Description / Issue:
I have a custom Kong plugin xyz-auth.
-
Using the Kong Admin API, the following
curlworks and creates the plugin successfully:curl --request POST –url http://localhost:8001/routes/<route_id>/plugins –header ‘Accept: application/json’ –header ‘Content-Type: application/json’ –data ‘{ “config”: { “anonymous”: “anonymous” }, “enabled”: true, “instance_name”: “xyz-auth-plugin”, “name”: “xyz-auth” }’ -
When trying to create the Kubernetes CRD:
apiVersion: configuration.konghq.com/v1
kind: KongPlugin
plugin: xyz-auth
metadata:
name: xyz-auth-plugin
annotations:
kubernetes.io/ingress.class: kong
config:
anonymous: anonymous-st
I get the error –> admission webhook “validations.kong.konghq.com” denied the request: plugin failed schema validation: schema violation (config.anonymous: unknown field).
What I’ve checked / tried:
-
The plugin works via Admin API (
curl). -
Checked the plugin schema at
/usr/local/share/lua/5.1/kong/plugins/xyz-auth/schema.lua:return { name = "xyz-auth", fields = { { config = { type = "record", fields = { { header_value = { type = "string", default = "roar" }, }, { anonymous = { description = "An optional string (consumer UUID or username) value to use as an “anonymous” consumer if authentication fails.", type = "string" }, }, }, }, }, } } -
Despite
anonymousbeing defined in the schema, creating the KongPlugin CRD in Kubernetes still fails -
Suspect that Kubernetes admission webhook may not pick up the custom plugin schema correctly in DB-less / CRD mode.
Questions / Help Needed:
-
Is it possible to add the
anonymousfield to the plugin schema for Kubernetes CRDs? -
Is there a recommended way to make custom plugin fields work in Kubernetes CRDs?
-
Can we safely bypass the admission webhook for testing purposes?