less than a minute
The extensions are expected to validate their respective resources for their extension specific configurations, when the resources are newly created or updated. For example, provider extensions would validate
spec.provider.controlPlaneConfig in the
Shoot resource and
spec.providerConfig in the
CloudProfile resource, networking extensions would validate
spec.networking.providerConfig in the
Shoot resource. As best practice, the validation should be performed only if there is a change in the
spec of the resource. Please find an exemplary implementation here.
When a resource is newly created or updated, Gardener adds an extension label for all the extension types referenced in the
spec of the resource. This label is of the form
<extension-type>.extensions.gardener.cloud/<extension-name> : "true". For example, an extension label for provider extension type
aws, looks like
provider.extensions.gardener.cloud/aws : "true". The extensions should add object selectors in their admission webhooks for these labels, to filter out the objects they are responsible for. At present, these labels are added to
Shoots. Please see this for the full list of extension labels.