Open zf-roose opened 2 years ago
1.11.x (beta)
1.20.x
After setting gateway.validation.allowWarnings: false our helm deployments fail with a InvalidDestinationWarning admission webhook error:
gateway.validation.allowWarnings: false
InvalidDestinationWarning
upgrade.go:420: [debug] warning: Upgrade "xxx" failed: failed to create resource: admission webhook "gateway.gloo-system.svc" denied the request: resource incompatible with current Gloo snapshot: [Validating v1.VirtualService failed: validating *v1.VirtualService name:"xxx-service-internal" namespace:"xxx-584-val-22660": Route Warning: InvalidDestinationWarning. Reason: *v1.Upstream { xxx-584-val-22660.kube-svc:xxx-584-val-22660-c-c77767cb34a36075bdc47f165089a77 } not found]
The VirtualService object contains a single route using Kubernetes constructs (routeAction.single.kube) referring to the service.
routeAction.single.kube
VirtualService object spec:
apiVersion: gateway.solo.io/v1 kind: VirtualService <snip> spec: sslConfig: oneWayTls: true secretRef: name: xxx-service-internal-cert namespace: xxx-584-dev sniDomains: - xxx.com virtualHost: domains: - xxx.com routes: - matchers: - prefix: / name: all routeAction: single: kube: port: 80 ref: name: xxx-service namespace: xxx-584-dev
Set gateway.validation.allowWarnings: false and deploy a VirtualService object with a routeAction to the Kubernetes service.
The webhook validation throws an InvalidDestinationWarning and blocks the deployment.
Set gateway.validation.allowWarnings: true and the deployment will work, the gateway-proxy adds the virtualhost and the API is reachable.
gateway.validation.allowWarnings: true
No InvalidDestinationWarning should be triggered as the service exists, the pod is running and working.
We can not use gateway.validation.allowWarnings: false for now as recommended for production workloads on https://docs.solo.io/gloo-edge/latest/operations/production_deployment/#more-validation-hooks
This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.
Gloo Edge Version
1.11.x (beta)
Kubernetes Version
1.20.x
Describe the bug
After setting
gateway.validation.allowWarnings: false
our helm deployments fail with aInvalidDestinationWarning
admission webhook error:The VirtualService object contains a single route using Kubernetes constructs (
routeAction.single.kube
) referring to the service.VirtualService object spec:
Steps to reproduce the bug
Set
gateway.validation.allowWarnings: false
and deploy a VirtualService object with a routeAction to the Kubernetes service.The webhook validation throws an InvalidDestinationWarning and blocks the deployment.
Set
gateway.validation.allowWarnings: true
and the deployment will work, the gateway-proxy adds the virtualhost and the API is reachable.Expected Behavior
No InvalidDestinationWarning should be triggered as the service exists, the pod is running and working.
Additional Context
We can not use
gateway.validation.allowWarnings: false
for now as recommended for production workloads on https://docs.solo.io/gloo-edge/latest/operations/production_deployment/#more-validation-hooks