Provider-specific webhooks in Garden cluster
rfranzke opened this issue · comments
From gardener-attic/gardener-extensions#407
With the new
core.gardener.cloud/v1alpha1.Shoot
API Gardener does no longer understand the provider-specifics, e.g., the infrastructure config, control plane config, worker config, etc.
This allows end-users to harm themselves and create invalidShoot
resources the Garden cluster. Errors will only become present during reconciliation part creation of the resource.
Also, it's not possible to default any of the provider specific sections. Hence, we could also think about mutating webhooks in the future.
As we are using the controller-runtime maintained by the Kubernetes SIGs it should be relatively easy to implement these webhooks as the library abstracts already most of the things.
We should have a separate, dedicated binary incorporating the webhooks for each provider, and a separate Helm chart for the deployment in the Garden cluster.
Similarly, the networking and OS extensions could have such webhooks as well to check on the
providerConfig
for the networking and operating system config.
Part of gardener/gardener#308