Module 5: Webhooks and Admission Control

Overview

Now that you can build sophisticated operators (Module 4), it’s time to add webhooks for validation and mutation. Webhooks allow you to validate and modify resources before they’re stored in etcd, providing powerful control over your Custom Resources.

Duration: 5-6 hours
Prerequisites:

• Completion of Module 1: Kubernetes Architecture Deep Dive
• Completion of Module 2: Introduction to Operators
• Completion of Module 3: Building Custom Controllers
• Completion of Module 4: Advanced Reconciliation Patterns
• Understanding of API design and validation

Learning Objectives

By the end of this module, you will:

• Understand Kubernetes admission control and webhooks
• Implement validating webhooks for custom validation
• Implement mutating webhooks for defaulting and mutation
• Manage webhook certificates and deployment
• Test webhooks locally and in production

Module Structure

1. Lesson 5.1: Kubernetes Admission Control
   • Lab 5.1: Exploring Admission Control
2. Lesson 5.2: Implementing Validating Webhooks
   • Lab 5.2: Building Validating Webhook
3. Lesson 5.3: Implementing Mutating Webhooks
   • Lab 5.3: Building Mutating Webhook
4. Lesson 5.4: Webhook Deployment and Certificates
   • Lab 5.4: Certificate Management

Prerequisites Check

Before starting, ensure you’ve completed:

• ✅ Module 4: Enhanced operator with conditions and finalizers
• ✅ Understand API design from Lesson 3.2
• ✅ Have a working operator from Module 3/4
• ✅ Understand CRD validation from Lesson 1.4

If you haven’t completed Module 4, start with Module 4: Advanced Reconciliation Patterns.

What You’ll Build

Throughout this module, you’ll add webhooks to your Database operator:

• Validating webhook for custom validation rules
• Mutating webhook for defaulting values
• Certificate management for webhook security
• Local testing setup for webhook development

Setup

Before starting this module:

1. Have your Database operator from Module 3/4:
   • Should have a working operator
   • API should be well-defined
   • Basic validation in CRD schema
2. Ensure development environment is ready:

   ./scripts/setup-dev-environment.sh
   

3. Have a kind cluster running:

   ./scripts/setup-kind-cluster.sh
   

Hands-on Labs

Each lesson includes hands-on exercises that add webhooks to your operator.

• Lab 5.1: Exploring Admission Control
• Lab 5.2: Building Validating Webhook
• Lab 5.3: Building Mutating Webhook
• Lab 5.4: Certificate Management

Solutions

Complete working solutions for all labs are available in the solutions directory:

• Lab 5.2 Solutions - Complete validating webhook
• Lab 5.3 Solutions - Complete mutating webhook

Navigation

• ← Previous: Module 4 - Advanced Reconciliation Patterns
• Course Overview
• Next: Module 6 - Testing and Debugging →