V0.10.2

[bartvanbenthem]

New crate: koprs-admission v0.9.1

A new companion crate that provides a typed validating admission webhook server for Kubernetes operators.

What it gives you:

• WebhookBuilder — binds a port, serves HTTPS, handles routing; no manual axum/hyper wiring
• Validator<T> trait — implement one async method; the framework handles request parsing and response serialisation
• tls_from_pem() — load a cert-manager Secret volume in one call
• Health probes — .health_port() serves /healthz and /readyz on a separate port
• Graceful shutdown — stops cleanly on SIGTERM / Ctrl+C via .graceful_shutdown()
• Multiple validators — chain .validate() calls to serve several resource types from a single server
• ValidationResponse::allow_with_warnings() — surface non-blocking advisory messages in kubectl apply output
• Plain-HTTP mode — omit TLS for sidecar/proxy setups (Envoy, Istio)

Example:

WebhookBuilder::new()
    .port(8443)
    .tls_from_pem(&cert_pem, &key_pem)?
    .health_port(8080)
    .graceful_shutdown()
    .validate("/validate/myapp", PolicyValidator)
    .run()
    .await?;

Other changes

• Integration tests updated for Rust TLS in koprs-external
• Admission integration test coverage added to koprs core

Documentation fixes

The admission crate is at version 0.9.1 (independent versioning from the workspace 0.10.2). It is not yet published to crates.io; add it via path in the meantime:

koprs-admission = { path = "../koprs-admission" }