I give 100% credit to my friend and colleague Andrea Frittoli for sharing his experiences on Tekton with me. Without his guidance, I wouldn’t be able to write this tutorial. I was preparing a demo of Tekton Operator for the session Tekton's Hassle-free Journey with Tekton Operator at the in coming cdCon 2021. However, I ran into the issue of connecting github events to Tekton Trigger installed on Kubernetes service. Andrea’s expertise was like the a beam of light penetrating my darkest tunnel, guiding me through the path to the paradise of Tekton truth. …

After reading the instructions on how to create the conversion webhook and the validating webhook, there is no way for the mutating webhook to escape. The custom resource is the source of truth to configure the operand for the Kubernetes operator. Once we have got the content of the CR ready, it does not necessarily need to change. I have done some researches on the use cases of the mutating webhook. The common one is to fill in the fields with the default values, if they are empty. I have not found any other proper use case. …

Kubernetes provides admission controllers for users to leverage the security capabilities. Kubernetes admission controllers are plugins that govern and enforce how the cluster is used. They are gatekeepers that intercept (authenticated) API requests and may change the request object or deny the request altogether. The admission control process has two phases: the mutating phase is executed first, followed by the validating phase as shown in the diagram:

We have done the official definition. Let’s get to the hard core. What you need to remember is that mutating webhooks are called in series, before the validating webhooks called in parallel. Kubernetes…

You must have searched online a lot of other materials to learn how to create the webhooks with operator-sdk before reading this article. It is lucky for you to find this one, because this article will guarantee you an error-free process, and you don’t even need to look for more.


Prepare your workstation:

  1. Build and install operator-sdk with the latest commit

I even doubt about the official releases. I download the the v1.4.2 version, and ran into many issues…

Continued with the previous episode, it is exciting start to install Knative with Knative operators, but it is more fun to configure Knative with the only source of truth: custom resources. We will dig into each Knative operand one-by-one.

Configure Knative Serving with Serving Operator:

You are able to configure Knative Serving with the following options:

  • All the ConfigMaps
  • Private repository and private secret
  • SSL certificate for controller
  • Knative ingress gateway
  • Cluster local gateway

Currently, Knative operators are NOT able to configure the following options for Knative:

  • The Kubernetes spec-level policies. We cannot specify where and how the resources are launched or retrieved. …

As of v0.10.0, Knative started to release Knative operators as powerful software to install, configure and manage Knative. If you have read some of my previous episodes, e.g. EP1, you probably have tried Knative installation on your Kubernetes cluster. In this tutorial, I will explain Knative operators as an alternative way to install and uninstall Knative.

There are two major components in Knative: Serving and Eventing, and there are two operators: Knative Serving Operator and Knative Eventing Operator, respectively dedicated to each of them. Please make sure you have set up a Kubernetes cluster accessible to your local workstation.


There are a thousand versions of operator upgrade in a thousand people’s heads, as there are a thousand Hamlets in a thousand people’s eyes. To keep everyone on the same, we will try to define the range of operator upgrade. Currently, Knative community has both serving-operator and eventing-operator up online. The serving-operator has conducted the first release and eventing-operator is on its way to the first release. The feature of upgrade will become handy in future after we ship multiple releases. We take the project knative serving-operator as the example in the following context.

One-on-one version mapping for operator:


In this episode, I will run a throughout comparison between controller-runtime and knative/pkg to see how it varies in terms of building Kubernetes operators.

1.Tools to automate the operator creation:

Controller-runtime based operator: there are several frameworks that can be used to facilitate the operator creation, including CR/CRD generation, RBAC generation, controller generation, etc.

You probably heard of multiple frameworks, but we suggest operator-sdk or kubebuilder. For tutorials on operator-sdk, you can visit: https://docs.okd.io/latest/operators/osdk-getting-started.html. For tutorials on kubebuilder, you can visit: https://book.kubebuilder.io/

Knative/pkg based operator: there is no framework available to generate everything, but as we introduced in previous episodes…

As we summarized in EP2, there are 8 steps to walk through, in order to create an operator. In this article, I will explain each step in details, by taking Knative eventing-operator as an example.

Knative Eventing is a system that is designed to address a common need for cloud native development and provides composable primitives to enable late-binding event sources and event consumers. Knative Eventing Operator aims to deploy and manage Knative Eventing in an automated way. It is an honor for me to take the initial development work of this operator. Since this is an official project under…

If you look for “Kubernetes Operator” in any search engine, I am sure you will locate plenty of materials walking you through the process to build an operator 99% if not 100% via operator-sdk, which generates all the source code of the operator skeleton based on controller-runtime package, and couples with OperatorHub.io as the operator registry, empowered by the lifecycle management to form a complete operator ecosystem. I have to admire how Red Hat, a software company prestigious for open source solutions, cultivates and grows territory of a certain technology. However, the world will never work solely with any format…

Vincent Hou

A Chinese software engineer, used to study in Belgium and currently working in US, as Knative & Tekton Operator Lead and Istio Operator Contributor.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store