feat(webhook): add webhook to validate kepler resource #362
Conversation
sthaha
force-pushed
the
feat-validate-kepler
branch
2 times, most recently
from
0dc7a28 to
7253831
Compare
Previously, when user created kepler with name other `kepler`, k8s API server would accept the resource and create it. The operator then updates the status of the resource to be `invalid`. This is now changed by adding Validating webhook that rejects the resource if the name does not match `kepler`. Signed-off-by: Sunil Thaha <sthaha@redhat.com>
sthaha
force-pushed
the
feat-validate-kepler
branch
from
7253831 to
16dce4f
Compare
| @@ -416,6 +416,24 @@ ensure_deploy_img_is_always_pulled() { | |||
| ok "Operator deployment imagePullPolicy is Always" | |||
| } | |||
|
|
|||
| reject_invalid() { | |||
There was a problem hiding this comment.
Shouldn't we add this to our e2e tests so that It could be used downstream?
| KeplerInstanceName = "kepler" | ||
| ) | ||
|
|
||
| // log is for logging in this package. |
There was a problem hiding this comment.
nit: keplerlog is for logging in this package
or should rename it to webhookLogger ?
There was a problem hiding this comment.
auto-generated :)
but I think there is a point to calling it keplerLog since we will create the same for keplerInternal_webhook
| func (r *Kepler) Default() { | ||
| keplerlog.Info("default", "name", r.Name) | ||
|
|
||
| // TODO(user): fill in your defaulting logic. |
There was a problem hiding this comment.
any defaults we want to add? what is the guideline for defaults? use kubebuilder based defaults or a webhook?
perhaps Defaulter webhook is for complex apis.
There was a problem hiding this comment.
You are right, as much as possible, lets rely only CRD defaults. And use this for complex cases where CRD defaults don't work.
|
Getting error while creating Kepler on OpenShift |
|
Tested again on fresh OpenShift cluster and validating webhooks are working as expected. |
Previously, when user created kepler with name other
kepler, k8s API server would accept the resource and create it. The operator then updates the status of the resource to beinvalid. This is now changed by adding Validating webhook that rejects the resource if the name does not matchkepler.