Introduce a validating webhook for validation of extension resources #4293
Labels
area/control-plane
Control plane related
area/ops-productivity
Operator productivity related (how to improve operations)
area/usability
Usability related
kind/enhancement
Enhancement, improvement, extension
priority/3
Priority (lower number equals higher priority)
How to categorize this issue?
/area control-plane
/area usability
/area ops-productivity
/kind enhancement
/priority 3
What would you like to be added:
Introduce a validating webhook to execute the existing validation of extension resources in https://github.com/gardener/gardener/tree/master/pkg/apis/extensions/validation. The natural place to host it would be the
seed-admission-controller
.Why is this needed:
Currently, the validation of extension resources in https://github.com/gardener/gardener/tree/master/pkg/apis/extensions/validation is not executed, so this validation is essentially dead code. It was not seen as high priority so far since the contract is internal to Gardener - extension resources are only created and updated by
gardenlet
and we could assume this is done correctly.However, there are edge cases in which
gardenlet
could create an invalid resource or e.g. attempt to update an immutable field, and without actually validating this could have some negative consequences, see for example this discussion: gardener/gardener-extension-provider-aws#362 (comment)./cc @timebertt @kris94
The text was updated successfully, but these errors were encountered: