search

Kong / kubernetes-ingress-controller

:gorilla: Kong for Kubernetes: The official Ingress Controller for Kubernetes.
https://docs.konghq.com/kubernetes-ingress-controller/
Apache License 2.0
2.2k stars 590 forks source link

Admission webhook rejects objects with duplicate plugin types #6249

Closed czeslavo closed 3 months ago

czeslavo commented 3 months ago

Is there an existing issue for this?

Current Behavior

In https://github.com/kong/kubernetes-ingress-controller/pull/5972 we introduced a validation rule that prevents accepting objects that have multiple plugins of the same type assigned to them. We didn't take into account that it may be a valid use case if the plugin is associated with two different object kinds at the same time (e.g. a combination of service and consumer, route and consumer group, etc.).

Expected Behavior

Even if an object has multiple plugins of the same type, it is accepted by the admission webhook.

Steps To Reproduce

1. Make sure KIC runs with the admission server enabled
2. Create a Service with `konghq.com/plugins` pointing to two different KongPlugins of the same type.

Kong Ingress Controller version

3.2

Kubernetes version

-

Anything else?

No response

czeslavo commented 3 months ago

BTW this should be caught in tests added in https://github.com/Kong/kubernetes-ingress-controller/pull/6132 but wasn't because we still do not run admission webhook in integration tests.