Overview
Prevent invalid Gloo configuration from being applied to your Kubernetes cluster by using the Gloo Gateway validating admission webhook.
About the validating admission webhook
The validating admission webhook configuration is enabled by default when you install Gloo Gateway. By default, the webhook only logs the validation result without rejecting invalid Gloo Gateway resource configuration. If the configuration you provide is written in valid YAML format, it is accepted by the Kubernetes API server and written to etcd. However, the configuration might contain invalid settings or inconsistencies that Gloo Gateway cannot interpret or process. This mode is also referred to as permissive validation.
You can enable strict validation by setting the alwaysAcceptResources Helm option to false. Note that only resources that result in a rejected status are rejected on admission. Resources that result in a warning status are still admitted. To also reject resources with a warning status, set alwaysAcceptResources=false and allowWarnings=false in your Helm file.
For more information, see Enable resource validation.
Validated resources
The following Gloo Gateway custom resources can be validated:
To see an example for how to trigger the resource validation API, see Test resources.
Questions or feedback
If you have questions or feedback regarding the Gloo Gateway resource validation or any other feature, reach out via the Slack or open an issue in the Gloo Gateway GitHub repository.