What is Kubernetes custom resources and CRDs?

Custom Resource Definitions (CRDs) extend the Kubernetes API with your own resource types. Once a CRD is registered, custom resources (CRs) of that type can be created, read, updated, and deleted like native Kubernetes resources — via kubectl, API, Argo CD, etc. CRD example: apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: websites.example.com spec: group: example.com names: kind: Website plural: websites singular: website shortNames: [ws] scope: Namespaced versions: - name: v1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: url: type: string replicas: type: integer minimum: 1 maximum: 10 default: 1 domain: type: string status: type: object properties: availableReplicas: type: integer. Custom Resource: apiVersion: example.com/v1 kind: Website metadata: name: my-website spec: url: https://github.com/myorg/mysite replicas: 3 domain: example.com. Controller reconciliation loop: func (r *WebsiteReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { website := &examplev1.Website{} if err := r.Get(ctx, req.NamespacedName, website); err != nil { return ctrl.Result{}, client.IgnoreNotFound(err) } // Reconcile: create/update Deployment, Service for this Website if err := r.reconcileDeployment(ctx, website); err != nil { return ctrl.Result{}, err } // Update status website.Status.AvailableReplicas = getAvailableReplicas() r.Status().Update(ctx, website) return ctrl.Result{RequeueAfter: 5 * time.Minute}, nil }. Admission Webhooks: validate or mutate resources before persisting. MutatingAdmissionWebhook (modify), ValidatingAdmissionWebhook (validate). Used by cert-manager (mutate to inject certs), Istio (mutate to inject sidecar), OPA Gatekeeper (validate policy).