Remove HTTPRoute
listener and parentRef validation from admission webhook
#5197
Labels
Milestone
HTTPRoute
listener and parentRef validation from admission webhook
#5197
Problem statement
KIC's admission webhook has some (legacy?) Gateway API validation code that was introduce in early days of Gateway API.
Some logic that's covered in admission webhook should be done in runtime via the respective controllers, e.g.:
Gateway
listenerAllowedRoutes
indeed supportsHTTPRoute
s link is already done viarouteMatchesListenerAllowedRoutes
inkubernetes-ingress-controller/internal/controllers/gateway/route_utils.go
Line 205 in dce791d
There is also a separate aspect which is not allowing
HTTPRoute
s which do not have a matched LIstener on a referenced Gateway (which is set in route's parentRef) present in the cluster - this should be allowed and a relevant status parent condition -NoMatchingParent
- should be set inHTTPRoute
Furthermore,
HTTPRoute
s that do not reference Gateways managed by KIC should be allowed to be created, but no status update should happen (they should be ignored by the controller).Additional Information
The related issue about the
HTTPRoute
features validation: #5253Acceptance criteria
HTTPRoute
which doesn't have aListener
matching the specified parentRef is not rejected in the admission webhook but allowed in and appropriate status -NoMatchingParent
- is set in its status.HTTPRoute
which doesn't match Gateway listener'sAllowedRoutes
is allowed by admission webhook and appropriate parent status condition -NotAllowedByListeners
- is set in its status.HTTPRoute
which doesn't match Gateways managed by KIC should be allowed but ignored by the controller.The text was updated successfully, but these errors were encountered: