K
Q

validating webhook configuration not getting any request

12/9/2021

I have defined a validatingWebhook configuration with a custom controller that is deployed as a deployment, snippet below for validatingWebhook:

apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: validate-webhook
  namespace: admission-test
webhooks:
  - name: admission.validate.com
   namespaceSelector:
  matchExpressions:
    - key: app
      operator: NotIn
      values: ["admission-test"]
rules:
  - apiGroups:   ["*"]
    apiVersions: ["v1","v1beta1","v1alpha1"]
    operations:  ["CREATE","UPDATE"]
    resources:   ["deployments","daemonsets","statefulsets","cronjobs", "rollouts", "jobs"]
    scope:       "Namespaced"
clientConfig:
  service:
    namespace: admission-test
    name: admission-test
    #service port
    port: 8090
    path: /verify
admissionReviewVersions: ["v1"]
sideEffects: None

and on my application I have defined a http Handler, snippet is below:

	http.HandleFunc("/verify", servePod)
http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
	w.WriteHeader(200)
	klog.Infoln("hittinh healthz")
	w.Write([]byte("ok"))
})
server := &http.Server{
	Addr:      fmt.Sprintf(":%d", port),
	TLSConfig: admission.ConfigTLS(config),
}

I am trying to create another simple nginx deployment, which can be found here but when I try to print the the body of /verify in customer controller that I wrote, I don't get anything. In fact it's like the other deployments are not passing through the admission controller.

Any pointers on why this is happening? Much appreciated

running kubernetes version

kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.4", GitCommit:"3cce4a82b44f032d0cd1a1790e6d2f5a55d20aae", GitTreeState:"clean", BuildDate:"2021-08-11T18:16:05Z", GoVersion:"go1.16.7", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.4", GitCommit:"3cce4a82b44f032d0cd1a1790e6d2f5a55d20aae", GitTreeState:"clean", BuildDate:"2021-08-11T18:10:22Z", GoVersion:"go1.16.7", Compiler:"gc", Platform:"linux/amd64"}

k8s cluster is running via docker desktop

-- sai
go
kubernetes

Similar Questions

docker build failing in kubernetes nodes
Shouldn't kubernetes default-scheduler respect a node having reached --max-pods?
How to switch between clusters in Cockpit-Kubernetes
Istio-proxy does not intercept outgoing traffic with global.proxy.includeIPRanges config
Error Accessing Kubernetes Dashboard On Bare Metal Kubernetes Cluster Setup

1 Answer

12/24/2021

It's passing through the validation controller due to it's set as scope: "Namespaced" and I can't see any namespace specified in your nginx deployment file. You can add any working namespace or change your scope to "*"

You can find more information about the rules in the official documentation

-- Bazhikov
Source: StackOverflow