[FEAT repo-guard] - Implement Validating Admission Webhooks for CRDs
Description
Currently, CRD validation relies on OpenAPI schemas. Add a Validating Admission Webhook to perform complex cross-field validation (e.g., verifying that a GithubTeam refers to an existing GithubOrganization in the same namespace) and prevent invalid configurations from reaching the controllers.
Labels
- feature
- kubernetes
- security
User Story
As a Cluster Operator I can validate CRDs before they are applied, so that configuration errors are caught early and don't cause reconciliation failures.
Benefit
Reduces "crash-looping" or error-state reconciliations by catching configuration errors at kubectl apply time.
Acceptance Criteria
[FEAT repo-guard] - Implement Validating Admission Webhooks for CRDs
Description
Currently, CRD validation relies on OpenAPI schemas. Add a Validating Admission Webhook to perform complex cross-field validation (e.g., verifying that a
GithubTeamrefers to an existingGithubOrganizationin the same namespace) and prevent invalid configurations from reaching the controllers.Labels
User Story
As a Cluster Operator I can validate CRDs before they are applied, so that configuration errors are caught early and don't cause reconciliation failures.
Benefit
Reduces "crash-looping" or error-state reconciliations by catching configuration errors at
kubectl applytime.Acceptance Criteria