Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run webhook validation #362

Closed
Tracked by #308
pleshakov opened this issue Jan 11, 2023 · 0 comments · Fixed by #388
Closed
Tracked by #308

Run webhook validation #362

pleshakov opened this issue Jan 11, 2023 · 0 comments · Fixed by #388
Assignees
@pleshakov
Labels
enhancement New feature or request

Comments

@pleshakov
Copy link
Contributor

pleshakov commented Jan 11, 2023
edited by brianehlert
Loading

Parent issue -- #308

Background

In case the webhook is not installed or not running validation properly, we still want NKG to ensure that the
webhook validation is always performed and NKG rejects any invalid resource.

See more context
in https://github.com/nginxinc/nginx-kubernetes-gateway/blob/6531ca1c51f1d552dae24c3b26939d2f29af8797/design/resource-validation.md ([ ] update link after merging design doc)

User Stories

Note: both stories assume the webhook isn't running validation.

  1. As an application developer or cluster admin, if I create/update an invalid resource that fails the webhook
    validation, I'd like the resource to be rejected by NKG and see the corresponding error.
  2. As a cluster admin, I'd like to see the error for any occurrence of a failed webhook validation.

Functional Requirements

Note: the requirements assume the webhook isn't running validation.

  1. If an application developer/cluster admin creates a resource that fails the webhook validation, NKG will ignore the
    resource and report the validation error: (a) as an Event for that resource, (b) as a log entry in the NKG logs.
  2. If an application developer/cluster admin updates an existing resource so that it fails the webhook validation, NKG
    will ignore the resource and remove any existing NGINX configuration that corresponds to the resource previous version
    if it was valid. Additionally, NGK will report the validation error similarly to 1(a) and 1(b).

Aha! Link: https://nginx.aha.io/features/NKG-26
@pleshakov pleshakov added proposal enhancement New feature or request and removed proposal labels Jan 11, 2023
@pleshakov pleshakov self-assigned this Jan 12, 2023
@pleshakov pleshakov mentioned this issue Jan 19, 2023
Merged
pleshakov added a commit that referenced this issue Jan 24, 2023
@pleshakov
Run webhook validation
f9ec7b6 
In case the webhook is not installed or not running validation properly,
we still want NKG to ensure that the webhook validation is always
performed and NKG rejects any invalid resource.

Fixes #362
pleshakov added a commit that referenced this issue Jan 24, 2023
@pleshakov
Run webhook validation (#388)
e360645 
In case the webhook is not installed or not running validation properly,
we still want NKG to ensure that the webhook validation is always
performed and NKG rejects any invalid resource.

Fixes #362
@pleshakov pleshakov mentioned this issue Feb 6, 2023
Closed
9 tasks
miledxz added a commit to miledxz/nginx-gateway-fabric that referenced this issue Jan 14, 2025
@miledxz
Run webhook validation (nginx#388)
6028324 
In case the webhook is not installed or not running validation properly,
we still want NKG to ensure that the webhook validation is always
performed and NKG rejects any invalid resource.

Fixes nginx#362
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pleshakov pleshakov

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Run webhook validation rules inside NKG control plane nginx/nginx-gateway-fabric
1 participant
@pleshakov