Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generic Validations in Admission Controllers #825

Open
csviri opened this issue May 10, 2022 · 2 comments
Open

Generic Validations in Admission Controllers #825

csviri opened this issue May 10, 2022 · 2 comments

Comments

@csviri
Copy link

csviri commented May 10, 2022

Introduction

When implementing a validation webhook it would be handy to as easily express the rules as possible.
The main goal here is (at least in first iterations) make it trivial to write validation hooks for kubernetes. We already simplified the to implement a validation hook, the main question is how to express rules more elegantly. Currently the appraoch is very open, see:

https://github.com/java-operator-sdk/admission-controller-framework/blob/4ddf69fe3717cdfa811ee53af92c5cfa8c352ce6/samples/spring-boot/src/main/java/io/javaoperatorsdk/admissioncontroller/sample/springboot/Config.java#L32-L36

There are more generic validation frameworks available, one is OPA
Where users can write validations in rego language. Unfortunatelly it not trivial to learn this language (is basically a datalog/prolog).

Why might find an easier alternative, especially for java developers might be much easier to express such rules with some standard validation approaches. Unfortunately bean validation usage is limited here, since for POJOs we use ones from fabric8 client, so bean validation works nicely just for custom resources.

Goal

  • select an existing validation approach, if no suitable come up with a specific one to make it easy to validate resources

See issue in the framework:
operator-framework/josdk-webhooks#3

@cmoulliard
Copy link
Member

When implementing a validation webhook it would be handy to as easily express the rules as possible.

  • I think that we should better introduce/describe the problem and what we would like next to improve => solution(s)
  • What should be the perimeter about what we want to cover here ? Do we want to propose as solution a:
    1. Java Drools engine (= rules engine) OR
    2. Java bean validation framework OR
    3. Java Lib tool supporting https://www.openpolicyagent.org/docs/latest/ecosystem/
      ...

@csviri
Copy link
Author

csviri commented May 13, 2022

Updated the description. Yes, the main goal of this issues is basically choose and implement the usage such a solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants