Skip to content

Use the correct API version for MutatingAdmissionPolicy#1770

Open
DockToFuture wants to merge 1 commit intogardener:masterfrom
DockToFuture:support/mutating-admission-policy-in-all-api-versions
Open

Use the correct API version for MutatingAdmissionPolicy#1770
DockToFuture wants to merge 1 commit intogardener:masterfrom
DockToFuture:support/mutating-admission-policy-in-all-api-versions

Conversation

@DockToFuture
Copy link
Copy Markdown
Member

@DockToFuture DockToFuture commented Apr 16, 2026
edited
Loading

How to categorize this PR?

/area networking
/kind enhancement
/platform aws

What this PR does / why we need it:
MutatingAdmissionPolicy graduates from v1alpha1 → v1beta1 in Kubernetes 1.34 and to v1 (GA) in 1.36. This PR makes the Calico mutating admission policy chart use the correct API version based on the shoot's Kubernetes version, and aligns the enable/disable logic accordingly:

  • < 1.34: v1alpha1, requires explicit feature gate + RuntimeConfig opt-in
  • >= 1.34: v1beta1, enabled by default (can be opted out)
  • >= 1.36: v1, always enabled (feature gate locked on)

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

Release note:

Calico mutating admission policy chart uses the correct API version based on the shoot's Kubernetes version, and aligns the enable/disable logic accordingly.

@DockToFuture DockToFuture requested a review from a team as a code owner April 16, 2026 08:54
@gardener-prow gardener-prow bot added area/networking Networking related kind/enhancement Enhancement, improvement, extension labels Apr 16, 2026
@gardener-prow
Copy link
Copy Markdown

gardener-prow bot commented Apr 16, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hebelsan for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Apr 16, 2026
@federated-github-access federated-github-access bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. and removed ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Apr 16, 2026
@DockToFuture DockToFuture force-pushed the support/mutating-admission-policy-in-all-api-versions branch from e8b681a to 774d6f1 Compare April 16, 2026 09:05
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 16, 2026

This change enhances the Kubernetes MutatingAdmissionPolicy support by implementing version-aware API compatibility across different Kubernetes releases. The modification dynamically selects the appropriate API version (v1alpha1, v1beta1, or v1) based on the cluster's Kubernetes version and configuration, ensuring proper functionality as the MutatingAdmissionPolicy feature progresses from alpha to beta to GA status in different Kubernetes versions.

Walkthrough

  • Refactor: Enhanced MutatingAdmissionPolicy version detection logic to automatically determine the correct API version (v1alpha1, v1beta1, or v1) based on Kubernetes cluster version and configuration
  • Refactor: Modified chart templates to use configurable API version instead of hardcoded v1alpha1, improving compatibility across Kubernetes releases
  • Refactor: Updated policy enablement logic to handle different maturity levels of the MutatingAdmissionPolicy feature across Kubernetes versions (alpha in <1.34, beta in 1.34-1.35, GA in ≥1.36)
  • Test: Added comprehensive test coverage for version detection and API version selection logic

Model: claude-sonnet-4-20250514 | Prompt Tokens: 6282 | Completion Tokens: 257

@federated-github-access federated-github-access bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/networking Networking related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DockToFuture