Admission webhook fails on kongCredType secrets creation


I upgraded KIC from 2.3 to 2.7 following upgrade docs. Kong seems to work fine after the upgrade but I’m having issues when creating a new secret of kongCredType:

kubectl create secret generic harry-apikey  \
  --from-literal=kongCredType=key-auth  \

Error from server (InternalError): Internal error occurred: failed calling webhook "": an error on the server ("unknown operation 'CREATE'") has prevented the request from succeeding

Ingress controller logs: level=error msg="failed to run validation: unknown operation 'CREATE'" component=admission-server

I have set failurePolicy to Ignore which allowed me to create secrets I needed but I would prefer to have the policy set to Fail.

I’m using the official Helm chart in Kubernetes v1.20.

Hi, I ran into same issue so just an update with my findings:

  1. Looks like this PR will fix issue: fix(admission) Remove CREATE Secret admission by ubergesundheit · Pull Request #542 · Kong/charts · GitHub , so problem is most likely fixed in next release of Helm chart.

  2. If you want to remove “failurePolicy: Ignore” while waiting for new release, this patch should fix issue:
    kubectl patch ValidatingWebhookConfiguration kong-validations --type json -p='[{"op":"replace", "path":"/webhooks/0/rules/1/operations", "value":["UPDATE"]}]'

1 Like

Thanks, @tiej-dr! I can wait for a new release with the fix.

1 Like