I want to test a validating webhook with curl.
There is a port-forwarding to that service via kubectl.
I created capi-cluster.yaml.
But this fails:
curl --insecure -X POST -H "Content-Type: application/json" \
--data-binary @capi-cluster.yaml \
https://127.0.0.1:9443/validate-cluster-x-k8s-io-v1beta1-cluster
{"kind":"Cluster","apiVersion":"cluster.x-k8s.io/v1beta1","response":{"uid":"","allowed":false,"status":{"metadata":{},"message":"unknown operation \"\"","code":400}}}
What needs to be changed to get it working?
I want to test a validating webhook with curl.
There is a port-forwarding to that service via kubectl.
I created capi-cluster.yaml.
But this fails:
curl --insecure -X POST -H "Content-Type: application/json" \
--data-binary @capi-cluster.yaml \
https://127.0.0.1:9443/validate-cluster-x-k8s-io-v1beta1-cluster
{"kind":"Cluster","apiVersion":"cluster.x-k8s.io/v1beta1","response":{"uid":"","allowed":false,"status":{"metadata":{},"message":"unknown operation \"\"","code":400}}}
What needs to be changed to get it working?
I found the answer:
I need to create a json file like this:
{
"kind": "AdmissionReview",
"apiVersion": "admission.k8s.io/v1",
"request": {
"uid": "test-uid",
"kind": {
"group": "",
"version": "v1",
"kind": "Pod"
},
"resource": {
"group": "",
"version": "v1",
"resource": "pods"
},
"namespace": "default",
"operation": "CREATE",
"object": <RESOURCE_JSON>,
"oldObject": null,
"dryRun": false,
"options": {
"apiVersion": "meta.k8s.io/v1",
"kind": "CreateOptions"
}
}
}
Then convert my yaml to json with yq -oj, and insert it in above snippet.
Then it works:
curl --insecure -X POST -H "Content-Type: application/json" \
--data-binary @t.json
https://127.0.0.1:9443/validate-cluster-x-k8s-io-v1beta1-cluster
{"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","response":{"uid":"test-uid","allowed":true,"status":{"metadata":{},"code":200}}}