Generic Validations in Admission Controllers

[csviri]

Introduction

When implementing a validation webhook it would be handy to as easily express the rules as possible.
The main goal here is (at least in first iterations) make it trivial to write validation hooks for kubernetes. We already simplified the to implement a validation hook, the main question is how to express rules more elegantly. Currently the appraoch is very open, see:

https://github.com/java-operator-sdk/admission-controller-framework/blob/4ddf69fe3717cdfa811ee53af92c5cfa8c352ce6/samples/spring-boot/src/main/java/io/javaoperatorsdk/admissioncontroller/sample/springboot/Config.java#L32-L36

There are more generic validation frameworks available, one is OPA
Where users can write validations in rego language. Unfortunatelly it not trivial to learn this language (is basically a datalog/prolog).

Why might find an easier alternative, especially for java developers might be much easier to express such rules with some standard validation approaches. Unfortunately bean validation usage is limited here, since for POJOs we use ones from fabric8 client, so bean validation works nicely just for custom resources.

Goal

• select an existing validation approach, if no suitable come up with a specific one to make it easy to validate resources

See issue in the framework:
operator-framework/josdk-webhooks#3

[cmoulliard]

When implementing a validation webhook it would be handy to as easily express the rules as possible.

• I think that we should better introduce/describe the problem and what we would like next to improve => solution(s)
• What should be the perimeter about what we want to cover here ? Do we want to propose as solution a:
  1. Java Drools engine (= rules engine) OR
  2. Java bean validation framework OR
  3. Java Lib tool supporting https://www.openpolicyagent.org/docs/latest/ecosystem/
     ...

[csviri]

Updated the description. Yes, the main goal of this issues is basically choose and implement the usage such a solution.