Mutating and validating webhook configuration for API resource #370
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose
This PR is to add
MutatingWebhookConfiguration
andValidatingWebhookConfiguration
for API CR. Kubebuilder supports scaffolding code for validations.Adapter exposes an endpoint as a webhook server.
cert-manager has added as dependancy to generate webhook server certs and ca bundle https://book.kubebuilder.io/cronjob-tutorial/cert-manager.html
Since namesapace and name of of the service can change how helm install is done. Using cert manager we can generate cert including the correct service dns name.
Examples
If user do command
kubectl apply api.yaml
with an already used context then API resource will be rejected with the following error.References
Implemementing kubebuilder
Defaulter
andValidator
interfaces - https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation.htmlk8s admission control - https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#request
Fixes
#319
Notes
No API property defaulting logic is added yet. can implement them in
Default
method: