Open brross opened 3 years ago
/triage accepted /priority important-soon /assign @strongjz
Do you have the admission webhook disabled?
I was testing this with a local cluster and a default install. The admission webhook did not create the ingress object.
pod/foo-app unchanged
service/foo-service unchanged
pod/bar-app unchanged
service/bar-service unchanged
Error from server (BadRequest): error when creating "test.yml": admission webhook "validate.nginx.ingress.kubernetes.io" denied the request: nginx.ingress.kubernetes.io/configuration-snippet annotation cannot be used. Snippet directives are disabled by the Ingress administrator
apiVersion: v1
metadata:
name: foo-app
labels:
app: foo
spec:
containers:
- name: foo-app
image: hashicorp/http-echo:0.2.3
args:
- "-text=foo"
---
kind: Service
apiVersion: v1
metadata:
name: foo-service
spec:
selector:
app: foo
ports:
# Default port used by the image
- port: 5678
---
kind: Pod
apiVersion: v1
metadata:
name: bar-app
labels:
app: bar
spec:
containers:
- name: bar-app
image: hashicorp/http-echo:0.2.3
args:
- "-text=bar"
---
kind: Service
apiVersion: v1
metadata:
name: bar-service
spec:
selector:
app: bar
ports:
# Default port used by the image
- port: 5678
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Request-Id: $req_id";
spec:
rules:
- http:
paths:
- pathType: Prefix
path: "/foo"
backend:
service:
name: foo-service
port:
number: 5678
- pathType: Prefix
path: "/bar"
backend:
service:
name: bar-service
port:
number: 5678
---
I double-checked and, indeed, I do have the validating webhook enabled. I'll have to investigate why it's not doing the proper thing in my test environment.
I do think emitting and event message for this would be useful in any case.
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
@brross any update?
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
/lifecycle frozen
This issue is labeled with priority/important-soon
but has not been updated in over 90 days, and should be re-triaged.
Important-soon issues must be staffed and worked on either currently, or very soon, ideally in time for the next release.
You can:
/triage accepted
(org members only)/priority important-longterm
or /priority backlog
/close
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/
/remove-triage accepted
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
When snippets are disabled by
allow-snippet-annotations: false
, ingress-nginx should emit an event message for ingresses which include a configuration snippet annotation.Perhaps something like
$ingress created but ignoring configuration-snippet annotation; snippet-by-annotation is disabled
Currently, with
allow-snippet-annotations: false
, ingress-nginx creates the requested ingress resource but silently ignores any-snippet
annotation creating confusion for end-users.This is related to the fix for Issue https://github.com/kubernetes/kubernetes/issues/126811 introduced in PRs https://github.com/kubernetes/ingress-nginx/pull/7666 and https://github.com/kubernetes/ingress-nginx/pull/7670