pkg/admission: pretend to validate pods if object contains a pod spec

stlaz · Apr 28, 2022 · f934c2c · f934c2c
1 parent dd8f4f8
commit f934c2c
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/pkg/admission/admission.go b/pkg/admission/admission.go
@@ -154,6 +154,23 @@ func (a *ParallelAdmission) ValidateResources(ctx context.Context, localResource
 			Name:      objName,
 		}
 
+		// If the object includes a pod spec (i.e. Deployment), create a Pod object out of it for validation.
+		// For admission only pod resources will be enforced, deployments won't.
+		podExtractor := psadmission.DefaultPodSpecExtractor{}
+		if podExtractor.HasPodSpec(resource.GroupResource()) {
+			objMeta, spec, err := podExtractor.ExtractPodSpec(resInfo.Object)
+			if err != nil {
+				return nil, fmt.Errorf("error extracting pod spec: %w", err)
+			}
+
+			resInfo.Object = &corev1.Pod{
+				ObjectMeta: *objMeta,
+				Spec:       *spec,
+			}
+
+			resource = corev1.SchemeGroupVersion.WithResource("pods")
+		}
+
 		results[key] = a.Validate(ctx, &psapi.AttributesRecord{
 			Namespace: objNS,
 			Name:      objName,