How do I debug a Kubernetes validating admission webhook?

6/8/2018

I have a webhook running as a service in cluster, I have a valid ValidatingWebhookConfiguration defined for it:

    apiVersion: admissionregistration.k8s.io/v1beta1
    kind: ValidatingWebhookConfiguration
    metadata:
      name: ingress-check-webhook-cfg
    webhooks:
      - name: ingress.check.webhook
        rules:
          - apiGroups:
              - extensions
            apiVersions:
              - v1
            operations:
              - CREATE
              - UPDATE
            resources:
              - ingresses
        failurePolicy: Ignore
        clientConfig:
          service:
            name: ingress-check-webhook-svc
            namespace: operations
            path: "/validate"
          caBundle: <cert stuff>

I can curl -k https://ingress-check-webhook-svc.operations/validate within the cluster and see log entries in my webhook service but when I create a new ingress I get nothing. I can't seem to find any logs for the admission process - where is this logged, what else can I do?

-- Matt Reynolds
kubernetes

1 Answer

6/11/2018

deleting and re-creating the config seems to have fixed my issue. Maybe I didn't apply the api version change correctly. Note kubectl describe kubectl get events and checking api logs didn't provide anything useful.

-- Matt Reynolds
Source: StackOverflow