mirror of
https://github.com/VictoriaMetrics/VictoriaMetrics.git
synced 2024-12-26 20:30:10 +01:00
3ea054a52c
* Created Operator folder in docs Transferred Operator documentation * Removed Contributing and Release * Changed sort numbering * Renamed folder Operator -> operator * 1 1 * Name change Operator -> operator * Removed colon symbol * Useful links transformed to links style * "updated at..." is no longer a header * delete manager patch.yaml * delete kustomization.yaml * removed part with links * community and contributions part removed * Delete readme * Docs navigation removed
37 lines
1.1 KiB
Markdown
37 lines
1.1 KiB
Markdown
---
|
|
sort: 11
|
|
---
|
|
|
|
# CRD Validation
|
|
|
|
## Description
|
|
Operator supports validation admission webhook [docs](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/)
|
|
|
|
It checks resources configuration and returns errors to caller before resource will be created at kubernetes api.
|
|
This should reduce errors and simplify debugging.
|
|
|
|
## Configuration
|
|
|
|
Validation hooks at operator side must be enabled with flags:
|
|
```
|
|
--webhook.enable
|
|
# optional configuration for certDir and tls names.
|
|
--webhook.certDir=/tmp/k8s-webhook-server/serving-certs/
|
|
--webhook.keyName=tls.key
|
|
--webhook.certName=tls.crt
|
|
```
|
|
|
|
You have to mount correct certificates at give directory.
|
|
It can be simplified with cert-manager and kustomize command: `kustomize build config/deployments/webhook/ `
|
|
|
|
|
|
## Requirements
|
|
|
|
- Valid certificate with key must be provided to operator
|
|
- Valid CABundle must be added to the `ValidatingWebhookConfiguration`
|
|
|
|
|
|
## Useful links
|
|
- [k8s admission webhooks](https://banzaicloud.com/blog/k8s-admission-webhooks/)
|
|
- [olm webhooks](https://docs.openshift.com/container-platform/4.5/operators/user/olm-webhooks.html)
|