This operator can be used to test validating, mutating, and conversion webhooks.
Built using Kubebuilder
Note that the pod will crash until OLM matches the certs in the location expected by Kubebuilder. See this issue
# Build the operator Image $ make docker-build IMG=quay.io/olmtest/webhook-operator:latest # Push the image to docker $ docker push quay.io/olmtest/webhook-operator:latestThe latest instructions can be found here.
# Kubernetes 1.16+ $ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.1/cert-manager.yaml # Kubernetes <1.16 $ kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.1/cert-manager-legacy.yaml# Deploy the Webhook Operator with Kubebuilder $ make deploy IMG=quay.io/olmtest/webhook-operator:latest # Check that the pods are up and running $ watch kubectl get pods -n webhook-operator-system # Try and create the resource that fails validation $ kubectl apply -f config/samples/invalid.cr.yaml Error from server (WebhookTest.test.operators.coreos.com "webhooktest-sample" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true): error when creating "config/samples/fails.validation.webhook_v1_webhooktest.yaml": admission webhook "vwebhooktest.kb.io" denied the request: WebhookTest.test.operators.coreos.com "webhooktest-sample" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true # Check that mutate was set to true by the mutating webhook kubectl apply -f config/samples/passes.validation.webhook_v1_webhooktest.yaml webhooktest.webhook.operators.coreos.io/webhooktest-sample created # Check that Spec.Mutate is set to true: kubectl get webhooktest webhooktest-sample -n webhook-operator-system -o yaml | yq read - spec.mutate true$ make bundle-build BUNDLE_IMG=quay.io/olmtest/webhook-operator-bundle:latest $ docker push quay.io/olmtest/webhook-operator-bundle:latest$ opm index add --bundles quay.io/olmtest/webhook-operator-bundle:latest --tag quay.io/olmtest/webhook-operator-index:latest -c docker $ docker push quay.io/olmtest/webhook-operator-index:latest# Create the CatalogSource $ kubectl apply -f olm/upstream/install/00_catsrc.yaml catalogsource.operators.coreos.com/webhook-operator-catalog created # Create a Subscription for the Operator $ kubectl apply -f olm/upstream/install/01_sub.yaml subscription.operators.coreos.com/webhook-operator-subscription created # Check that the invalid webhookTest is rejected by the Validating webhook. $ kubectl apply -f olm/upstream/example-crs/invalid.cr.yaml Error from server (WebhookTest.test.operators.coreos.com "webhooktest-sample" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true): error when creating "olm/upstream/example-crs/invalid.cr.yaml": admission webhook "vwebhooktest.kb.io" denied the request: WebhookTest.test.operators.coreos.com "webhooktest-sample" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true # Check that the valid webhookTest is approved by the Validating webhook $ kubectl apply -f olm/upstream/example-crs/valid.cr.yaml webhooktest.webhook.operators.coreos.io/webhooktest-sample created # Check that the Conversion Webhook can serve v1 of the webhookTest CR and that the spec.mutate field is true $ kubectl get webhooktests.v1.webhook.operators.coreos.io webhooktest-sample -n operators -o yaml | yq read - spec mutate: true valid: true # Check that the Conversion Webhook can serve v2 of the webhookTest CR and that the spec.conversion.mutate field is true $ kubectl get webhooktests.v2.webhook.operators.coreos.io webhooktest-sample -n operators -o yaml | yq read - spec conversion: mutate: true valid: true# Create the CatalogSource $ kubectl apply -f olm/ocp/install/00_catsrc.yaml catalogsource.operators.coreos.com/webhook-operator-catalog created # Create a Subscription for the Operator $ kubectl apply -f olm/ocp/install/01_sub.yaml subscription.operators.coreos.com/webhook-operator-subscription created # Check that the invalid webhookTest is rejected by the Validating webhook. $ kubectl apply -f olm/ocp/example-crs/invalid.cr.yaml Error from server (WebhookTest.test.operators.coreos.com "webhooktest-sample" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true): error when creating "olm/ocp/example-crs/invalid.cr.yaml": admission webhook "vwebhooktest.kb.io" denied the request: WebhookTest.test.operators.coreos.com "webhooktest-sample" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true # Check that the valid webhookTest is approved by the Validating webhook $ kubectl apply -f olm/ocp/example-crs/valid.cr.yaml webhooktest.webhook.operators.coreos.io/webhooktest-sample created # Check that the Conversion Webhook can serve v1 of the webhookTest CR and that the spec.mutate field is true $ kubectl get webhooktests.v1.webhook.operators.coreos.io webhooktest-sample -n openshift-operators -o yaml | yq read - spec mutate: true valid: true # Check that the Conversion Webhook can serve v2 of the webhookTest CR and that the spec.conversion.mutate field is true $ kubectl get webhooktests.v2.webhook.operators.coreos.io webhooktest-sample -n openshift-operators -o yaml | yq read - spec conversion: mutate: true valid: true- Update the BUNDLE_VERSION variable in the Makefile to the desired version
- Run
make generate manifests bundle catalog fmt - Merge changes
- Create and push git tag with the same version as BUNDLE_VERSION