Custom Resource Definitions: Extending the Kubernetes API

Every operator you install registers a CRD before it does anything else. cert-manager registers Certificate, Issuer, ClusterIssuer. Prometheus Operator registers Prometheus, ServiceMonitor, PrometheusRule. When that CRD is misconfigured, when its schema rejects valid input or its conversion webhook crashes, the operator stops working. Understanding CRD mechanics is not optional if you administer clusters that run operators.

CRDs fall under the Cluster Architecture, Installation and Configuration domain (25% of the CKA exam). The previous lesson introduced CRDs and operators at a high level. This lesson goes deeper: the anatomy of a CRD spec, OpenAPI schema validation, status subresources, printer columns, versioning strategies, and conversion webhooks.