atc: allow airways to skip admission review if configured

yokecd · Mar 6, 2025 · ca69888 · ca69888
1 parent 57577d7
commit ca69888
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 0 deletions.
diff --git a/cmd/atc/handler.go b/cmd/atc/handler.go
@@ -154,6 +154,20 @@ func Handler(client *k8s.Client, cache *wasm.ModuleCache, logger *slog.Logger) h
 			return
 		}
 
+		if airway.Spec.SkipAdmissionWebhook {
+			review.Response = &admissionv1.AdmissionResponse{
+				UID:     review.Request.UID,
+				Allowed: true,
+				Result:  &metav1.Status{Status: metav1.StatusSuccess, Message: "admission skipped"},
+			}
+			review.Request = nil
+
+			addRequestAttrs(r.Context(), slog.Bool("skipped", true))
+
+			json.NewEncoder(w).Encode(&review)
+			return
+		}
+
 		object, _, err := unstructured.NestedFieldNoCopy(cr.Object, airway.Spec.ObjectPath...)
 		if err != nil {
 			http.Error(w, fmt.Sprintf("failed to get object path: %v", err), http.StatusInternalServerError)

diff --git a/cmd/atc/internal/.DS_Store b/cmd/atc/internal/.DS_Store
diff --git a/pkg/apis/airway/v1alpha1/airway.go b/pkg/apis/airway/v1alpha1/airway.go
@@ -45,6 +45,14 @@ type AirwaySpec struct {
 	// CrossNamespace allows for resources to be created in other namespaces other than the releases target namespace.
 	CrossNamespace bool `json:"crossNamespace,omitempty"`
 
+	// SkipAdmissionWebhook bypasses admission webhook for the airway's CRs.
+	// The admission webhook validates that the resources that would be created pass a dry-run phase.
+	// However in the case of some multi-stage implementations, stages that depend on prior stages cannot pass dry-run.
+	// In this case there is no option but to skip the admission webhook.
+	//
+	// Therefore multi-stage Airways are not generally recommended.
+	SkipAdmissionWebhook bool `json:"skipAdmissionWebhook,omitempty"`
+
 	// Template is the CustomResourceDefinition Specification to create. A CRD will be created using this specification
 	// and bound to the implementation defined by the WasmURLs.Flight property.
 	Template apiextensionsv1.CustomResourceDefinitionSpec `json:"template"`

diff --git a/pkg/openapi/flight.golden.json b/pkg/openapi/flight.golden.json
@@ -26,6 +26,9 @@
             "type": "string"
           }
         },
+        "skipAdmissionWebhook": {
+          "type": "boolean"
+        },
         "template": {
           "type": "object",
           "required": [