Mutating vs Validating webhooks with an Operator
WHAT IT TESTS: knowledge of the admission chain. OUTLINE: mutating runs first to inject defaults or sidecars, validating runs after to reject bad specs, both keyed to your CRD. RED FLAG: confusing the ordering or roles.
WHAT IT TESTS: understanding that admission control wraps your Operator's reconcile loop. ANSWER OUTLINE: mutating webhooks run first and can patch the object, so use one to default optional CR fields or inject a sidecar; validating webhooks run after and can only accept or reject, so use one to enforce invariants the OpenAPI schema cannot express, like cross-field rules. RED FLAG: claiming validating webhooks can mutate, reversing the order, or duplicating schema checks the API server already does.
Read the original → interview
- #kubernetes
- #operators
- #admission-webhooks
- #crd
- #advanced
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.