Closed ssarbadh closed 4 months ago
@ssarbadh You need to provide the full JSON path of config, starting with /
in the path
field of contifPatch. In your example, you need to change your path
to /hour
.
Maybe we can add "check if JSON path of items in ConfigPatched
is valid" into validation webhook, or add the limit to CRD specs.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hello @randmonkey
Thanks a lot for your prompt response. I presumed I have responded.
Anyways I still see the same issue - tried with path as you suggested.
Here are the manifests -
---
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-payment-instruments-post-plugin-public-value
plugin: rate-limiting
config: # You can define the non-sensitive part of the config explicitly here.
limit_by: header
error_code: 429
error_message: 'Create card retry limit exceeded.'
policy: local
# hour: 10
header_name: "Test"
configPatches:
- path: /hour # This is the path to the field in the plugin's configuration this patch will populate.
valueFrom:
secretKeyRef:
name: web-api-gateway-payment-instruments-update-value-secret # This is the name of the secret.
key: hour # This is the key in the secret.
- path: "/header_name" # This is the path to the field in the plugin's configuration this patch will populate.
valueFrom:
secretKeyRef:
name: web-api-gateway-payment-instruments-update-value-secret # This is the name of the secret.
key: header_name # This is the key in the secret.
The secret -
apiVersion: v1
data:
error_code: NDI5
error_message: Q3JlYXRlIGNhcmQgcmV0cnkgbGltaXQgZXhjZWVkZWQu
header_name: QXV0aG9yaXphdGlvblRlc3Q=
hour: MTE=
limit_by: aGVhZGVy
policy: bG9jYWw=
kind: Secret
metadata:
name: web-api-gateway-payment-instruments-update-value-secret
namespace: web-kong
type: Opaque
But I still see the error complaining that fields are missing for the plugin.
I did try with both the /config/hour
and /hour
with and without double quotes etc.
Please guide.
@ssarbadh If you want to use values in string type in configPatches, the values in secret should include the double quote "
, while other types (numbers, booleans, objects, arrays) requires no quotes.
In your case, you need to create your secret like
echo "
apiVersion: v1
kind: Secret
metadata:
name: web-api-gateway-payment-instruments-update-value-secret
stringData:
hour: '11' # number
limit_by: '\"header\"' # string
header_name: '\"AuthorizationTest\"' # string
error_code: '429' # number
error_message: '\"Create card retry limit exceeded.\"' # string
policy: '\"local\"' # string
type: Opaque
" | kubectl apply -f -
And the path of configPatch need a leading /
, like
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
name: rate-limiting-payment-instruments-post-plugin-public-value
plugin: rate-limiting
config: # You can define the non-sensitive part of the config explicitly here.
limit_by: header
error_code: 429
error_message: 'Create card retry limit exceeded.'
policy: local
# hour: 10
header_name: "Test"
configPatches:
- path: /hour # This is the path to the field in the plugin's configuration this patch will populate.
valueFrom:
secretKeyRef:
name: web-api-gateway-payment-instruments-update-value-secret # This is the name of the secret.
key: hour # This is the key in the secret.
- path: "/header_name" # This is the path to the field in the plugin's configuration this patch will populate.
valueFrom:
secretKeyRef:
name: web-api-gateway-payment-instruments-update-value-secret # This is the name of the secret.
key: header_name # This is the key in the secret.
@ssarbadh If you want to use values in string type in configPatches, the values in secret should include the double quote
"
, while other types (numbers, booleans, objects, arrays) requires no quotes. In your case, you need to create your secret likeecho " apiVersion: v1 kind: Secret metadata: name: web-api-gateway-payment-instruments-update-value-secret stringData: hour: '11' # number limit_by: '\"header\"' # string header_name: '\"AuthorizationTest\"' # string error_code: '429' # number error_message: '\"Create card retry limit exceeded.\"' # string policy: '\"local\"' # string type: Opaque " | kubectl apply -f -
And the path of configPatch need a leading
/
, likeapiVersion: configuration.konghq.com/v1 kind: KongPlugin metadata: name: rate-limiting-payment-instruments-post-plugin-public-value plugin: rate-limiting config: # You can define the non-sensitive part of the config explicitly here. limit_by: header error_code: 429 error_message: 'Create card retry limit exceeded.' policy: local # hour: 10 header_name: "Test" configPatches: - path: /hour # This is the path to the field in the plugin's configuration this patch will populate. valueFrom: secretKeyRef: name: web-api-gateway-payment-instruments-update-value-secret # This is the name of the secret. key: hour # This is the key in the secret. - path: "/header_name" # This is the path to the field in the plugin's configuration this patch will populate. valueFrom: secretKeyRef: name: web-api-gateway-payment-instruments-update-value-secret # This is the name of the secret. key: header_name # This is the key in the secret.
i can confirm this is working. this should be very well documented on the official docs. it is currently NOT clear at all :)
i can confirm this is working. this should be very well documented on the official docs. it is currently NOT clear at all :) Thanks. We will fix the docs and give a clearer introduction on how to use
configPatch
es.
I was thinking about this implementation today. Isn't it a weird approach to put this burden on the end user? Requiring literal ""
on a yaml string value is not intuitive for most of yaml users. The code here is doing a string manipulation (arguably dangerous) to generate a JSON raw patch.
Wouldn't it be nicer to allow users to specify the language-specific value and internally translate between the languages? I.e. in this case, in yaml, we should just put regular string or numeric. Then in the plugin.go
code, do a struct value and then encode it into a JSON string.
Just my two cents :)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Closed this and created https://github.com/Kong/kubernetes-ingress-controller/issues/5994 for improving user interface of configPatches
, since the docs are updated and the interface change may bring breaking changes. Please re-open with comments if you want more discussions to happen here.
Is there an existing issue for this?
Current Behavior
configPatches
with secret.Secret
KongPlugin
But after applying the KongPlugin
As per doc I expect Kong Ingress Controller resolves the referenced secret and builds the complete configuration for the plugin before sending it to Kong Gateway
Expected Behavior
Kong Ingress Controller resolves the referenced secret and builds the complete configuration for the plugin before sending it to Kong Gateway
Steps To Reproduce
Kong Ingress Controller version
Kubernetes version
Anything else?
No response