Operator supports validation admission webhook docs
It checks resources configuration and returns errors to caller before resource will be created at kubernetes api. This should reduce errors and simplify debugging.
Validation hooks at operator side must be enabled with flags:
--webhook.enable # optional configuration for certDir and tls names. --webhook.certDir=/tmp/k8s-webhook-server/serving-certs/ --webhook.keyName=tls.key --webhook.certName=tls.crt
You have to mount correct certificates at give directory. It can be simplified with cert-manager and kustomize command:
kustomize build config/deployments/webhook/
- Valid certificate with key must be provided to operator
- Valid CABundle must be added to the