[operator framework] Add Admission Webhooks for improved UX - Validation #2363
Description
- Feature Request: Validation Webhook for CRDs
What should the feature do:
Admission webhooks are HTTP callbacks that receive admission requests and do something with them. At the moment, we can define validation and mutation webhooks.
This issue focuses on validating webhook. A validating webhook checks if a request (CREATE, UPDATE) brings an object to a forbidden state and if it does, rejects the request. Using it together with OpenAPI validation can dramatically improve the UX of an operator and catch mistakes before they happen.
What is use case behind this feature:
Some examples - user stories:
- George changes the version of Cassandra from 3.2 to 3.1. Cassandra operator doesn't support downgrades, so when George tries to apply his changes, he will get an error explaining the problem.
- Zoe tries to create a Cassandra cluster, in which two racks have the same name. Zoe gets an error when applying the new manifest, explaining that two rack can't have the same name.
What would happen so far is that the changes would go through and then the operator would have to check if it's correct. If it wasn't, the user had to see the error and change the manifest to the old values. With admission webhooks, invalid changes never go through. We can also check the values of fields (eg members is not negative, only 1 disk is given) as well as value transitions (eg version changed from 3.2 to 3.1).