Skip to content

Commit

Permalink
feat(admission) add secret filter (#1061)
Browse files Browse the repository at this point in the history
Co-authored-by: Grzegorz Burzyński <czeslavo@gmail.com>
  • Loading branch information
rainest and czeslavo committed May 8, 2024
1 parent e2ed787 commit 035836a
Show file tree
Hide file tree
Showing 19 changed files with 777 additions and 17 deletions.
10 changes: 10 additions & 0 deletions charts/kong/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,16 @@
for use when the external Service and container listens should differ, such
as when terminating TLS at a LoadBalancer.
[#1021](https://github.com/Kong/charts/pull/1021)
* Added an `ingressController.admissionWebhook.filterSecrets` option. When
enabled, the webhook will only validate Secrets that have one of the
recognized KIC labels:

* `konghq.com/credential: <"key-auth", "jwt", etc. credential types>`
* `konghq.com/validate: <"plugin", "custom">`

Earlier versions checked all Secrets and did not require labels, interfering
with non-KIC labels. Requires KIC 3.0+.
[#1061](https://github.com/Kong/charts/pull/1061)

## 2.38.0

Expand Down
1 change: 1 addition & 0 deletions charts/kong/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -751,6 +751,7 @@ section of `values.yaml` file:
| watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] |
| admissionWebhook.enabled | Whether to enable the validating admission webhook | true |
| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Ignore |
| admissionWebhook.filterSecrets | Limit the webhook to only Secrets with the appropriate KIC validation labels. | false |
| admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 |
| admissionWebhook.address | The address the ingress controller will listen on for admission webhooks, if not 0.0.0.0 | |
| admissionWebhook.annotations | Annotations for the Validation Webhook Configuration | |
Expand Down
2 changes: 2 additions & 0 deletions charts/kong/ci/.chartsnap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,5 @@ dynamicFields:
name: chartsnap-kong-validations
jsonPath:
- /webhooks/0/clientConfig/caBundle
- /webhooks/1/clientConfig/caBundle
- /webhooks/2/clientConfig/caBundle
53 changes: 52 additions & 1 deletion charts/kong/ci/__snapshots__/custom-labels-values.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 52 additions & 1 deletion charts/kong/ci/__snapshots__/default-values.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 52 additions & 1 deletion charts/kong/ci/__snapshots__/kong-ingress-1-values.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 52 additions & 1 deletion charts/kong/ci/__snapshots__/kong-ingress-2-values.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 52 additions & 1 deletion charts/kong/ci/__snapshots__/kong-ingress-3-values.snap

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 035836a

Please sign in to comment.