add ValidatingAdmissionPolicy resource from k8s v1.28.0

[BBBmau]

Description

https://kubernetes.io/blog/2023/08/15/kubernetes-v1-28-release/#validatingadmissionpolicies-graduate-to-beta
https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/

with ValidatingAdmissionPolicy being moved to the beta state in v1.28.0 we should consider whether this resource should be a high priority or wait until it has reached the stable state.

YAML configuration

apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingAdmissionPolicy
metadata:
  name: "demo-policy.example.com"
spec:
  failurePolicy: Fail
  matchConstraints:
    resourceRules:
    - apiGroups:   ["apps"]
      apiVersions: ["v1"]
      operations:  ["CREATE", "UPDATE"]
      resources:   ["deployments"]
  validations:
    - expression: "object.spec.replicas <= 5"

References

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[BBBmau]

Referencing https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#validatingadmissionpolicy-v1beta1-admissionregistration-k8s-io

Since this would be the schema for the ValidatingAdmissionPolicy resource

[appilon]

The provider typically does not implement resources where there is a feature gate that defaults to false. This is because cloud provisioned clusters generally do not have the option to set feature gates to true. Unfortunately the feature gate ValidatingAdmissionPolicy defaults to false as of v1.28, see docs.

[skraga]

@appilon according to the doc that you've sharedValidatingAdmissionPolicy defaults to true nowadays (starting from k8s 1.30 is in GA)

[BBBmau]

@appilon according to the doc that you've sharedValidatingAdmissionPolicy defaults to true nowadays (starting from k8s 1.30 is in GA)

Thanks for the update! Marking this as good first issue / help wanted @skraga you're welcome to open a PR if interested. Refer to CONTRIBUTING.md

[BBBmau]

interested in this one @aayushsss1? @JaylonmcShan03 can review once the PR is open.

[aayushsss1]

Hey @BBBmau thanks, I can take this up!

[BBBmau]

marked as blocked and moved to v3.0.0 since this requires a k8s version bump which will be addressed in the next major version release of the provider.