refactor: switch to admission v1 (#3526)

Signed-off-by: Charles-Edouard Brétéché <charled.breteche@gmail.com>

Co-authored-by: shuting <shuting@nirmata.com>

api/kyverno/v1/generaterequest_types.go

@@ -1,7 +1,7 @@
 package v1
 
 import (
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -55,7 +55,7 @@ type AdmissionRequestInfoObject struct {
 	// +optional
 	AdmissionRequest string `json:"admissionRequest,omitempty" yaml:"admissionRequest,omitempty"`
 	// +optional
-	Operation v1beta1.Operation `json:"operation,omitempty" yaml:"operation,omitempty"`
+	Operation admissionv1.Operation `json:"operation,omitempty" yaml:"operation,omitempty"`
 }
 
 // RequestInfo contains permission info carried in an admission request.

docs/crd/v1/index.html

@@ -110,8 +110,8 @@ string
 <td>
 <code>operation</code></br>
 <em>
-<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#operation-v1beta1-admission">
+<a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#operation-v1-admission">
-Kubernetes admission/v1beta1.Operation
+Kubernetes admission/v1.Operation
 </a>
 </em>
 </td>

pkg/engine/context/context.go

@@ -10,7 +10,7 @@ import (
 	jsonpatch "github.com/evanphx/json-patch/v5"
 	"github.com/go-logr/logr"
 	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
@@ -19,7 +19,7 @@ import (
 type Interface interface {
 
 	// AddRequest marshals and adds the admission request to the context
-	AddRequest(request *v1beta1.AdmissionRequest) error
+	AddRequest(request *admissionv1.AdmissionRequest) error
 
 	// AddJSON  merges the json with context
 	AddJSON(dataRaw []byte) error
@@ -97,7 +97,7 @@ func (ctx *Context) AddJSONObject(jsonData interface{}) error {
 }
 
 // AddRequest adds an admission request to context
-func (ctx *Context) AddRequest(request *v1beta1.AdmissionRequest) error {
+func (ctx *Context) AddRequest(request *admissionv1.AdmissionRequest) error {
 	modifiedResource := struct {
 		Request interface{} `json:"request"`
 	}{

pkg/engine/context/evaluate_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/stretchr/testify/assert"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
 func TestHasChanged(t *testing.T) {
@@ -27,7 +27,7 @@ func TestHasChanged(t *testing.T) {
 }
 
 func TestRequestNotInitialize(t *testing.T) {
-	request := &v1beta1.AdmissionRequest{}
+	request := &admissionv1.AdmissionRequest{}
 	ctx := NewContext()
 	ctx.AddRequest(request)
 
@@ -36,7 +36,7 @@ func TestRequestNotInitialize(t *testing.T) {
 }
 
 func TestMissingOldObject(t *testing.T) {
-	request := &v1beta1.AdmissionRequest{}
+	request := &admissionv1.AdmissionRequest{}
 	ctx := NewContext()
 	ctx.AddRequest(request)
 	request.Object.Raw = []byte(`{"a": {"b": 1, "c": 2}, "d": 3}`)
@@ -46,7 +46,7 @@ func TestMissingOldObject(t *testing.T) {
 }
 
 func TestMissingObject(t *testing.T) {
-	request := &v1beta1.AdmissionRequest{}
+	request := &admissionv1.AdmissionRequest{}
 	ctx := NewContext()
 	ctx.AddRequest(request)
 	request.OldObject.Raw = []byte(`{"a": {"b": 1, "c": 2}, "d": 3}`)
@@ -56,7 +56,7 @@ func TestMissingObject(t *testing.T) {
 }
 
 func createTestContext(obj, oldObj string) *Context {
-	request := &v1beta1.AdmissionRequest{}
+	request := &admissionv1.AdmissionRequest{}
 	request.Operation = "UPDATE"
 	request.Object.Raw = []byte(obj)
 	request.OldObject.Raw = []byte(oldObj)

pkg/engine/validation_test.go

@@ -13,7 +13,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/kyverno/store"
 	utils2 "github.com/kyverno/kyverno/pkg/utils"
 	"gotest.tools/assert"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
 func TestGetAnchorsFromMap_ThereAreAnchors(t *testing.T) {
@@ -2104,7 +2104,7 @@ func executeTest(t *testing.T, err error, test testCase) {
 		t.Fatal(err)
 	}
 
-	var request *v1beta1.AdmissionRequest
+	var request *admissionv1.AdmissionRequest
 	err = json.Unmarshal(test.request, &request)
 	if err != nil {
 		t.Fatal(err)

pkg/generate/generate.go

@@ -23,7 +23,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/engine/utils"
 	"github.com/kyverno/kyverno/pkg/engine/variables"
 	kyvernoutils "github.com/kyverno/kyverno/pkg/utils"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -146,13 +146,13 @@ func (c *Controller) applyGenerate(resource unstructured.Unstructured, gr kyvern
 	}
 
 	requestString := gr.Spec.Context.AdmissionRequestInfo.AdmissionRequest
-	var request v1beta1.AdmissionRequest
+	var request admissionv1.AdmissionRequest
 	err = json.Unmarshal([]byte(requestString), &request)
 	if err != nil {
 		logger.Error(err, "error parsing the request string")
 	}
 
-	if gr.Spec.Context.AdmissionRequestInfo.Operation == v1beta1.Update {
+	if gr.Spec.Context.AdmissionRequestInfo.Operation == admissionv1.Update {
 		request.Operation = gr.Spec.Context.AdmissionRequestInfo.Operation
 	}
 

pkg/generate/generate_controller.go

@@ -4,11 +4,8 @@ import (
 	"reflect"
 	"time"
 
-	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
-	"k8s.io/api/admission/v1beta1"
-	"k8s.io/client-go/kubernetes"
-
 	"github.com/go-logr/logr"
+	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/autogen"
 	kyvernoclient "github.com/kyverno/kyverno/pkg/client/clientset/versioned"
 	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
@@ -16,12 +13,14 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	dclient "github.com/kyverno/kyverno/pkg/dclient"
 	"github.com/kyverno/kyverno/pkg/event"
+	admissionv1 "k8s.io/api/admission/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/client-go/dynamic/dynamicinformer"
 	"k8s.io/client-go/informers"
+	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/workqueue"
 )
@@ -237,7 +236,7 @@ func (c *Controller) updateGenericResource(old, cur interface{}) {
 
 	// re-evaluate the GR as the resource was updated
 	for _, gr := range grs {
-		gr.Spec.Context.AdmissionRequestInfo.Operation = v1beta1.Update
+		gr.Spec.Context.AdmissionRequestInfo.Operation = admissionv1.Update
 		c.enqueueGenerateRequest(gr)
 	}
 }
@@ -294,7 +293,7 @@ func (c *Controller) updatePolicy(old, cur interface{}) {
 
 	// re-evaluate the GR as the policy was updated
 	for _, gr := range grs {
-		gr.Spec.Context.AdmissionRequestInfo.Operation = v1beta1.Update
+		gr.Spec.Context.AdmissionRequestInfo.Operation = admissionv1.Update
 		c.enqueueGenerateRequest(gr)
 	}
 }

pkg/policy/validate.go

@@ -22,7 +22,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/utils"
 	kubeutils "github.com/kyverno/kyverno/pkg/utils/kube"
 	"github.com/pkg/errors"
-	v1beta1 "k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -78,7 +78,7 @@ func validateJSONPatchPathForForwardSlash(patch string) error {
 }
 
 // Validate checks the policy and rules declarations for required configurations
-func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*v1beta1.AdmissionResponse, error) {
+func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool, openAPIController *openapi.Controller) (*admissionv1.AdmissionResponse, error) {
 	namespaced := policy.IsNamespaced()
 	spec := policy.GetSpec()
 	background := spec.BackgroundProcessingEnabled()
@@ -122,7 +122,7 @@ func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool,
 
 		if jsonPatchOnPod(rule) {
 			log.Log.V(1).Info("Pods managed by workload controllers cannot be mutated using policies. Use the autogen feature or write policies that match Pod controllers.")
-			return &v1beta1.AdmissionResponse{
+			return &admissionv1.AdmissionResponse{
 				Allowed:  true,
 				Warnings: []string{"Pods managed by workload controllers cannot be mutated using policies. Use the autogen feature or write policies that match Pod controllers."},
 			}, nil
@@ -237,7 +237,7 @@ func Validate(policy kyverno.PolicyInterface, client *dclient.Client, mock bool,
 		podOnlyMap["Pod"] = true
 		if reflect.DeepEqual(common.GetKindsFromRule(rule), podOnlyMap) && podControllerAutoGenExclusion(policy) {
 			log.Log.V(4).Info("Pod controllers excluded from autogen require adding of preconditions to also exclude the desired controller(s).")
-			return &v1beta1.AdmissionResponse{
+			return &admissionv1.AdmissionResponse{
 				Allowed:  true,
 				Warnings: []string{"Pod controllers excluded from autogen require adding of preconditions to also exclude the desired controller(s)."},
 			}, nil

pkg/userinfo/roleRef.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/kyverno/kyverno/pkg/config"
 	"github.com/kyverno/kyverno/pkg/utils"
-	v1beta1 "k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	labels "k8s.io/apimachinery/pkg/labels"
@@ -31,7 +31,7 @@ type allRolesStruct struct {
 var allRoles []allRolesStruct
 
 //GetRoleRef gets the list of roles and cluster roles for the incoming api-request
-func GetRoleRef(rbLister rbaclister.RoleBindingLister, crbLister rbaclister.ClusterRoleBindingLister, request *v1beta1.AdmissionRequest, dynamicConfig config.Interface) (roles []string, clusterRoles []string, err error) {
+func GetRoleRef(rbLister rbaclister.RoleBindingLister, crbLister rbaclister.ClusterRoleBindingLister, request *admissionv1.AdmissionRequest, dynamicConfig config.Interface) (roles []string, clusterRoles []string, err error) {
 	keys := append(request.UserInfo.Groups, request.UserInfo.Username)
 	if utils.SliceContains(keys, dynamicConfig.GetExcludeGroupRole()...) {
 		return
@@ -139,7 +139,7 @@ func matchUserOrGroup(subject rbacv1.Subject, userInfo authenticationv1.UserInfo
 }
 
 //IsRoleAuthorize is role authorize or not
-func IsRoleAuthorize(rbLister rbaclister.RoleBindingLister, crbLister rbaclister.ClusterRoleBindingLister, rLister rbaclister.RoleLister, crLister rbaclister.ClusterRoleLister, request *v1beta1.AdmissionRequest, dynamicConfig config.Interface) (bool, error) {
+func IsRoleAuthorize(rbLister rbaclister.RoleBindingLister, crbLister rbaclister.ClusterRoleBindingLister, rLister rbaclister.RoleLister, crLister rbaclister.ClusterRoleLister, request *admissionv1.AdmissionRequest, dynamicConfig config.Interface) (bool, error) {
 	if strings.Contains(request.UserInfo.Username, SaPrefix) {
 		roles, clusterRoles, err := GetRoleRef(rbLister, crbLister, request, dynamicConfig)
 		if err != nil {

pkg/utils/admission/utils.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	kyverno "github.com/kyverno/kyverno/api/kyverno/v1"
-	v1beta1 "k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -26,30 +26,30 @@ func UnmarshalPolicy(kind string, raw []byte) (kyverno.PolicyInterface, error) {
 	return nil, fmt.Errorf("admission request does not contain a policy")
 }
 
-func GetPolicy(request *v1beta1.AdmissionRequest) (kyverno.PolicyInterface, error) {
+func GetPolicy(request *admissionv1.AdmissionRequest) (kyverno.PolicyInterface, error) {
 	return UnmarshalPolicy(request.Kind.Kind, request.Object.Raw)
 }
 
-func GetPolicies(request *v1beta1.AdmissionRequest) (kyverno.PolicyInterface, kyverno.PolicyInterface, error) {
+func GetPolicies(request *admissionv1.AdmissionRequest) (kyverno.PolicyInterface, kyverno.PolicyInterface, error) {
 	policy, err := UnmarshalPolicy(request.Kind.Kind, request.Object.Raw)
 	if err != nil {
 		return policy, nil, err
 	}
-	if request.Operation == v1beta1.Update {
+	if request.Operation == admissionv1.Update {
 		oldPolicy, err := UnmarshalPolicy(request.Kind.Kind, request.OldObject.Raw)
 		return policy, oldPolicy, err
 	}
 	return policy, nil, nil
 }
 
-func Response(allowed bool) *v1beta1.AdmissionResponse {
+func Response(allowed bool) *admissionv1.AdmissionResponse {
-	r := &v1beta1.AdmissionResponse{
+	r := &admissionv1.AdmissionResponse{
 		Allowed: allowed,
 	}
 	return r
 }
 
-func ResponseWithMessage(allowed bool, msg string) *v1beta1.AdmissionResponse {
+func ResponseWithMessage(allowed bool, msg string) *admissionv1.AdmissionResponse {
 	r := Response(allowed)
 	r.Result = &metav1.Status{
 		Message: msg,
@@ -57,13 +57,13 @@ func ResponseWithMessage(allowed bool, msg string) *v1beta1.AdmissionResponse {
 	return r
 }
 
-func ResponseWithMessageAndPatch(allowed bool, msg string, patch []byte) *v1beta1.AdmissionResponse {
+func ResponseWithMessageAndPatch(allowed bool, msg string, patch []byte) *admissionv1.AdmissionResponse {
 	r := ResponseWithMessage(allowed, msg)
 	r.Patch = patch
 	return r
 }
 
-func ResponseStatus(allowed bool, status, msg string) *v1beta1.AdmissionResponse {
+func ResponseStatus(allowed bool, status, msg string) *admissionv1.AdmissionResponse {
 	r := Response(allowed)
 	r.Result = &metav1.Status{
 		Status:  status,
@@ -72,15 +72,15 @@ func ResponseStatus(allowed bool, status, msg string) *v1beta1.AdmissionResponse
 	return r
 }
 
-func ResponseFailure(allowed bool, msg string) *v1beta1.AdmissionResponse {
+func ResponseFailure(allowed bool, msg string) *admissionv1.AdmissionResponse {
 	return ResponseStatus(allowed, metav1.StatusFailure, msg)
 }
 
-func ResponseSuccess(allowed bool, msg string) *v1beta1.AdmissionResponse {
+func ResponseSuccess(allowed bool, msg string) *admissionv1.AdmissionResponse {
 	return ResponseStatus(allowed, metav1.StatusSuccess, msg)
 }
 
-func ResponseSuccessWithPatch(allowed bool, msg string, patch []byte) *v1beta1.AdmissionResponse {
+func ResponseSuccessWithPatch(allowed bool, msg string, patch []byte) *admissionv1.AdmissionResponse {
 	r := ResponseSuccess(allowed, msg)
 	if len(patch) > 0 {
 		r.Patch = patch
@@ -88,7 +88,7 @@ func ResponseSuccessWithPatch(allowed bool, msg string, patch []byte) *v1beta1.A
 	return r
 }
 
-func GetResourceName(request *v1beta1.AdmissionRequest) string {
+func GetResourceName(request *admissionv1.AdmissionRequest) string {
 	resourceName := request.Kind.Kind + "/" + request.Name
 	if request.Namespace != "" {
 		resourceName = request.Namespace + "/" + resourceName

pkg/utils/util.go

@@ -14,7 +14,7 @@ import (
 	wildcard "github.com/kyverno/go-wildcard"
 	client "github.com/kyverno/kyverno/pkg/dclient"
 	engineutils "github.com/kyverno/kyverno/pkg/engine/utils"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -137,7 +137,7 @@ func isCRDInstalled(discoveryClient client.IDiscovery, kind string) bool {
 }
 
 // ExtractResources extracts the new and old resource as unstructured
-func ExtractResources(newRaw []byte, request *v1beta1.AdmissionRequest) (unstructured.Unstructured, unstructured.Unstructured, error) {
+func ExtractResources(newRaw []byte, request *admissionv1.AdmissionRequest) (unstructured.Unstructured, unstructured.Unstructured, error) {
 	var emptyResource unstructured.Unstructured
 	var newResource unstructured.Unstructured
 	var oldResource unstructured.Unstructured

pkg/webhooks/common.go

@@ -13,7 +13,7 @@ import (
 	engineutils2 "github.com/kyverno/kyverno/pkg/utils/engine"
 	"github.com/pkg/errors"
 	yamlv2 "gopkg.in/yaml.v2"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
 // returns true -> if there is even one policy that blocks resource request
@@ -70,7 +70,7 @@ func getErrorMsg(engineReponses []*response.EngineResponse) string {
 }
 
 // patchRequest applies patches to the request.Object and returns a new copy of the request
-func patchRequest(patches []byte, request *v1beta1.AdmissionRequest, logger logr.Logger) *v1beta1.AdmissionRequest {
+func patchRequest(patches []byte, request *admissionv1.AdmissionRequest, logger logr.Logger) *admissionv1.AdmissionRequest {
 	patchedResource := processResourceWithPatches(patches, request.Object.Raw, logger)
 	newRequest := request.DeepCopy()
 	newRequest.Object.Raw = patchedResource
@@ -157,7 +157,7 @@ func excludeKyvernoResources(kind string) bool {
 	}
 }
 
-func newVariablesContext(request *v1beta1.AdmissionRequest, userRequestInfo *kyverno.RequestInfo) (*enginectx.Context, error) {
+func newVariablesContext(request *admissionv1.AdmissionRequest, userRequestInfo *kyverno.RequestInfo) (*enginectx.Context, error) {
 	ctx := enginectx.NewContext()
 	if err := ctx.AddRequest(request); err != nil {
 		return nil, errors.Wrap(err, "failed to load incoming request in context")

pkg/webhooks/generate/generate.go

@@ -12,7 +12,7 @@ import (
 	kyvernoinformer "github.com/kyverno/kyverno/pkg/client/informers/externalversions/kyverno/v1"
 	kyvernolister "github.com/kyverno/kyverno/pkg/client/listers/kyverno/v1"
 	"github.com/kyverno/kyverno/pkg/config"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -21,13 +21,13 @@ import (
 
 // GenerateRequests provides interface to manage generate requests
 type GenerateRequests interface {
-	Apply(gr kyverno.GenerateRequestSpec, action v1beta1.Operation) error
+	Apply(gr kyverno.GenerateRequestSpec, action admissionv1.Operation) error
 }
 
 // GeneratorChannel ...
 type GeneratorChannel struct {
 	spec   kyverno.GenerateRequestSpec
-	action v1beta1.Operation
+	action admissionv1.Operation
 }
 
 // Generator defines the implementation to mange generate request resource
@@ -54,7 +54,7 @@ func NewGenerator(client *kyvernoclient.Clientset, grInformer kyvernoinformer.Ge
 }
 
 // Apply creates generate request resource (blocking call if channel is full)
-func (g *Generator) Apply(gr kyverno.GenerateRequestSpec, action v1beta1.Operation) error {
+func (g *Generator) Apply(gr kyverno.GenerateRequestSpec, action admissionv1.Operation) error {
 	logger := g.log
 	logger.V(4).Info("creating Generate Request", "request", gr)
 
@@ -91,7 +91,7 @@ func (g *Generator) processApply(m GeneratorChannel) {
 	}
 }
 
-func (g *Generator) generate(grSpec kyverno.GenerateRequestSpec, action v1beta1.Operation) error {
+func (g *Generator) generate(grSpec kyverno.GenerateRequestSpec, action admissionv1.Operation) error {
 	// create/update a generate request
 
 	if err := retryApplyResource(g.client, grSpec, g.log, action, g.grLister); err != nil {
@@ -104,7 +104,7 @@ func (g *Generator) generate(grSpec kyverno.GenerateRequestSpec, action v1beta1.
 // use worker pattern to read and create the CR resource
 
 func retryApplyResource(client *kyvernoclient.Clientset, grSpec kyverno.GenerateRequestSpec,
-	log logr.Logger, action v1beta1.Operation, grLister kyvernolister.GenerateRequestNamespaceLister) error {
+	log logr.Logger, action admissionv1.Operation, grLister kyvernolister.GenerateRequestNamespaceLister) error {
 
 	var i int
 	var err error
@@ -122,7 +122,7 @@ func retryApplyResource(client *kyvernoclient.Clientset, grSpec kyverno.Generate
 		// Initial state "Pending"
 		// generate requests created in kyverno namespace
 		isExist := false
-		if action == v1beta1.Create || action == v1beta1.Update {
+		if action == admissionv1.Create || action == admissionv1.Update {
 			log.V(4).Info("querying all generate requests")
 			selector := labels.SelectorFromSet(labels.Set(map[string]string{
 				"generate.kyverno.io/policy-name":        policyName,

pkg/webhooks/generation.go

@@ -25,13 +25,13 @@ import (
 	gen "github.com/kyverno/kyverno/pkg/generate"
 	kyvernoutils "github.com/kyverno/kyverno/pkg/utils"
 	"github.com/kyverno/kyverno/pkg/webhooks/generate"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/labels"
 )
 
-func (ws *WebhookServer) applyGeneratePolicies(request *v1beta1.AdmissionRequest, policyContext *engine.PolicyContext, policies []kyverno.PolicyInterface, ts int64, logger logr.Logger) {
+func (ws *WebhookServer) applyGeneratePolicies(request *admissionv1.AdmissionRequest, policyContext *engine.PolicyContext, policies []kyverno.PolicyInterface, ts int64, logger logr.Logger) {
 	admissionReviewCompletionLatencyChannel := make(chan int64, 1)
 	generateEngineResponsesSenderForAdmissionReviewDurationMetric := make(chan []*response.EngineResponse, 1)
 	generateEngineResponsesSenderForAdmissionRequestsCountMetric := make(chan []*response.EngineResponse, 1)
@@ -43,7 +43,7 @@ func (ws *WebhookServer) applyGeneratePolicies(request *v1beta1.AdmissionRequest
 
 //handleGenerate handles admission-requests for policies with generate rules
 func (ws *WebhookServer) handleGenerate(
-	request *v1beta1.AdmissionRequest,
+	request *admissionv1.AdmissionRequest,
 	policies []kyverno.PolicyInterface,
 	ctx *context.Context,
 	userRequestInfo kyverno.RequestInfo,
@@ -58,7 +58,7 @@ func (ws *WebhookServer) handleGenerate(
 	logger.V(6).Info("generate request")
 
 	var engineResponses []*response.EngineResponse
-	if (request.Operation == v1beta1.Create || request.Operation == v1beta1.Update) && len(policies) != 0 {
+	if (request.Operation == admissionv1.Create || request.Operation == admissionv1.Update) && len(policies) != 0 {
 		// convert RAW to unstructured
 		new, old, err := kyvernoutils.ExtractResources(nil, request)
 		if err != nil {
@@ -113,7 +113,7 @@ func (ws *WebhookServer) handleGenerate(
 		}
 	}
 
-	if request.Operation == v1beta1.Update {
+	if request.Operation == admissionv1.Update {
 		ws.handleUpdatesForGenerateRules(request, policies)
 	}
 
@@ -125,8 +125,8 @@ func (ws *WebhookServer) handleGenerate(
 }
 
 //handleUpdatesForGenerateRules handles admission-requests for update
-func (ws *WebhookServer) handleUpdatesForGenerateRules(request *v1beta1.AdmissionRequest, policies []kyverno.PolicyInterface) {
+func (ws *WebhookServer) handleUpdatesForGenerateRules(request *admissionv1.AdmissionRequest, policies []kyverno.PolicyInterface) {
-	if request.Operation != v1beta1.Update {
+	if request.Operation != admissionv1.Update {
 		return
 	}
 
@@ -141,7 +141,7 @@ func (ws *WebhookServer) handleUpdatesForGenerateRules(request *v1beta1.Admissio
 		ws.handleUpdateGenerateSourceResource(resLabels, logger)
 	}
 
-	if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && resLabels["policy.kyverno.io/synchronize"] == "enable" && request.Operation == v1beta1.Update {
+	if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && resLabels["policy.kyverno.io/synchronize"] == "enable" && request.Operation == admissionv1.Update {
 		ws.handleUpdateGenerateTargetResource(request, policies, resLabels, logger)
 	}
 }
@@ -197,7 +197,7 @@ func (ws *WebhookServer) updateAnnotationInGR(gr *kyverno.GenerateRequest, logge
 }
 
 //handleUpdateGenerateTargetResource - handles update of target resource for generate policy
-func (ws *WebhookServer) handleUpdateGenerateTargetResource(request *v1beta1.AdmissionRequest, policies []kyverno.PolicyInterface, resLabels map[string]string, logger logr.Logger) {
+func (ws *WebhookServer) handleUpdateGenerateTargetResource(request *admissionv1.AdmissionRequest, policies []kyverno.PolicyInterface, resLabels map[string]string, logger logr.Logger) {
 	enqueueBool := false
 	newRes, err := enginutils.ConvertToUnstructured(request.Object.Raw)
 	if err != nil {
@@ -260,7 +260,7 @@ func (ws *WebhookServer) handleUpdateGenerateTargetResource(request *v1beta1.Adm
 
 func getGeneratedByResource(newRes *unstructured.Unstructured, resLabels map[string]string, client *client.Client, rule kyverno.Rule, logger logr.Logger) (kyverno.Rule, error) {
 	var apiVersion, kind, name, namespace string
-	sourceRequest := &v1beta1.AdmissionRequest{}
+	sourceRequest := &admissionv1.AdmissionRequest{}
 	kind = resLabels["kyverno.io/generated-by-kind"]
 	name = resLabels["kyverno.io/generated-by-name"]
 	if kind != "Namespace" {
@@ -355,7 +355,7 @@ func stripNonPolicyFields(obj, newRes map[string]interface{}, logger logr.Logger
 }
 
 //HandleDelete handles admission-requests for delete
-func (ws *WebhookServer) handleDelete(request *v1beta1.AdmissionRequest) {
+func (ws *WebhookServer) handleDelete(request *admissionv1.AdmissionRequest) {
 	logger := ws.log.WithValues("action", "generation", "uid", request.UID, "kind", request.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation, "gvk", request.Kind.String())
 	resource, err := enginutils.ConvertToUnstructured(request.OldObject.Raw)
 	if err != nil {
@@ -363,7 +363,7 @@ func (ws *WebhookServer) handleDelete(request *v1beta1.AdmissionRequest) {
 	}
 
 	resLabels := resource.GetLabels()
-	if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && request.Operation == v1beta1.Delete {
+	if resLabels["app.kubernetes.io/managed-by"] == "kyverno" && request.Operation == admissionv1.Delete {
 		grName := resLabels["policy.kyverno.io/gr-name"]
 		gr, err := ws.grLister.Get(grName)
 		if err != nil {
@@ -397,8 +397,8 @@ func (ws *WebhookServer) deleteGR(logger logr.Logger, engineResponse *response.E
 	}
 }
 
-func applyGenerateRequest(request *v1beta1.AdmissionRequest, gnGenerator generate.GenerateRequests, userRequestInfo kyverno.RequestInfo,
+func applyGenerateRequest(request *admissionv1.AdmissionRequest, gnGenerator generate.GenerateRequests, userRequestInfo kyverno.RequestInfo,
-	action v1beta1.Operation, engineResponses ...*response.EngineResponse) (failedGenerateRequest []generateRequestResponse) {
+	action admissionv1.Operation, engineResponses ...*response.EngineResponse) (failedGenerateRequest []generateRequestResponse) {
 
 	requestBytes, err := json.Marshal(request)
 	if err != nil {

pkg/webhooks/handlers.go

@@ -19,7 +19,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/utils"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	"github.com/kyverno/kyverno/pkg/webhooks/handlers"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
 // TODO: use admission review sub resource ?
@@ -36,12 +36,12 @@ func isStatusUpdate(old, new kyverno.PolicyInterface) bool {
 	return true
 }
 
-func errorResponse(logger logr.Logger, err error, message string) *v1beta1.AdmissionResponse {
+func errorResponse(logger logr.Logger, err error, message string) *admissionv1.AdmissionResponse {
 	logger.Error(err, message)
 	return admissionutils.ResponseFailure(false, message+": "+err.Error())
 }
 
-func setupLogger(logger logr.Logger, name string, request *v1beta1.AdmissionRequest) logr.Logger {
+func setupLogger(logger logr.Logger, name string, request *admissionv1.AdmissionRequest) logr.Logger {
 	return logger.WithName("MutateWebhook").WithValues(
 		"uid", request.UID,
 		"kind", request.Kind,
@@ -59,7 +59,7 @@ func (ws *WebhookServer) admissionHandler(filter bool, inner handlers.AdmissionH
 	return handlers.Monitor(ws.webhookMonitor, handlers.Admission(ws.log, inner))
 }
 
-func (ws *WebhookServer) policyMutation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
+func (ws *WebhookServer) policyMutation(request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 	logger := setupLogger(ws.log, "policy mutation", request)
 	policy, oldPolicy, err := admissionutils.GetPolicies(request)
 	if err != nil {
@@ -81,7 +81,7 @@ func (ws *WebhookServer) policyMutation(request *v1beta1.AdmissionRequest) *v1be
 }
 
 //policyValidation performs the validation check on policy resource
-func (ws *WebhookServer) policyValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
+func (ws *WebhookServer) policyValidation(request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 	logger := setupLogger(ws.log, "policy validation", request)
 	policy, oldPolicy, err := admissionutils.GetPolicies(request)
 	if err != nil {
@@ -107,12 +107,12 @@ func (ws *WebhookServer) policyValidation(request *v1beta1.AdmissionRequest) *v1
 }
 
 // resourceMutation mutates resource
-func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
+func (ws *WebhookServer) resourceMutation(request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 	logger := setupLogger(ws.log, "resource mutation", request)
 	if excludeKyvernoResources(request.Kind.Kind) {
 		return admissionutils.ResponseSuccess(true, "")
 	}
-	if request.Operation == v1beta1.Delete {
+	if request.Operation == admissionv1.Delete {
 		resource, err := utils.ConvertResource(request.OldObject.Raw, request.Kind.Group, request.Kind.Version, request.Kind.Kind, request.Namespace)
 		if err == nil {
 			ws.prGenerator.Add(buildDeletionPrInfo(resource))
@@ -150,9 +150,9 @@ func (ws *WebhookServer) resourceMutation(request *v1beta1.AdmissionRequest) *v1
 	return admissionutils.ResponseSuccessWithPatch(true, "", patches)
 }
 
-func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
+func (ws *WebhookServer) resourceValidation(request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 	logger := setupLogger(ws.log, "resource validation", request)
-	if request.Operation == v1beta1.Delete {
+	if request.Operation == admissionv1.Delete {
 		ws.handleDelete(request)
 	}
 	if excludeKyvernoResources(request.Kind.Kind) {
@@ -166,7 +166,7 @@ func (ws *WebhookServer) resourceValidation(request *v1beta1.AdmissionRequest) *
 	nsPolicies := ws.pCache.GetPolicies(policycache.ValidateEnforce, request.Kind.Kind, request.Namespace)
 	policies = append(policies, nsPolicies...)
 	generatePolicies := ws.pCache.GetPolicies(policycache.Generate, request.Kind.Kind, request.Namespace)
-	if len(generatePolicies) == 0 && request.Operation == v1beta1.Update {
+	if len(generatePolicies) == 0 && request.Operation == admissionv1.Update {
 		// handle generate source resource updates
 		go ws.handleUpdatesForGenerateRules(request, []kyverno.PolicyInterface{})
 	}

pkg/webhooks/handlers/admission.go

@@ -11,10 +11,10 @@ import (
 	"github.com/kyverno/kyverno/pkg/config"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	"github.com/kyverno/kyverno/pkg/webhookconfig"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
-type AdmissionHandler func(*v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse
+type AdmissionHandler func(*admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse
 
 func Admission(logger logr.Logger, inner AdmissionHandler) http.HandlerFunc {
 	return func(writer http.ResponseWriter, request *http.Request) {
@@ -37,7 +37,7 @@ func Admission(logger logr.Logger, inner AdmissionHandler) http.HandlerFunc {
 			http.Error(writer, "invalid Content-Type, expect `application/json`", http.StatusUnsupportedMediaType)
 			return
 		}
-		admissionReview := &v1beta1.AdmissionReview{}
+		admissionReview := &admissionv1.AdmissionReview{}
 		if err := json.Unmarshal(body, &admissionReview); err != nil {
 			logger.Error(err, "failed to decode request body to type 'AdmissionReview")
 			http.Error(writer, "Can't decode body as AdmissionReview", http.StatusExpectationFailed)
@@ -50,7 +50,7 @@ func Admission(logger logr.Logger, inner AdmissionHandler) http.HandlerFunc {
 			"operation", admissionReview.Request.Operation,
 			"uid", admissionReview.Request.UID,
 		)
-		admissionReview.Response = &v1beta1.AdmissionResponse{
+		admissionReview.Response = &admissionv1.AdmissionResponse{
 			Allowed: true,
 			UID:     admissionReview.Request.UID,
 		}
@@ -72,7 +72,7 @@ func Admission(logger logr.Logger, inner AdmissionHandler) http.HandlerFunc {
 }
 
 func Filter(c config.Interface, inner AdmissionHandler) AdmissionHandler {
-	return func(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
+	return func(request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 		if c.ToFilter(request.Kind.Kind, request.Namespace, request.Name) {
 			return nil
 		}
@@ -81,7 +81,7 @@ func Filter(c config.Interface, inner AdmissionHandler) AdmissionHandler {
 }
 
 func Verify(m *webhookconfig.Monitor, logger logr.Logger) AdmissionHandler {
-	return func(request *v1beta1.AdmissionRequest) *v1beta1.AdmissionResponse {
+	return func(request *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse {
 		logger = logger.WithName("verifyHandler").WithValues(
 			"action", "verify",
 			"kind", request.Kind,

pkg/webhooks/mutation.go

@@ -14,12 +14,12 @@ import (
 	engineutils "github.com/kyverno/kyverno/pkg/utils/engine"
 	jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
 	"github.com/pkg/errors"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
 
-func (ws *WebhookServer) applyMutatePolicies(request *v1beta1.AdmissionRequest, policyContext *engine.PolicyContext, policies []kyverno.PolicyInterface, ts int64, logger logr.Logger) []byte {
+func (ws *WebhookServer) applyMutatePolicies(request *admissionv1.AdmissionRequest, policyContext *engine.PolicyContext, policies []kyverno.PolicyInterface, ts int64, logger logr.Logger) []byte {
 	var mutateEngineResponses []*response.EngineResponse
 
 	mutatePatches, mutateEngineResponses := ws.handleMutation(request, policyContext, policies)
@@ -35,7 +35,7 @@ func (ws *WebhookServer) applyMutatePolicies(request *v1beta1.AdmissionRequest,
 // handleMutation handles mutating webhook admission request
 // return value: generated patches, triggered policies, engine responses correspdonding to the triggered policies
 func (ws *WebhookServer) handleMutation(
-	request *v1beta1.AdmissionRequest,
+	request *admissionv1.AdmissionRequest,
 	policyContext *engine.PolicyContext,
 	policies []kyverno.PolicyInterface) ([]byte, []*response.EngineResponse) {
 
@@ -64,7 +64,7 @@ func (ws *WebhookServer) handleMutation(
 		deletionTimeStamp = oldR.GetDeletionTimestamp()
 	}
 
-	if deletionTimeStamp != nil && request.Operation == v1beta1.Update {
+	if deletionTimeStamp != nil && request.Operation == admissionv1.Update {
 		return nil, nil
 	}
 	var patches [][]byte
@@ -115,7 +115,7 @@ func (ws *WebhookServer) handleMutation(
 	//   all policies were applied successfully.
 	//   create an event on the resource
 	// ADD EVENTS
-	events := generateEvents(engineResponses, false, request.Operation == v1beta1.Update, logger)
+	events := generateEvents(engineResponses, false, request.Operation == admissionv1.Update, logger)
 	ws.eventGen.Add(events...)
 
 	// debug info
@@ -134,7 +134,7 @@ func (ws *WebhookServer) handleMutation(
 	return jsonutils.JoinPatches(patches...), engineResponses
 }
 
-func (ws *WebhookServer) applyMutation(request *v1beta1.AdmissionRequest, policyContext *engine.PolicyContext, logger logr.Logger) (*response.EngineResponse, [][]byte, error) {
+func (ws *WebhookServer) applyMutation(request *admissionv1.AdmissionRequest, policyContext *engine.PolicyContext, logger logr.Logger) (*response.EngineResponse, [][]byte, error) {
 	if request.Kind.Kind != "Namespace" && request.Namespace != "" {
 		policyContext.NamespaceLabels = common.GetNamespaceSelectorsFromNamespaceLister(
 			request.Kind.Kind, request.Namespace, ws.nsLister, logger)

pkg/webhooks/server.go

@@ -29,7 +29,7 @@ import (
 	webhookgenerate "github.com/kyverno/kyverno/pkg/webhooks/generate"
 	"github.com/kyverno/kyverno/pkg/webhooks/handlers"
 	"github.com/pkg/errors"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	informers "k8s.io/client-go/informers/core/v1"
 	rbacinformer "k8s.io/client-go/informers/rbac/v1"
 	listerv1 "k8s.io/client-go/listers/core/v1"
@@ -204,7 +204,7 @@ func NewWebhookServer(
 	return ws, nil
 }
 
-func (ws *WebhookServer) buildPolicyContext(request *v1beta1.AdmissionRequest, addRoles bool) (*engine.PolicyContext, error) {
+func (ws *WebhookServer) buildPolicyContext(request *admissionv1.AdmissionRequest, addRoles bool) (*engine.PolicyContext, error) {
 	userRequestInfo := v1.RequestInfo{
 		AdmissionUserInfo: *request.UserInfo.DeepCopy(),
 	}
@@ -232,7 +232,7 @@ func (ws *WebhookServer) buildPolicyContext(request *v1beta1.AdmissionRequest, a
 		return nil, errors.Wrap(err, "failed to add image information to the policy rule context")
 	}
 
-	if request.Kind.Kind == "Secret" && request.Operation == v1beta1.Update {
+	if request.Kind.Kind == "Secret" && request.Operation == admissionv1.Update {
 		resource, err = utils.NormalizeSecret(&resource)
 		if err != nil {
 			return nil, errors.Wrap(err, "failed to convert secret to unstructured format")
@@ -248,7 +248,7 @@ func (ws *WebhookServer) buildPolicyContext(request *v1beta1.AdmissionRequest, a
 		Client:              ws.client,
 	}
 
-	if request.Operation == v1beta1.Update {
+	if request.Operation == admissionv1.Update {
 		policyContext.OldResource = resource
 	}
 

pkg/webhooks/validate_audit.go

@@ -20,7 +20,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/policycache"
 	"github.com/kyverno/kyverno/pkg/policyreport"
 	"github.com/kyverno/kyverno/pkg/userinfo"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/apimachinery/pkg/util/wait"
 	informers "k8s.io/client-go/informers/core/v1"
@@ -41,7 +41,7 @@ const (
 // the request is processed in background, with the exact same logic
 // when process the admission request in the webhook
 type AuditHandler interface {
-	Add(request *v1beta1.AdmissionRequest)
+	Add(request *admissionv1.AdmissionRequest)
 	Run(workers int, stopCh <-chan struct{})
 }
 
@@ -94,7 +94,7 @@ func NewValidateAuditHandler(pCache policycache.Interface,
 	}
 }
 
-func (h *auditHandler) Add(request *v1beta1.AdmissionRequest) {
+func (h *auditHandler) Add(request *admissionv1.AdmissionRequest) {
 	h.log.V(4).Info("admission request added", "uid", request.UID, "kind", request.Kind.Kind, "namespace", request.Namespace, "name", request.Name, "operation", request.Operation)
 	h.queue.Add(request)
 }
@@ -131,7 +131,7 @@ func (h *auditHandler) processNextWorkItem() bool {
 
 	defer h.queue.Done(obj)
 
-	request, ok := obj.(*v1beta1.AdmissionRequest)
+	request, ok := obj.(*admissionv1.AdmissionRequest)
 	if !ok {
 		h.queue.Forget(obj)
 		h.log.Info("incorrect type: expecting type 'AdmissionRequest'", "object", obj)
@@ -144,7 +144,7 @@ func (h *auditHandler) processNextWorkItem() bool {
 	return true
 }
 
-func (h *auditHandler) process(request *v1beta1.AdmissionRequest) error {
+func (h *auditHandler) process(request *admissionv1.AdmissionRequest) error {
 	var roles, clusterRoles []string
 	var err error
 	// time at which the corresponding the admission request's processing got initiated
@@ -205,7 +205,7 @@ func (h *auditHandler) process(request *v1beta1.AdmissionRequest) error {
 	return nil
 }
 
-func (h *auditHandler) handleErr(err error, key interface{}, request *v1beta1.AdmissionRequest) {
+func (h *auditHandler) handleErr(err error, key interface{}, request *admissionv1.AdmissionRequest) {
 	logger := h.log.WithName("handleErr")
 	if err == nil {
 		h.queue.Forget(key)

pkg/webhooks/validation.go

@@ -12,7 +12,7 @@ import (
 	"github.com/kyverno/kyverno/pkg/metrics"
 	"github.com/kyverno/kyverno/pkg/policyreport"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
-	v1beta1 "k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 )
@@ -28,7 +28,7 @@ type validationHandler struct {
 // patchedResource is the (resource + patches) after applying mutation rules
 func (v *validationHandler) handleValidation(
 	promConfig *metrics.PromConfig,
-	request *v1beta1.AdmissionRequest,
+	request *admissionv1.AdmissionRequest,
 	policies []v1.PolicyInterface,
 	policyContext *engine.PolicyContext,
 	namespaceLabels map[string]string,
@@ -48,7 +48,7 @@ func (v *validationHandler) handleValidation(
 		deletionTimeStamp = policyContext.OldResource.GetDeletionTimestamp()
 	}
 
-	if deletionTimeStamp != nil && request.Operation == v1beta1.Update {
+	if deletionTimeStamp != nil && request.Operation == admissionv1.Update {
 		return true, ""
 	}
 
@@ -94,7 +94,7 @@ func (v *validationHandler) handleValidation(
 	// Scenario 3:
 	//   all policies were applied successfully.
 	//   create an event on the resource
-	events := generateEvents(engineResponses, blocked, (request.Operation == v1beta1.Update), logger)
+	events := generateEvents(engineResponses, blocked, (request.Operation == admissionv1.Update), logger)
 	v.eventGen.Add(events...)
 
 	if blocked {
@@ -109,7 +109,7 @@ func (v *validationHandler) handleValidation(
 
 	// reports are generated for non-managed pods/jobs only
 	// no need to create rcr for managed resources
-	if request.Operation == v1beta1.Delete {
+	if request.Operation == admissionv1.Delete {
 		managed := true
 		for _, er := range engineResponses {
 			if er.Policy != nil && !engine.ManagedPodResource(er.Policy, er.PatchedResource) {

pkg/webhooks/verify_images.go

@@ -10,10 +10,10 @@ import (
 	"github.com/kyverno/kyverno/pkg/policyreport"
 	admissionutils "github.com/kyverno/kyverno/pkg/utils/admission"
 	jsonutils "github.com/kyverno/kyverno/pkg/utils/json"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 )
 
-func (ws *WebhookServer) applyImageVerifyPolicies(request *v1beta1.AdmissionRequest, policyContext *engine.PolicyContext, policies []v1.PolicyInterface, logger logr.Logger) ([]byte, error) {
+func (ws *WebhookServer) applyImageVerifyPolicies(request *admissionv1.AdmissionRequest, policyContext *engine.PolicyContext, policies []v1.PolicyInterface, logger logr.Logger) ([]byte, error) {
 	ok, message, imagePatches := ws.handleVerifyImages(request, policyContext, policies)
 	if !ok {
 		return nil, errors.New(message)
@@ -23,7 +23,7 @@ func (ws *WebhookServer) applyImageVerifyPolicies(request *v1beta1.AdmissionRequ
 	return imagePatches, nil
 }
 
-func (ws *WebhookServer) handleVerifyImages(request *v1beta1.AdmissionRequest,
+func (ws *WebhookServer) handleVerifyImages(request *admissionv1.AdmissionRequest,
 	policyContext *engine.PolicyContext,
 	policies []v1.PolicyInterface) (bool, string, []byte) {