Hey folks! I'm working on a personal project using Kubebuilder and I need a webhook to block the creation and deletion of specific Kinds listed in my CRD's YAML. I'm curious if it's feasible to write a single webhook that can manage this for multiple Kinds, or if I'll need to create separate webhooks for each Kind. I've scanned the documentation but couldn't find anything regarding using a single webhook for multiple Kinds. Additionally, ChatGPT generated a new webhook for me but it removed the ValidateCreate(), ValidateDelete(), and ValidateUpdate() functions, instead providing a Handler() function that I don't think fits my needs. Any insights would be greatly appreciated!
3 Answers
It's great for learning purposes, but for real-world applications, consider looking into Kyverno—it might handle your needs better.
While Kube builder doesn't provide it out of the box, you can definitely do this. Technically, you don’t need a full webhook; a webhook configuration that points nowhere could also work—it won't validate any requests.
Sounds interesting! I can't wait to hear more details when you're back at your computer.
You can use the ValidatingWebhookConfiguration object to specify multiple webhooks. In these webhooks, you can define rules that match multiple resource types. Just remember that you need to match resources like 'pods' rather than 'Pod'.
But wouldn’t that mean I have to manually code each type into the webhook? Is there a way to block any Kind listed in the CRD's YAML without adding each one?
Thanks for the suggestion! I'll definitely check it out.