Consider a scenario where we have a global custom plugin v1 deployed to research and test. Then we decide we want to create v2, which has a slightly different schema. If we try to deploy v2, the webhook deployed to the test environment does not yet know about the new version of the plugin and fails admission to the cluster. The chart currently support configuration of a namespaceSelector but this only applies to namespaced objects, and kongclusterplugins are not namespaced.
Solution proposal
One approach would be to update the objectSelector to include a matchLabels selector (configurable with values), so that labels could be used to select individual objects that are desired to be excluded from validation.
Problem Statement
We deploy the kong helm chart twice into the same cluster:
We also leverage custom plugins, and deploy them as (global)
kongclusterplugins.The validations.kong.konghq.com webhook rules are currently matching on kongclusterplugins.
Consider a scenario where we have a global custom plugin v1 deployed to research and test. Then we decide we want to create v2, which has a slightly different schema. If we try to deploy v2, the webhook deployed to the test environment does not yet know about the new version of the plugin and fails admission to the cluster. The chart currently support configuration of a
namespaceSelectorbut this only applies to namespaced objects, andkongclusterpluginsare not namespaced.Solution proposal
One approach would be to update the
objectSelectorto include amatchLabelsselector (configurable withvalues), so that labels could be used to select individual objects that are desired to be excluded from validation.