Validate httproutes.gateway.networking.k8s.io #11150
Conversation
There was a problem hiding this comment.
Hi @mikutas
I believe that this change will start sending admission requests for httproutes.gateway.networking.k8s.io to the policy-controller. However, the policy-controller needs to be updated in order be able to handle these requests and do the correct validation on them. These updates would need to happen inhttps://github.com/linkerd/linkerd2/blob/main/policy-controller/src/admission.rs
We should also add admission tests in the policy-test directory to verify that admission is working correctly for httproutes.gateway.networking.k8s.io
And, it's worth noting that the validating logic for |
mikutas
force-pushed
the
11116
branch
5 times, most recently
from
ed5d1e6
to
3c0119d
Compare
to the policy-controller Fixes linkerd#11116 Signed-off-by: Takumi Sue <u630868b@alumni.osaka-u.ac.jp>
Signed-off-by: Takumi Sue <u630868b@alumni.osaka-u.ac.jp>
|
tried to add validation and test but copied many codes... |
mikutas
changed the title
| @@ -179,6 +179,11 @@ webhooks: | |||
| - meshtlsauthentications | |||
| - serverauthorizations | |||
| - servers | |||
| - operations: ["CREATE", "UPDATE"] | |||
| apiGroups: ["gateway.networking.k8s.io"] | |||
| apiVersions: ["v1alpha2", "v1beta1"] | |||
There was a problem hiding this comment.
Can you please update this array with a wildcard, like you did for policy.linkerd.io in the other PR?
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11406]: #11406
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11406]: #11406
This edge release makes Linkerd even better. * Added a controlPlaneVersion override to the `linkerd-control-plane` Helm chart to support including SHA256 image digests in Linkerd manifests (thanks @cromulentbanana!) ([#11406]) * Improved `linkerd viz check` to attempt to validate that the Prometheus scrape interval will work well with the CLI and Web query parameters ([#11376]) * Improved CLI error handling to print differentiated error information when versioncheck.linkerd.io cannot be resolved (thanks @dtaskai) ([#11377]) * Fixed an issue where the destination controller would not update pod metadata for profile resolutions for a pod accessed via the host network (e.g. HostPort endpoints) ([#11334]). * Added a validating webhook config for httproutes.gateway.networking.k8s.io resources (thanks @mikutas!) ([#11150]) * Introduced a new `multicluster check --timeout` flag to limit the time allowed for Kubernetes API calls (thanks @moki1202) ([#11420]) [#11150]: #11150 [#11334]: #11334 [#11376]: #11376 [#11377]: #11377 [#11406]: #11406 [#11420]: #11420
Fixes #11116