Details
-
Epic
-
Resolution: Unresolved
-
Undefined
-
Primaza 0.1
-
None
-
Implement CEL Validation of CRs
-
False
-
None
-
False
-
Not Selected
-
To Do
-
QE Needed, Docs Needed, TE Needed, Customer Facing, PX Needed
-
0
-
0%
Description
Problem:
Validating webhooks in kubernetes adds a level of complexities in kubernetes that we will like to avoid in order to support namespace scope only resources. We will also like to remove the dependency on certificate manager. Both validation webhook and certificate manger are cluster scope resources and we will like to allow support for developer that only have namespace access and no access to cluster function.
Goal
Remove validating webhook in favor of runtime validation.
Why is it important?
To keep Primaza scope to what developers have access too and to make it easier to support multi-tenancy on same cluster.
Use cases
- As a primaza developer, I will like to guarantee integrity of my service claim resources without having to use validating webhooks, so that I can keep service claim resources at the namespace scope.
- As a primaza developer, I will like to guarantee integrity of my service class resources without having to use validating webhooks, so that I can keep service class resources at the namespace scope.
Demo requirements
N/A
Acceptance criteria
- Development:
ServiceClaims are Validated at runtime without webhooks dependency
ServiceClasses are Validated at runtime without webhooks dependency
ServiceBinding do not require validation of mutually exclusive fields by having a preference - QE:
There are test cases for each validation made at runtime - Documentation:
Document expected behavior when validation fails for each case implemented