From f934c2cc740e6bcbf81d91c09f70f0c162cae032 Mon Sep 17 00:00:00 2001 From: Sergiusz Urbaniak Date: Wed, 27 Apr 2022 11:57:01 +0200 Subject: [PATCH] pkg/admission: pretend to validate pods if object contains a pod spec --- pkg/admission/admission.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/pkg/admission/admission.go b/pkg/admission/admission.go index 03f46d0..556b1da 100644 --- a/pkg/admission/admission.go +++ b/pkg/admission/admission.go @@ -154,6 +154,23 @@ func (a *ParallelAdmission) ValidateResources(ctx context.Context, localResource Name: objName, } + // If the object includes a pod spec (i.e. Deployment), create a Pod object out of it for validation. + // For admission only pod resources will be enforced, deployments won't. + podExtractor := psadmission.DefaultPodSpecExtractor{} + if podExtractor.HasPodSpec(resource.GroupResource()) { + objMeta, spec, err := podExtractor.ExtractPodSpec(resInfo.Object) + if err != nil { + return nil, fmt.Errorf("error extracting pod spec: %w", err) + } + + resInfo.Object = &corev1.Pod{ + ObjectMeta: *objMeta, + Spec: *spec, + } + + resource = corev1.SchemeGroupVersion.WithResource("pods") + } + results[key] = a.Validate(ctx, &psapi.AttributesRecord{ Namespace: objNS, Name: objName,