use istio client-go library instead of knative (#1661)

use istio client-go library instead of knative bump kubernetes dependency version change code coverage to codecov
2019-12-13 11:26:18 +08:00
parent f249a6e081
commit ea88c8803d
2071 changed files with 354531 additions and 108336 deletions
--- a/vendor/k8s.io/apiserver/pkg/registry/generic/OWNERS
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/OWNERS
@@ -1,3 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
 reviewers:
 - thockin
 - lavalamp
@@ -15,10 +17,8 @@ reviewers:
 - saad-ali
 - janetkuo
 - pwittrock
- roberthbailey
 - ncdc
 - eparis
- jlowdermilk
 - piosz
 - dims
 - hongchaodeng
--- a/vendor/k8s.io/apiserver/pkg/registry/generic/options.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/options.go
@@ -47,6 +47,6 @@ type RESTOptionsGetter interface {
 // StoreOptions is set of configuration options used to complete generic registries.
 type StoreOptions struct {
 	RESTOptions RESTOptionsGetter
-	TriggerFunc storage.TriggerPublisherFunc
+	TriggerFunc storage.IndexerFuncs
 	AttrFunc    storage.AttrFunc
 }
--- a/vendor/k8s.io/apiserver/pkg/registry/generic/registry/decorated_watcher.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/registry/decorated_watcher.go
@@ -45,11 +45,17 @@ func newDecoratedWatcher(w watch.Interface, decorator ObjectFunc) *decoratedWatc

 func (d *decoratedWatcher) run(ctx context.Context) {
 	var recv, send watch.Event
+	var ok bool
 	for {
 		select {
-		case recv = <-d.w.ResultChan():
+		case recv, ok = <-d.w.ResultChan():
+			// The underlying channel may be closed after timeout.
+			if !ok {
+				d.cancel()
+				return
+			}
 			switch recv.Type {
-			case watch.Added, watch.Modified, watch.Deleted:
+			case watch.Added, watch.Modified, watch.Deleted, watch.Bookmark:
 				err := d.decorator(recv.Object)
 				if err != nil {
 					send = makeStatusErrorEvent(err)
--- a/vendor/k8s.io/apiserver/pkg/registry/generic/registry/dryrun.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/registry/dryrun.go
@@ -44,14 +44,17 @@ func (s *DryRunnableStorage) Create(ctx context.Context, key string, obj, out ru
 	return s.Storage.Create(ctx, key, obj, out, ttl)
 }

-func (s *DryRunnableStorage) Delete(ctx context.Context, key string, out runtime.Object, preconditions *storage.Preconditions, dryRun bool) error {
+func (s *DryRunnableStorage) Delete(ctx context.Context, key string, out runtime.Object, preconditions *storage.Preconditions, deleteValidation storage.ValidateObjectFunc, dryRun bool) error {
 	if dryRun {
 		if err := s.Storage.Get(ctx, key, "", out, false); err != nil {
 			return err
 		}
-		return preconditions.Check(key, out)
+		if err := preconditions.Check(key, out); err != nil {
+			return err
+		}
+		return deleteValidation(ctx, out)
 	}
-	return s.Storage.Delete(ctx, key, out, preconditions)
+	return s.Storage.Delete(ctx, key, out, preconditions, deleteValidation)
 }

 func (s *DryRunnableStorage) Watch(ctx context.Context, key string, resourceVersion string, p storage.SelectionPredicate) (watch.Interface, error) {
--- a/vendor/k8s.io/apiserver/pkg/registry/generic/registry/storage_factory.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/registry/storage_factory.go
@@ -25,7 +25,7 @@ import (
 	"k8s.io/apiserver/pkg/registry/generic"
 	"k8s.io/apiserver/pkg/storage"
 	cacherstorage "k8s.io/apiserver/pkg/storage/cacher"
-	etcdstorage "k8s.io/apiserver/pkg/storage/etcd"
+	"k8s.io/apiserver/pkg/storage/etcd3"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
 	"k8s.io/apiserver/pkg/storage/storagebackend/factory"
 )
@@ -34,35 +34,43 @@ import (
 func StorageWithCacher(capacity int) generic.StorageDecorator {
 	return func(
 		storageConfig *storagebackend.Config,
-		objectType runtime.Object,
 		resourcePrefix string,
 		keyFunc func(obj runtime.Object) (string, error),
+		newFunc func() runtime.Object,
 		newListFunc func() runtime.Object,
 		getAttrsFunc storage.AttrFunc,
-		triggerFunc storage.TriggerPublisherFunc) (storage.Interface, factory.DestroyFunc) {
+		triggerFuncs storage.IndexerFuncs) (storage.Interface, factory.DestroyFunc, error) {

-		s, d := generic.NewRawStorage(storageConfig)
-		if capacity == 0 {
-			klog.V(5).Infof("Storage caching is disabled for %T", objectType)
-			return s, d
+		s, d, err := generic.NewRawStorage(storageConfig)
+		if err != nil {
+			return s, d, err
+		}
+		if capacity <= 0 {
+			klog.V(5).Infof("Storage caching is disabled for %T", newFunc())
+			return s, d, nil
+		}
+		if klog.V(5) {
+			klog.Infof("Storage caching is enabled for %T with capacity %v", newFunc(), capacity)
 		}
-		klog.V(5).Infof("Storage caching is enabled for %T with capacity %v", objectType, capacity)

 		// TODO: we would change this later to make storage always have cacher and hide low level KV layer inside.
 		// Currently it has two layers of same storage interface -- cacher and low level kv.
 		cacherConfig := cacherstorage.Config{
-			CacheCapacity:        capacity,
-			Storage:              s,
-			Versioner:            etcdstorage.APIObjectVersioner{},
-			Type:                 objectType,
-			ResourcePrefix:       resourcePrefix,
-			KeyFunc:              keyFunc,
-			NewListFunc:          newListFunc,
-			GetAttrsFunc:         getAttrsFunc,
-			TriggerPublisherFunc: triggerFunc,
-			Codec:                storageConfig.Codec,
+			CacheCapacity:  capacity,
+			Storage:        s,
+			Versioner:      etcd3.APIObjectVersioner{},
+			ResourcePrefix: resourcePrefix,
+			KeyFunc:        keyFunc,
+			NewFunc:        newFunc,
+			NewListFunc:    newListFunc,
+			GetAttrsFunc:   getAttrsFunc,
+			IndexerFuncs:   triggerFuncs,
+			Codec:          storageConfig.Codec,
+		}
+		cacher, err := cacherstorage.NewCacherFromConfig(cacherConfig)
+		if err != nil {
+			return nil, func() {}, err
 		}
-		cacher := cacherstorage.NewCacherFromConfig(cacherConfig)
 		destroyFunc := func() {
 			cacher.Stop()
 			d()
@@ -73,7 +81,7 @@ func StorageWithCacher(capacity int) generic.StorageDecorator {
 		// merges as that shuts down storage properly
 		RegisterStorageCleanup(destroyFunc)

-		return cacher, destroyFunc
+		return cacher, destroyFunc, nil
 	}
 }

--- a/vendor/k8s.io/apiserver/pkg/registry/generic/registry/store.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/registry/store.go
@@ -44,7 +44,7 @@ import (
 	"k8s.io/apiserver/pkg/registry/rest"
 	"k8s.io/apiserver/pkg/storage"
 	storeerr "k8s.io/apiserver/pkg/storage/errors"
-	"k8s.io/apiserver/pkg/storage/etcd/metrics"
+	"k8s.io/apiserver/pkg/storage/etcd3/metrics"
 	"k8s.io/apiserver/pkg/util/dryrun"

 	"k8s.io/klog"
@@ -166,6 +166,11 @@ type Store struct {
 	// ReturnDeletedObject determines whether the Store returns the object
 	// that was deleted. Otherwise, return a generic success status response.
 	ReturnDeletedObject bool
+	// ShouldDeleteDuringUpdate is an optional function to determine whether
+	// an update from existing to obj should result in a delete.
+	// If specified, this is checked in addition to standard finalizer,
+	// deletionTimestamp, and deletionGracePeriodSeconds checks.
+	ShouldDeleteDuringUpdate func(ctx context.Context, key string, obj, existing runtime.Object) bool
 	// ExportStrategy implements resource-specific behavior during export,
 	// optional. Exported objects are not decorated.
 	ExportStrategy rest.RESTExportStrategy
@@ -177,6 +182,12 @@ type Store struct {
 	// resource. It is wrapped into a "DryRunnableStorage" that will
 	// either pass-through or simply dry-run.
 	Storage DryRunnableStorage
+	// StorageVersioner outputs the <group/version/kind> an object will be
+	// converted to before persisted in etcd, given a list of possible
+	// kinds of the object.
+	// If the StorageVersioner is nil, apiserver will leave the
+	// storageVersionHash as empty in the discovery document.
+	StorageVersioner runtime.GroupVersioner
 	// Called to cleanup clients used by the underlying Storage; optional.
 	DestroyFunc func()
 }
@@ -307,7 +318,6 @@ func (e *Store) ListPredicate(ctx context.Context, p storage.SelectionPredicate,
 		// By default we should serve the request from etcd.
 		options = &metainternalversion.ListOptions{ResourceVersion: ""}
 	}
-	p.IncludeUninitialized = options.IncludeUninitialized
 	p.Limit = options.Limit
 	p.Continue = options.Continue
 	list := e.NewListFunc()
@@ -332,7 +342,7 @@ func (e *Store) Create(ctx context.Context, obj runtime.Object, createValidation
 	// at this point we have a fully formed object.  It is time to call the validators that the apiserver
 	// handling chain wants to enforce.
 	if createValidation != nil {
-		if err := createValidation(obj.DeepCopyObject()); err != nil {
+		if err := createValidation(ctx, obj.DeepCopyObject()); err != nil {
 			return nil, err
 		}
 	}
@@ -380,96 +390,15 @@ func (e *Store) Create(ctx context.Context, obj runtime.Object, createValidation
 			return nil, err
 		}
 	}
-	if !options.IncludeUninitialized {
-		return e.WaitForInitialized(ctx, out)
-	}
 	return out, nil
 }

-// WaitForInitialized holds until the object is initialized, or returns an error if the default limit expires.
-// This method is exposed publicly for consumers of generic rest tooling.
-func (e *Store) WaitForInitialized(ctx context.Context, obj runtime.Object) (runtime.Object, error) {
-	// return early if we don't have initializers, or if they've completed already
-	accessor, err := meta.Accessor(obj)
-	if err != nil {
-		return obj, nil
-	}
-	initializers := accessor.GetInitializers()
-	if initializers == nil {
-		return obj, nil
-	}
-	if result := initializers.Result; result != nil {
-		return nil, kubeerr.FromObject(result)
-	}
-
-	key, err := e.KeyFunc(ctx, accessor.GetName())
-	if err != nil {
-		return nil, err
-	}
-	qualifiedResource := e.qualifiedResourceFromContext(ctx)
-	w, err := e.Storage.Watch(ctx, key, accessor.GetResourceVersion(), storage.SelectionPredicate{
-		Label: labels.Everything(),
-		Field: fields.Everything(),
-
-		IncludeUninitialized: true,
-	})
-	if err != nil {
-		return nil, err
-	}
-	defer w.Stop()
-
-	latest := obj
-	ch := w.ResultChan()
-	for {
-		select {
-		case event, ok := <-ch:
-			if !ok {
-				msg := fmt.Sprintf("server has timed out waiting for the initialization of %s %s",
-					qualifiedResource.String(), accessor.GetName())
-				return nil, kubeerr.NewTimeoutError(msg, 0)
-			}
-			switch event.Type {
-			case watch.Deleted:
-				if latest = event.Object; latest != nil {
-					if accessor, err := meta.Accessor(latest); err == nil {
-						if initializers := accessor.GetInitializers(); initializers != nil && initializers.Result != nil {
-							// initialization failed, but we missed the modification event
-							return nil, kubeerr.FromObject(initializers.Result)
-						}
-					}
-				}
-				return nil, kubeerr.NewInternalError(fmt.Errorf("object deleted while waiting for creation"))
-			case watch.Error:
-				if status, ok := event.Object.(*metav1.Status); ok {
-					return nil, &kubeerr.StatusError{ErrStatus: *status}
-				}
-				return nil, kubeerr.NewInternalError(fmt.Errorf("unexpected object in watch stream, can't complete initialization %T", event.Object))
-			case watch.Modified:
-				latest = event.Object
-				accessor, err = meta.Accessor(latest)
-				if err != nil {
-					return nil, kubeerr.NewInternalError(fmt.Errorf("object no longer has access to metadata %T: %v", latest, err))
-				}
-				initializers := accessor.GetInitializers()
-				if initializers == nil {
-					// completed initialization
-					return latest, nil
-				}
-				if result := initializers.Result; result != nil {
-					// initialization failed
-					return nil, kubeerr.FromObject(result)
-				}
-			}
-		case <-ctx.Done():
-			return nil, ctx.Err()
-		}
-	}
-}
-
-// shouldDeleteDuringUpdate checks if a Update is removing all the object's
-// finalizers. If so, it further checks if the object's
-// DeletionGracePeriodSeconds is 0.
-func (e *Store) shouldDeleteDuringUpdate(ctx context.Context, key string, obj, existing runtime.Object) bool {
+// ShouldDeleteDuringUpdate is the default function for
+// checking if an object should be deleted during an update.
+// It checks if the new object has no finalizers,
+// the existing object's deletionTimestamp is set, and
+// the existing object's deletionGracePeriodSeconds is 0 or nil
+func ShouldDeleteDuringUpdate(ctx context.Context, key string, obj, existing runtime.Object) bool {
 	newMeta, err := meta.Accessor(obj)
 	if err != nil {
 		utilruntime.HandleError(err)
@@ -480,21 +409,16 @@ func (e *Store) shouldDeleteDuringUpdate(ctx context.Context, key string, obj, e
 		utilruntime.HandleError(err)
 		return false
 	}
-	return len(newMeta.GetFinalizers()) == 0 && oldMeta.GetDeletionGracePeriodSeconds() != nil && *oldMeta.GetDeletionGracePeriodSeconds() == 0
-}
-
-// shouldDeleteForFailedInitialization returns true if the provided object is initializing and has
-// a failure recorded.
-func (e *Store) shouldDeleteForFailedInitialization(ctx context.Context, obj runtime.Object) bool {
-	m, err := meta.Accessor(obj)
-	if err != nil {
-		utilruntime.HandleError(err)
+	if len(newMeta.GetFinalizers()) > 0 {
+		// don't delete with finalizers remaining in the new object
 		return false
 	}
-	if initializers := m.GetInitializers(); initializers != nil && initializers.Result != nil {
-		return true
+	if oldMeta.GetDeletionTimestamp() == nil {
+		// don't delete if the existing object hasn't had a delete request made
+		return false
 	}
-	return false
+	// delete if the existing object has no grace period or a grace period of 0
+	return oldMeta.GetDeletionGracePeriodSeconds() == nil || *oldMeta.GetDeletionGracePeriodSeconds() == 0
 }

 // deleteWithoutFinalizers handles deleting an object ignoring its finalizer list.
@@ -502,7 +426,8 @@ func (e *Store) shouldDeleteForFailedInitialization(ctx context.Context, obj run
 func (e *Store) deleteWithoutFinalizers(ctx context.Context, name, key string, obj runtime.Object, preconditions *storage.Preconditions, dryRun bool) (runtime.Object, bool, error) {
 	out := e.NewFunc()
 	klog.V(6).Infof("going to delete %s from registry, triggered by update", name)
-	if err := e.Storage.Delete(ctx, key, out, preconditions, dryRun); err != nil {
+	// Using the rest.ValidateAllObjectFunc because the request is an UPDATE request and has already passed the admission for the UPDATE verb.
+	if err := e.Storage.Delete(ctx, key, out, preconditions, rest.ValidateAllObjectFunc, dryRun); err != nil {
 		// Deletion is racy, i.e., there could be multiple update
 		// requests to remove all finalizers from the object, so we
 		// ignore the NotFound error.
@@ -540,6 +465,7 @@ func (e *Store) Update(ctx context.Context, name string, objInfo rest.UpdatedObj
 	storagePreconditions := &storage.Preconditions{}
 	if preconditions := objInfo.Preconditions(); preconditions != nil {
 		storagePreconditions.UID = preconditions.UID
+		storagePreconditions.ResourceVersion = preconditions.ResourceVersion
 	}

 	out := e.NewFunc()
@@ -578,7 +504,7 @@ func (e *Store) Update(ctx context.Context, name string, objInfo rest.UpdatedObj
 			// at this point we have a fully formed object.  It is time to call the validators that the apiserver
 			// handling chain wants to enforce.
 			if createValidation != nil {
-				if err := createValidation(obj.DeepCopyObject()); err != nil {
+				if err := createValidation(ctx, obj.DeepCopyObject()); err != nil {
 					return nil, nil, err
 				}
 			}
@@ -620,11 +546,13 @@ func (e *Store) Update(ctx context.Context, name string, objInfo rest.UpdatedObj
 		// at this point we have a fully formed object.  It is time to call the validators that the apiserver
 		// handling chain wants to enforce.
 		if updateValidation != nil {
-			if err := updateValidation(obj.DeepCopyObject(), existing.DeepCopyObject()); err != nil {
+			if err := updateValidation(ctx, obj.DeepCopyObject(), existing.DeepCopyObject()); err != nil {
 				return nil, nil, err
 			}
 		}
-		if e.shouldDeleteDuringUpdate(ctx, key, obj, existing) {
+		// Check the default delete-during-update conditions, and store-specific conditions if provided
+		if ShouldDeleteDuringUpdate(ctx, key, obj, existing) &&
+			(e.ShouldDeleteDuringUpdate == nil || e.ShouldDeleteDuringUpdate(ctx, key, obj, existing)) {
 			deleteObj = obj
 			return nil, nil, errEmptiedFinalizers
 		}
@@ -652,10 +580,6 @@ func (e *Store) Update(ctx context.Context, name string, objInfo rest.UpdatedObj
 		return nil, false, err
 	}

-	if e.shouldDeleteForFailedInitialization(ctx, out) {
-		return e.deleteWithoutFinalizers(ctx, name, key, out, storagePreconditions, dryrun.IsDryRun(options.DryRun))
-	}
-
 	if creating {
 		if e.AfterCreate != nil {
 			if err := e.AfterCreate(out); err != nil {
@@ -841,21 +765,25 @@ func deletionFinalizersForGarbageCollection(ctx context.Context, e *Store, acces
 }

 // markAsDeleting sets the obj's DeletionGracePeriodSeconds to 0, and sets the
-// DeletionTimestamp to "now". Finalizers are watching for such updates and will
+// DeletionTimestamp to "now" if there is no existing deletionTimestamp or if the existing
+// deletionTimestamp is further in future. Finalizers are watching for such updates and will
 // finalize the object if their IDs are present in the object's Finalizers list.
-func markAsDeleting(obj runtime.Object) (err error) {
+func markAsDeleting(obj runtime.Object, now time.Time) (err error) {
 	objectMeta, kerr := meta.Accessor(obj)
 	if kerr != nil {
 		return kerr
 	}
-	now := metav1.NewTime(time.Now())
 	// This handles Generation bump for resources that don't support graceful
 	// deletion. For resources that support graceful deletion is handle in
 	// pkg/api/rest/delete.go
 	if objectMeta.GetDeletionTimestamp() == nil && objectMeta.GetGeneration() > 0 {
 		objectMeta.SetGeneration(objectMeta.GetGeneration() + 1)
 	}
-	objectMeta.SetDeletionTimestamp(&now)
+	existingDeletionTimestamp := objectMeta.GetDeletionTimestamp()
+	if existingDeletionTimestamp == nil || existingDeletionTimestamp.After(now) {
+		metaNow := metav1.NewTime(now)
+		objectMeta.SetDeletionTimestamp(&metaNow)
+	}
 	var zero int64 = 0
 	objectMeta.SetDeletionGracePeriodSeconds(&zero)
 	return nil
@@ -873,7 +801,7 @@ func markAsDeleting(obj runtime.Object) (err error) {
 //    should be deleted immediately
 // 4. a new output object with the state that was updated
 // 5. a copy of the last existing state of the object
-func (e *Store) updateForGracefulDeletionAndFinalizers(ctx context.Context, name, key string, options *metav1.DeleteOptions, preconditions storage.Preconditions, in runtime.Object) (err error, ignoreNotFound, deleteImmediately bool, out, lastExisting runtime.Object) {
+func (e *Store) updateForGracefulDeletionAndFinalizers(ctx context.Context, name, key string, options *metav1.DeleteOptions, preconditions storage.Preconditions, deleteValidation rest.ValidateObjectFunc, in runtime.Object) (err error, ignoreNotFound, deleteImmediately bool, out, lastExisting runtime.Object) {
 	lastGraceful := int64(0)
 	var pendingFinalizers bool
 	out = e.NewFunc()
@@ -884,6 +812,9 @@ func (e *Store) updateForGracefulDeletionAndFinalizers(ctx context.Context, name
 		false, /* ignoreNotFound */
 		&preconditions,
 		storage.SimpleUpdate(func(existing runtime.Object) (runtime.Object, error) {
+			if err := deleteValidation(ctx, existing); err != nil {
+				return nil, err
+			}
 			graceful, pendingGraceful, err := rest.BeforeDelete(e.DeleteStrategy, ctx, existing, options)
 			if err != nil {
 				return nil, err
@@ -910,7 +841,7 @@ func (e *Store) updateForGracefulDeletionAndFinalizers(ctx context.Context, name
 				// set the DeleteGracePeriods to 0 if the object has pendingFinalizers but not supporting graceful deletion
 				if pendingFinalizers {
 					klog.V(6).Infof("update the DeletionTimestamp to \"now\" and GracePeriodSeconds to 0 for object %s, because it has pending finalizers", name)
-					err = markAsDeleting(existing)
+					err = markAsDeleting(existing, time.Now())
 					if err != nil {
 						return nil, err
 					}
@@ -954,16 +885,17 @@ func (e *Store) updateForGracefulDeletionAndFinalizers(ctx context.Context, name
 }

 // Delete removes the item from storage.
-func (e *Store) Delete(ctx context.Context, name string, options *metav1.DeleteOptions) (runtime.Object, bool, error) {
+func (e *Store) Delete(ctx context.Context, name string, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error) {
 	key, err := e.KeyFunc(ctx, name)
 	if err != nil {
 		return nil, false, err
 	}
 	obj := e.NewFunc()
 	qualifiedResource := e.qualifiedResourceFromContext(ctx)
-	if err := e.Storage.Get(ctx, key, "", obj, false); err != nil {
+	if err = e.Storage.Get(ctx, key, "", obj, false); err != nil {
 		return nil, false, storeerr.InterpretDeleteError(err, qualifiedResource, name)
 	}
+
 	// support older consumers of delete by treating "nil" as delete immediately
 	if options == nil {
 		options = metav1.NewDeleteOptions(0)
@@ -971,6 +903,7 @@ func (e *Store) Delete(ctx context.Context, name string, options *metav1.DeleteO
 	var preconditions storage.Preconditions
 	if options.Preconditions != nil {
 		preconditions.UID = options.Preconditions.UID
+		preconditions.ResourceVersion = options.Preconditions.ResourceVersion
 	}
 	graceful, pendingGraceful, err := rest.BeforeDelete(e.DeleteStrategy, ctx, obj, options)
 	if err != nil {
@@ -996,7 +929,7 @@ func (e *Store) Delete(ctx context.Context, name string, options *metav1.DeleteO
 	shouldUpdateFinalizers, _ := deletionFinalizersForGarbageCollection(ctx, e, accessor, options)
 	// TODO: remove the check, because we support no-op updates now.
 	if graceful || pendingFinalizers || shouldUpdateFinalizers {
-		err, ignoreNotFound, deleteImmediately, out, lastExisting = e.updateForGracefulDeletionAndFinalizers(ctx, name, key, options, preconditions, obj)
+		err, ignoreNotFound, deleteImmediately, out, lastExisting = e.updateForGracefulDeletionAndFinalizers(ctx, name, key, options, preconditions, deleteValidation, obj)
 	}

 	// !deleteImmediately covers all cases where err != nil. We keep both to be future-proof.
@@ -1019,7 +952,7 @@ func (e *Store) Delete(ctx context.Context, name string, options *metav1.DeleteO
 	// delete immediately, or no graceful deletion supported
 	klog.V(6).Infof("going to delete %s from registry: ", name)
 	out = e.NewFunc()
-	if err := e.Storage.Delete(ctx, key, out, &preconditions, dryrun.IsDryRun(options.DryRun)); err != nil {
+	if err := e.Storage.Delete(ctx, key, out, &preconditions, storage.ValidateObjectFunc(deleteValidation), dryrun.IsDryRun(options.DryRun)); err != nil {
 		// Please refer to the place where we set ignoreNotFound for the reason
 		// why we ignore the NotFound error .
 		if storage.IsNotFound(err) && ignoreNotFound && lastExisting != nil {
@@ -1044,18 +977,13 @@ func (e *Store) Delete(ctx context.Context, name string, options *metav1.DeleteO
 // are removing all objects of a given type) with the current API (it's technically
 // possibly with storage API, but watch is not delivered correctly then).
 // It will be possible to fix it with v3 etcd API.
-func (e *Store) DeleteCollection(ctx context.Context, options *metav1.DeleteOptions, listOptions *metainternalversion.ListOptions) (runtime.Object, error) {
+func (e *Store) DeleteCollection(ctx context.Context, deleteValidation rest.ValidateObjectFunc, options *metav1.DeleteOptions, listOptions *metainternalversion.ListOptions) (runtime.Object, error) {
 	if listOptions == nil {
 		listOptions = &metainternalversion.ListOptions{}
 	} else {
 		listOptions = listOptions.DeepCopy()
 	}

-	// DeleteCollection must remain backwards compatible with old clients that expect it to
-	// remove all resources, initialized or not, within the type. It is also consistent with
-	// Delete which does not require IncludeUninitialized
-	listOptions.IncludeUninitialized = true
-
 	listObj, err := e.List(ctx, listOptions)
 	if err != nil {
 		return nil, err
@@ -1102,7 +1030,7 @@ func (e *Store) DeleteCollection(ctx context.Context, options *metav1.DeleteOpti
 					errs <- err
 					return
 				}
-				if _, _, err := e.Delete(ctx, accessor.GetName(), options); err != nil && !kubeerr.IsNotFound(err) {
+				if _, _, err := e.Delete(ctx, accessor.GetName(), deleteValidation, options); err != nil && !kubeerr.IsNotFound(err) {
 					klog.V(4).Infof("Delete %s in DeleteCollection failed: %v", accessor.GetName(), err)
 					errs <- err
 					return
@@ -1170,7 +1098,7 @@ func (e *Store) Watch(ctx context.Context, options *metainternalversion.ListOpti
 	resourceVersion := ""
 	if options != nil {
 		resourceVersion = options.ResourceVersion
-		predicate.IncludeUninitialized = options.IncludeUninitialized
+		predicate.AllowWatchBookmarks = options.AllowWatchBookmarks
 	}
 	return e.WatchPredicate(ctx, predicate, resourceVersion)
 }
@@ -1359,11 +1287,6 @@ func (e *Store) CompleteWithOptions(options *generic.StoreOptions) error {
 		return e.KeyFunc(genericapirequest.NewContext(), accessor.GetName())
 	}

-	triggerFunc := options.TriggerFunc
-	if triggerFunc == nil {
-		triggerFunc = storage.NoTriggerPublisher
-	}
-
 	if e.DeleteCollectionWorkers == 0 {
 		e.DeleteCollectionWorkers = opts.DeleteCollectionWorkers
 	}
@@ -1382,15 +1305,20 @@ func (e *Store) CompleteWithOptions(options *generic.StoreOptions) error {

 	if e.Storage.Storage == nil {
 		e.Storage.Codec = opts.StorageConfig.Codec
-		e.Storage.Storage, e.DestroyFunc = opts.Decorator(
+		var err error
+		e.Storage.Storage, e.DestroyFunc, err = opts.Decorator(
 			opts.StorageConfig,
-			e.NewFunc(),
 			prefix,
 			keyFunc,
+			e.NewFunc,
 			e.NewListFunc,
 			attrFunc,
-			triggerFunc,
+			options.TriggerFunc,
 		)
+		if err != nil {
+			return err
+		}
+		e.StorageVersioner = opts.StorageConfig.EncodeVersioner

 		if opts.CountMetricPollPeriod > 0 {
 			stopFunc := e.startObservingCount(opts.CountMetricPollPeriod)
@@ -1431,3 +1359,7 @@ func (e *Store) ConvertToTable(ctx context.Context, object runtime.Object, table
 	}
 	return rest.NewDefaultTableConvertor(e.qualifiedResourceFromContext(ctx)).ConvertToTable(ctx, object, tableOptions)
 }
+
+func (e *Store) StorageVersion() runtime.GroupVersioner {
+	return e.StorageVersioner
+}
--- a/vendor/k8s.io/apiserver/pkg/registry/generic/storage_decorator.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/generic/storage_decorator.go
@@ -21,40 +21,35 @@ import (
 	"k8s.io/apiserver/pkg/storage"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
 	"k8s.io/apiserver/pkg/storage/storagebackend/factory"
-	"k8s.io/klog"
 )

 // StorageDecorator is a function signature for producing a storage.Interface
 // and an associated DestroyFunc from given parameters.
 type StorageDecorator func(
 	config *storagebackend.Config,
-	objectType runtime.Object,
 	resourcePrefix string,
 	keyFunc func(obj runtime.Object) (string, error),
+	newFunc func() runtime.Object,
 	newListFunc func() runtime.Object,
 	getAttrsFunc storage.AttrFunc,
-	trigger storage.TriggerPublisherFunc) (storage.Interface, factory.DestroyFunc)
+	trigger storage.IndexerFuncs) (storage.Interface, factory.DestroyFunc, error)

 // UndecoratedStorage returns the given a new storage from the given config
 // without any decoration.
 func UndecoratedStorage(
 	config *storagebackend.Config,
-	objectType runtime.Object,
 	resourcePrefix string,
 	keyFunc func(obj runtime.Object) (string, error),
+	newFunc func() runtime.Object,
 	newListFunc func() runtime.Object,
 	getAttrsFunc storage.AttrFunc,
-	trigger storage.TriggerPublisherFunc) (storage.Interface, factory.DestroyFunc) {
+	trigger storage.IndexerFuncs) (storage.Interface, factory.DestroyFunc, error) {
 	return NewRawStorage(config)
 }

 // NewRawStorage creates the low level kv storage. This is a work-around for current
 // two layer of same storage interface.
 // TODO: Once cacher is enabled on all registries (event registry is special), we will remove this method.
-func NewRawStorage(config *storagebackend.Config) (storage.Interface, factory.DestroyFunc) {
-	s, d, err := factory.Create(*config)
-	if err != nil {
-		klog.Fatalf("Unable to create storage backend: config (%v), err (%v)", config, err)
-	}
-	return s, d
+func NewRawStorage(config *storagebackend.Config) (storage.Interface, factory.DestroyFunc, error) {
+	return factory.Create(*config)
 }
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/OWNERS
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/OWNERS
@@ -1,3 +1,5 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
 reviewers:
 - thockin
 - smarterclayton
@@ -11,7 +13,6 @@ reviewers:
 - nikhiljindal
 - gmarek
 - justinsb
- roberthbailey
 - ncdc
 - eparis
 - dims
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/create.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/create.go
@@ -92,9 +92,9 @@ func BeforeCreate(strategy RESTCreateStrategy, ctx context.Context, obj runtime.
 		objectMeta.SetName(strategy.GenerateName(objectMeta.GetGenerateName()))
 	}

-	// Ensure Initializers are not set unless the feature is enabled
-	if !utilfeature.DefaultFeatureGate.Enabled(features.Initializers) {
-		objectMeta.SetInitializers(nil)
+	// Ensure managedFields is not set unless the feature is enabled
+	if !utilfeature.DefaultFeatureGate.Enabled(features.ServerSideApply) {
+		objectMeta.SetManagedFields(nil)
 	}

 	// ClusterName is ignored and should not be saved
@@ -157,27 +157,36 @@ type NamespaceScopedStrategy interface {
 }

 // AdmissionToValidateObjectFunc converts validating admission to a rest validate object func
-func AdmissionToValidateObjectFunc(admit admission.Interface, staticAttributes admission.Attributes) ValidateObjectFunc {
+func AdmissionToValidateObjectFunc(admit admission.Interface, staticAttributes admission.Attributes, o admission.ObjectInterfaces) ValidateObjectFunc {
 	validatingAdmission, ok := admit.(admission.ValidationInterface)
 	if !ok {
-		return func(obj runtime.Object) error { return nil }
+		return func(ctx context.Context, obj runtime.Object) error { return nil }
 	}
-	return func(obj runtime.Object) error {
+	return func(ctx context.Context, obj runtime.Object) error {
+		name := staticAttributes.GetName()
+		// in case the generated name is populated
+		if len(name) == 0 {
+			if metadata, err := meta.Accessor(obj); err == nil {
+				name = metadata.GetName()
+			}
+		}
+
 		finalAttributes := admission.NewAttributesRecord(
 			obj,
 			staticAttributes.GetOldObject(),
 			staticAttributes.GetKind(),
 			staticAttributes.GetNamespace(),
-			staticAttributes.GetName(),
+			name,
 			staticAttributes.GetResource(),
 			staticAttributes.GetSubresource(),
 			staticAttributes.GetOperation(),
+			staticAttributes.GetOperationOptions(),
 			staticAttributes.IsDryRun(),
 			staticAttributes.GetUserInfo(),
 		)
 		if !validatingAdmission.Handles(finalAttributes.GetOperation()) {
 			return nil
 		}
-		return validatingAdmission.Validate(finalAttributes)
+		return validatingAdmission.Validate(ctx, finalAttributes, o)
 	}
 }
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/create_update.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/create_update.go
@@ -0,0 +1,52 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rest
+
+import (
+	"context"
+
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+)
+
+// RESTCreateUpdateStrategy is a union of RESTUpdateStrategy and RESTCreateStrategy,
+// and it defines the minimum validation, accepted input, and name generation
+// behavior to create and update an object that follows Kubernetes API conventions.
+type RESTCreateUpdateStrategy interface {
+	RESTCreateStrategy
+	// AllowCreateOnUpdate returns true if the object can be created by a PUT.
+	AllowCreateOnUpdate() bool
+	// PrepareForUpdate is invoked on update before validation to normalize
+	// the object.  For example: remove fields that are not to be persisted,
+	// sort order-insensitive list fields, etc.  This should not remove fields
+	// whose presence would be considered a validation error.
+	PrepareForUpdate(ctx context.Context, obj, old runtime.Object)
+	// ValidateUpdate is invoked after default fields in the object have been
+	// filled in before the object is persisted.  This method should not mutate
+	// the object.
+	ValidateUpdate(ctx context.Context, obj, old runtime.Object) field.ErrorList
+	// AllowUnconditionalUpdate returns true if the object can be updated
+	// unconditionally (irrespective of the latest resource version), when
+	// there is no resource version specified in the object.
+	AllowUnconditionalUpdate() bool
+}
+
+// Ensure that RESTCreateUpdateStrategy extends RESTCreateStrategy
+var _ RESTCreateStrategy = (RESTCreateUpdateStrategy)(nil)
+
+// Ensure that RESTCreateUpdateStrategy extends RESTUpdateStrategy
+var _ RESTUpdateStrategy = (RESTCreateUpdateStrategy)(nil)
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/delete.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/delete.go
@@ -26,6 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/validation"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apiserver/pkg/admission"
 )

 // RESTDeleteStrategy defines deletion behavior on an object that follows Kubernetes
@@ -77,8 +78,13 @@ func BeforeDelete(strategy RESTDeleteStrategy, ctx context.Context, obj runtime.
 		return false, false, errors.NewInvalid(schema.GroupKind{Group: metav1.GroupName, Kind: "DeleteOptions"}, "", errs)
 	}
 	// Checking the Preconditions here to fail early. They'll be enforced later on when we actually do the deletion, too.
-	if options.Preconditions != nil && options.Preconditions.UID != nil && *options.Preconditions.UID != objectMeta.GetUID() {
-		return false, false, errors.NewConflict(schema.GroupResource{Group: gvk.Group, Resource: gvk.Kind}, objectMeta.GetName(), fmt.Errorf("the UID in the precondition (%s) does not match the UID in record (%s). The object might have been deleted and then recreated", *options.Preconditions.UID, objectMeta.GetUID()))
+	if options.Preconditions != nil {
+		if options.Preconditions.UID != nil && *options.Preconditions.UID != objectMeta.GetUID() {
+			return false, false, errors.NewConflict(schema.GroupResource{Group: gvk.Group, Resource: gvk.Kind}, objectMeta.GetName(), fmt.Errorf("the UID in the precondition (%s) does not match the UID in record (%s). The object might have been deleted and then recreated", *options.Preconditions.UID, objectMeta.GetUID()))
+		}
+		if options.Preconditions.ResourceVersion != nil && *options.Preconditions.ResourceVersion != objectMeta.GetResourceVersion() {
+			return false, false, errors.NewConflict(schema.GroupResource{Group: gvk.Group, Resource: gvk.Kind}, objectMeta.GetName(), fmt.Errorf("the ResourceVersion in the precondition (%s) does not match the ResourceVersion in record (%s). The object might have been modified", *options.Preconditions.ResourceVersion, objectMeta.GetResourceVersion()))
+		}
 	}
 	gracefulStrategy, ok := strategy.(RESTGracefulDeleteStrategy)
 	if !ok {
@@ -135,3 +141,43 @@ func BeforeDelete(strategy RESTDeleteStrategy, ctx context.Context, obj runtime.
 	}
 	return true, false, nil
 }
+
+// AdmissionToValidateObjectDeleteFunc returns a admission validate func for object deletion
+func AdmissionToValidateObjectDeleteFunc(admit admission.Interface, staticAttributes admission.Attributes, objInterfaces admission.ObjectInterfaces) ValidateObjectFunc {
+	mutatingAdmission, isMutatingAdmission := admit.(admission.MutationInterface)
+	validatingAdmission, isValidatingAdmission := admit.(admission.ValidationInterface)
+
+	mutating := isMutatingAdmission && mutatingAdmission.Handles(staticAttributes.GetOperation())
+	validating := isValidatingAdmission && validatingAdmission.Handles(staticAttributes.GetOperation())
+
+	return func(ctx context.Context, old runtime.Object) error {
+		if !mutating && !validating {
+			return nil
+		}
+		finalAttributes := admission.NewAttributesRecord(
+			nil,
+			// Deep copy the object to avoid accidentally changing the object.
+			old.DeepCopyObject(),
+			staticAttributes.GetKind(),
+			staticAttributes.GetNamespace(),
+			staticAttributes.GetName(),
+			staticAttributes.GetResource(),
+			staticAttributes.GetSubresource(),
+			staticAttributes.GetOperation(),
+			staticAttributes.GetOperationOptions(),
+			staticAttributes.IsDryRun(),
+			staticAttributes.GetUserInfo(),
+		)
+		if mutating {
+			if err := mutatingAdmission.Admit(ctx, finalAttributes, objInterfaces); err != nil {
+				return err
+			}
+		}
+		if validating {
+			if err := validatingAdmission.Validate(ctx, finalAttributes, objInterfaces); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/rest.go
@@ -148,6 +148,7 @@ type TableConvertor interface {
 // RESTful object.
 type GracefulDeleter interface {
 	// Delete finds a resource in the storage and deletes it.
+	// The delete attempt is validated by the deleteValidation first.
 	// If options are provided, the resource will attempt to honor them or return an invalid
 	// request error.
 	// Although it can return an arbitrary error value, IsNotFound(err) is true for the
@@ -156,18 +157,19 @@ type GracefulDeleter interface {
 	// information about deletion.
 	// It also returns a boolean which is set to true if the resource was instantly
 	// deleted or false if it will be deleted asynchronously.
-	Delete(ctx context.Context, name string, options *metav1.DeleteOptions) (runtime.Object, bool, error)
+	Delete(ctx context.Context, name string, deleteValidation ValidateObjectFunc, options *metav1.DeleteOptions) (runtime.Object, bool, error)
 }

 // CollectionDeleter is an object that can delete a collection
 // of RESTful resources.
 type CollectionDeleter interface {
 	// DeleteCollection selects all resources in the storage matching given 'listOptions'
-	// and deletes them. If 'options' are provided, the resource will attempt to honor
-	// them or return an invalid request error.
+	// and deletes them. The delete attempt is validated by the deleteValidation first.
+	// If 'options' are provided, the resource will attempt to honor them or return an
+	// invalid request error.
 	// DeleteCollection may not be atomic - i.e. it may delete some objects and still
 	// return an error after it. On success, returns a list of deleted objects.
-	DeleteCollection(ctx context.Context, options *metav1.DeleteOptions, listOptions *metainternalversion.ListOptions) (runtime.Object, error)
+	DeleteCollection(ctx context.Context, deleteValidation ValidateObjectFunc, options *metav1.DeleteOptions, listOptions *metainternalversion.ListOptions) (runtime.Object, error)
 }

 // Creater is an object that can create an instance of a RESTful object.
@@ -176,8 +178,7 @@ type Creater interface {
 	// This object must be a pointer type for use with Codec.DecodeInto([]byte, runtime.Object)
 	New() runtime.Object

-	// Create creates a new version of a resource. If includeUninitialized is set, the object may be returned
-	// without completing initialization.
+	// Create creates a new version of a resource.
 	Create(ctx context.Context, obj runtime.Object, createValidation ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error)
 }

@@ -189,8 +190,7 @@ type NamedCreater interface {

 	// Create creates a new version of a resource. It expects a name parameter from the path.
 	// This is needed for create operations on subresources which include the name of the parent
-	// resource in the path. If includeUninitialized is set, the object may be returned without
-	// completing initialization.
+	// resource in the path.
 	Create(ctx context.Context, name string, obj runtime.Object, createValidation ValidateObjectFunc, options *metav1.CreateOptions) (runtime.Object, error)
 }

@@ -210,20 +210,20 @@ type UpdatedObjectInfo interface {
 // ValidateObjectFunc is a function to act on a given object. An error may be returned
 // if the hook cannot be completed. An ObjectFunc may NOT transform the provided
 // object.
-type ValidateObjectFunc func(obj runtime.Object) error
+type ValidateObjectFunc func(ctx context.Context, obj runtime.Object) error

 // ValidateAllObjectFunc is a "admit everything" instance of ValidateObjectFunc.
-func ValidateAllObjectFunc(obj runtime.Object) error {
+func ValidateAllObjectFunc(ctx context.Context, obj runtime.Object) error {
 	return nil
 }

 // ValidateObjectUpdateFunc is a function to act on a given object and its predecessor.
 // An error may be returned if the hook cannot be completed. An UpdateObjectFunc
 // may NOT transform the provided object.
-type ValidateObjectUpdateFunc func(obj, old runtime.Object) error
+type ValidateObjectUpdateFunc func(ctx context.Context, obj, old runtime.Object) error

 // ValidateAllObjectUpdateFunc is a "admit everything" instance of ValidateObjectUpdateFunc.
-func ValidateAllObjectUpdateFunc(obj, old runtime.Object) error {
+func ValidateAllObjectUpdateFunc(ctx context.Context, obj, old runtime.Object) error {
 	return nil
 }

@@ -334,3 +334,12 @@ type StorageMetadata interface {
 	// it is not nil. Only the type of the return object matters, the value will be ignored.
 	ProducesObject(verb string) interface{}
 }
+
+// StorageVersionProvider is an optional interface that a storage object can
+// implement if it wishes to disclose its storage version.
+type StorageVersionProvider interface {
+	// StorageVersion returns a group versioner, which will outputs the gvk
+	// an object will be converted to before persisted in etcd, given a
+	// list of kinds the object might belong to.
+	StorageVersion() runtime.GroupVersioner
+}
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/table.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/table.go
@@ -67,15 +67,18 @@ func (c defaultTableConvertor) ConvertToTable(ctx context.Context, object runtim
 		table.ResourceVersion = m.GetResourceVersion()
 		table.SelfLink = m.GetSelfLink()
 		table.Continue = m.GetContinue()
+		table.RemainingItemCount = m.GetRemainingItemCount()
 	} else {
 		if m, err := meta.CommonAccessor(object); err == nil {
 			table.ResourceVersion = m.GetResourceVersion()
 			table.SelfLink = m.GetSelfLink()
 		}
 	}
-	table.ColumnDefinitions = []metav1beta1.TableColumnDefinition{
-		{Name: "Name", Type: "string", Format: "name", Description: swaggerMetadataDescriptions["name"]},
-		{Name: "Created At", Type: "date", Description: swaggerMetadataDescriptions["creationTimestamp"]},
+	if opt, ok := tableOptions.(*metav1beta1.TableOptions); !ok || !opt.NoHeaders {
+		table.ColumnDefinitions = []metav1beta1.TableColumnDefinition{
+			{Name: "Name", Type: "string", Format: "name", Description: swaggerMetadataDescriptions["name"]},
+			{Name: "Created At", Type: "date", Description: swaggerMetadataDescriptions["creationTimestamp"]},
+		}
 	}
 	return &table, nil
 }
--- a/vendor/k8s.io/apiserver/pkg/registry/rest/update.go
+++ b/vendor/k8s.io/apiserver/pkg/registry/rest/update.go
@@ -104,10 +104,10 @@ func BeforeUpdate(strategy RESTUpdateStrategy, ctx context.Context, obj, old run
 	}
 	objectMeta.SetGeneration(oldMeta.GetGeneration())

-	// Ensure Initializers are not set unless the feature is enabled
-	if !utilfeature.DefaultFeatureGate.Enabled(features.Initializers) {
-		oldMeta.SetInitializers(nil)
-		objectMeta.SetInitializers(nil)
+	// Ensure managedFields state is removed unless ServerSideApply is enabled
+	if !utilfeature.DefaultFeatureGate.Enabled(features.ServerSideApply) {
+		oldMeta.SetManagedFields(nil)
+		objectMeta.SetManagedFields(nil)
 	}

 	strategy.PrepareForUpdate(ctx, obj, old)
@@ -252,12 +252,12 @@ func (i *wrappedUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj run
 }

 // AdmissionToValidateObjectUpdateFunc converts validating admission to a rest validate object update func
-func AdmissionToValidateObjectUpdateFunc(admit admission.Interface, staticAttributes admission.Attributes) ValidateObjectUpdateFunc {
+func AdmissionToValidateObjectUpdateFunc(admit admission.Interface, staticAttributes admission.Attributes, o admission.ObjectInterfaces) ValidateObjectUpdateFunc {
 	validatingAdmission, ok := admit.(admission.ValidationInterface)
 	if !ok {
-		return func(obj, old runtime.Object) error { return nil }
+		return func(ctx context.Context, obj, old runtime.Object) error { return nil }
 	}
-	return func(obj, old runtime.Object) error {
+	return func(ctx context.Context, obj, old runtime.Object) error {
 		finalAttributes := admission.NewAttributesRecord(
 			obj,
 			old,
@@ -267,12 +267,13 @@ func AdmissionToValidateObjectUpdateFunc(admit admission.Interface, staticAttrib
 			staticAttributes.GetResource(),
 			staticAttributes.GetSubresource(),
 			staticAttributes.GetOperation(),
+			staticAttributes.GetOperationOptions(),
 			staticAttributes.IsDryRun(),
 			staticAttributes.GetUserInfo(),
 		)
 		if !validatingAdmission.Handles(finalAttributes.GetOperation()) {
 			return nil
 		}
-		return validatingAdmission.Validate(finalAttributes)
+		return validatingAdmission.Validate(ctx, finalAttributes, o)
 	}
 }