Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mutating and validating webhook configuration for API resource #370

Merged
merged 4 commits into from Dec 19, 2022
Merged

Mutating and validating webhook configuration for API resource #370

merged 4 commits into from Dec 19, 2022

Conversation

Amila-Rukshan
Copy link
Contributor

@Amila-Rukshan Amila-Rukshan commented Dec 15, 2022
edited

Purpose

This PR is to add MutatingWebhookConfiguration and ValidatingWebhookConfiguration for API CR. Kubebuilder supports scaffolding code for validations.

Adapter exposes an endpoint as a webhook server.

cert-manager has added as dependancy to generate webhook server certs and ca bundle https://book.kubebuilder.io/cronjob-tutorial/cert-manager.html

Since namesapace and name of of the service can change how helm install is done. Using cert manager we can generate cert including the correct service dns name.

Examples

If user do command kubectl apply api.yaml with an already used context then API resource will be rejected with the following error.

The API "webhook-site-2" is invalid: spec.context: Invalid value: "/my-api/7.7.0": an API has been already created for the context: /my-api/7.7.0

References

Implemementing kubebuilder Defaulter and Validator interfaces - https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation.html

k8s admission control - https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#request

Fixes

#319

Notes

No API property defaulting logic is added yet. can implement them in Default method:

func (r *API) Default() {
	// TODO: Add any defaulting logic here
}

AmaliMatharaarachchi
AmaliMatharaarachchi reviewed Dec 16, 2022
View reviewed changes
adapter/internal/operator/apis/dp/v1alpha1/api_webhook.go
// ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (r *API) ValidateCreate() error {
loggers.LoggerAPKOperator.Infof("Validate API create: %s", r.Name)
return r.validateAPI()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if the validation fails? CR creation would get rejected or get created anyway?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, resource doesn't get created in etcd as k8s server rejects with the error. User can see the error in the console.

@Amila-Rukshan Amila-Rukshan merged commit ed6baea into wso2:main Dec 19, 2022
@Amila-Rukshan Amila-Rukshan mentioned this pull request Jan 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AmaliMatharaarachchi AmaliMatharaarachchi AmaliMatharaarachchi approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Amila-Rukshan @AmaliMatharaarachchi