aerfio
commented
4 years ago @franpog859 during our development of function-controller in Kyma we had a problem with webhooks, as they have to be served via https, thus requiring some kind of certificates. All of our controllers use Kubebuilder, which advises to use cert-manager for that, which is one more component that you have to install to have those webhooks working 👎
I've observed that tekton has two deployments and one of them is purely responsible for serving those webhooks, without a need to have cert-manager (they have their own controller that generates cert, injectes it into a secret and mounts its data into deployment to have webhooks).
So basically to achive similar effect I've copied a lot of code from this file, adapted file with tekton release so that I could use it with my own controller and viola! It works.
This project is a very rough, minimal scaffold for a webhook server. In order to use either validating or mutating webhook your CRD just has to fullfil resourcesemantics.GenericCRD interface, like here. Then you add this CRD to this map and you have nice defaulting/validation.
I've also used kubebuilder to scaffold this project in order to use it's ability to generate rbacs https://github.com/aerfio/k8s-easy-webhooks/blob/master/main.go#L93-L98
If we ever wanted to have one instance of webhook server for all crds in one cluster, this project could be used to achive that in easiest possible way (fullfil resourcesemantics.GenericCRD interface on the side of your project, import your lib and add to types variable).
The name of the repo sounds cool :D I'd love to see some README elaborating what it actually does!