Resource validation

Resource validation

Prevent invalid gateway configuration from being applied to your Kubernetes cluster by using the K8sGateway validating admission webhook.

About the validating admission webhook

The validating admission webhook configuration is enabled by default when you install K8sGateway. By default, the webhook only logs the validation result without rejecting invalid K8sGateway resource configuration. If the configuration you provide is written in valid YAML format, it is accepted by the Kubernetes API server and written to etcd. However, the configuration might contain invalid settings or inconsistencies that K8sGateway cannot interpret or process. This mode is also referred to as permissive validation.

You can enable strict validation by setting the alwaysAcceptResources Helm option to false. Note that only resources that result in a rejected status are rejected on admission. Resources that result in a warning status are still admitted. To also reject resources with a warning status, set alwaysAcceptResources=false and allowWarnings=false in your Helm file.

For more information, see Enable resource validation.

Validated resources

The following K8sGateway custom resources can be validated:

To see an example for how to trigger the resource validation API, see Test resources.