Closed
Description
Parent issue -- #308
Background
In case the webhook is not installed or not running validation properly, we still want NKG to ensure that the
webhook validation is always performed and NKG rejects any invalid resource.
See more context
in https://github.com/nginxinc/nginx-kubernetes-gateway/blob/6531ca1c51f1d552dae24c3b26939d2f29af8797/design/resource-validation.md ([ ] update link after merging design doc)
User Stories
Note: both stories assume the webhook isn't running validation.
- As an application developer or cluster admin, if I create/update an invalid resource that fails the webhook
validation, I'd like the resource to be rejected by NKG and see the corresponding error. - As a cluster admin, I'd like to see the error for any occurrence of a failed webhook validation.
Functional Requirements
Note: the requirements assume the webhook isn't running validation.
- If an application developer/cluster admin creates a resource that fails the webhook validation, NKG will ignore the
resource and report the validation error: (a) as an Event for that resource, (b) as a log entry in the NKG logs. - If an application developer/cluster admin updates an existing resource so that it fails the webhook validation, NKG
will ignore the resource and remove any existing NGINX configuration that corresponds to the resource previous version
if it was valid. Additionally, NGK will report the validation error similarly to 1(a) and 1(b).
Aha! Link: https://nginx.aha.io/features/NKG-26