Implement Validating-Webhook skeleton which can be extend to validate fields in RuntimeCR

[tobiscr]

Description

A new validating webhook is required to ensure RuntimeCR fields fulfil validation rules and misconfiguration are detected before the Shoot-Spec is updated.

The validating webhook should reuse the Gardener cert-manager as KIM Snatch is already following this pattern.

The Webhook has to consider that we will add more and more validation rules in the coming weeks. The architecture has to support such cases and allow an easy extension of validation rules.

AC:

• Create a technical concept how validation rules will be integrated into the webhook.
  • A simple framework architecture should be provided which support a fast and simple extension of validation rules.
  • Share the concept within the @kyma-project/framefrog team and collect feedback
• Validating webhook is created using kubebuilder framework and Gardener cert-manager
• Simple Framework is implemented (see point 1) within the webhook which allows the execution of multiple validation rules. A validation rule can easily added to the framework.

Reasons

Improve reliability of Kyma RuntimeCR adjustments and avoid risk of misconfigurations of SKR clusters.

Attachments