plan)
+  - [Graduation Criteria](#graduation-criteria)
+    - [Alpha](#alpha)
 - [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
   - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
   - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
index 3b390137138..7415430ab59 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/kep.yaml
@@ -9,8 +9,8 @@ creation-date: 2021-08-20
 reviewers:
   - "@apelisse"
   - "@jpbetz"
-approvers:
   - "@smarterclayton"
+approvers:
   - "@deads2k"
 
 ##### WARNING !!! ######

From d17980545d131b2b1edcacba0c2f8c4c1dc6f4de Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Fri, 3 Sep 2021 20:30:14 +0000
Subject: [PATCH 11/16] rename query param

---
 .../2885-server-side-unknown-field-validation/README.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index abc8a92373b..5cc1c010ac4 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -351,7 +351,7 @@ Content-Type which is providing information about the inbound request body.
 
 Alternatively, if we don’t like the idea of using Content-Type header to
 determine whether the apiserver should accept or fail on unknown fields, we
-could pass a query param such as “?validate=true”.
+could pass a query param such as “?fieldValidation=Strict”.
 
 This might make it more obvious to consumers of the API that strict schema
 validation is a choice of the client. On the other hand, query parameters are

From dd6f05ab76d192c8b99e215edbf746cb382cec59 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Fri, 3 Sep 2021 22:00:51 +0000
Subject: [PATCH 12/16] Update test plan

---
 .../2885-server-side-unknown-field-validation/README.md        | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 5cc1c010ac4..647e08124a6 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -511,6 +511,9 @@ We can unit test and benchmark the performance of each endpoint in
 fail with invalid fields for all types of fields (embedding, free-form fields,
 etc).
 
+Additionally, we can add integration testing for all endpoints in
+[test/integration/apiserver/apiserver_test.go](https://github.com/kubernetes/kubernetes/blob/master/test/integration/apiserver/apiserver_test.go)
+
 We will also have additional testing for changes to the strategic merge patch
 logic in
 [apimachinery/pkg/util/strategicpatch/patch_test.go](https://github.com/kubernetes/kubernetes/blob/dadecb2c8932fd28de9dfb94edbc7bdac7d0d28f/staging/src/k8s.io/apimachinery/pkg/util/strategicpatch/patch_test.go)

From fcea5650397e4d110c25858ffdc3e09c6b1a41f9 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 8 Sep 2021 20:12:00 +0000
Subject: [PATCH 13/16] Address feedback around warning, update client-go
 option name

---
 .../README.md                                       | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 647e08124a6..0a925ecb3e5 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -364,10 +364,14 @@ Arguments for using query parameter include:
 * We have precedent for using query parameters for write requests already (via CreateOptions,
   PatchOptions, UpdateOptions)
 
-For client-go support, we will add a `UnknownFieldValidation` field to
+For client-go support, we will add a `FieldValidation` field to
 CreateOptions, PatchOptions, and UpdateOptions that can supply the query
 parameter to the request.
 
+With a query parameter, we can consider values other than just `Strict` and `Ignore`. For example,
+can offer a `?fieldValidation=Warn` to support warning, rather than erroring on
+unknown fields.
+
 We believe that using a query parameter is the best approach.
 
 ### Create (POST) and Update (PUT)
@@ -933,10 +937,15 @@ Why should this KEP _not_ be implemented?
 -->
 
 ## Alternatives
-* Content-Type Header vs Query Param (see #proposal)
+* Content-Type Header vs Query Param (see [#proposal](#proposal))
 * Passing multiple decoders around in the request scope
 * Change the Decode signature itself (or adding a new DecodeStrict that Decode
   calls into)
+* Instead of erroring on unknown fields, we could warn on unknown fields and
+  then more generally have a `TreatWarningsAsErrors` option to fail on requests
+  with unknown fields. One drawback here is that it would be difficult to
+  flag unkown fields separately from other warnings that we might not want to
+  error on (e.g. using a deprecated API).
 
 <!--
 What other approaches did you consider, and why did you rule them out? These do

From 546a6971f30db1fada85226e6b7b75f601ff8e4d Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 8 Sep 2021 20:21:13 +0000
Subject: [PATCH 14/16] Warn note

---
 .../2885-server-side-unknown-field-validation/README.md        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 0a925ecb3e5..e5faf215b33 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -945,7 +945,8 @@ Why should this KEP _not_ be implemented?
   then more generally have a `TreatWarningsAsErrors` option to fail on requests
   with unknown fields. One drawback here is that it would be difficult to
   flag unkown fields separately from other warnings that we might not want to
-  error on (e.g. using a deprecated API).
+  error on (e.g. using a deprecated API). See note in [#proposal](#proposal)
+  section around adding an option for warning on unknown fields.
 
 <!--
 What other approaches did you consider, and why did you rule them out? These do

From 8bc0f19210dc8c5ee07c7adb05209620f820ed0e Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 8 Sep 2021 20:23:39 +0000
Subject: [PATCH 15/16] spelling

---
 .../2885-server-side-unknown-field-validation/README.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index e5faf215b33..9db977f3350 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -944,7 +944,7 @@ Why should this KEP _not_ be implemented?
 * Instead of erroring on unknown fields, we could warn on unknown fields and
   then more generally have a `TreatWarningsAsErrors` option to fail on requests
   with unknown fields. One drawback here is that it would be difficult to
-  flag unkown fields separately from other warnings that we might not want to
+  flag unknown fields separately from other warnings that we might not want to
   error on (e.g. using a deprecated API). See note in [#proposal](#proposal)
   section around adding an option for warning on unknown fields.
 

From 678a76629c448988648df66f07d1c9dbe2a6af89 Mon Sep 17 00:00:00 2001
From: Kevin Delgado <kevindelgado@google.com>
Date: Wed, 8 Sep 2021 20:46:30 +0000
Subject: [PATCH 16/16] Add support for warn option

---
 .../2885-server-side-unknown-field-validation/README.md       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
index 9db977f3350..75a78fafc93 100644
--- a/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
+++ b/keps/sig-api-machinery/2885-server-side-unknown-field-validation/README.md
@@ -368,8 +368,8 @@ For client-go support, we will add a `FieldValidation` field to
 CreateOptions, PatchOptions, and UpdateOptions that can supply the query
 parameter to the request.
 
-With a query parameter, we can consider values other than just `Strict` and `Ignore`. For example,
-can offer a `?fieldValidation=Warn` to support warning, rather than erroring on
+In addition to supporting the options `Strict` (for erroring on unknown fields) and `Ignore`,
+we will also support the `?fieldValidation=Warn` option, to warn, rather than error on
 unknown fields.
 
 We believe that using a query parameter is the best approach.