Skip to content

Latest commit

 

History

History
48 lines (38 loc) · 2.71 KB

configuration-validation.md

File metadata and controls

48 lines (38 loc) · 2.71 KB

Configuration Validation

When MARIN3R is installed in a cluster, an admission webhook is installed alongside the operator. One of the tasks of this admission webhook is to validate that the configurations a user includes in an EnvoyConfig resource are syntactically correct and adhere to the appropriate Envoy API spec.

Preparation

You need to have MARIN3R operator installed in the cluster and a DiscoveryService within the namespace you will be using. Follow the installation instructions to do so if you haven't already.

Deploy an EnvoyConfig

Let's see what happens when we try to create an EnvoyConfig resource that contains an envoy cluster with a wrong configuration (in this case the error is in the connect_timeout units used):

cat <<'EOF' | kubectl apply -f -
apiVersion: marin3r.3scale.net/v1alpha1
kind: EnvoyConfig
metadata:
  name: example
spec:
  nodeID: example
  resources:
  - type: cluster
    value:
      name: example
      type: STRICT_DNS
      connect_timeout: 10 miliseconds
      lb_policy: ROUND_ROBIN
      load_assignment:
        cluster_name: example
        endpoints:
        - lb_endpoints:
          - endpoint:
              address:
                socket_address:
                  address: 127.0.0.1
                  port_value: 8080
EOF

We get an error specifying that the units we are trying to use are not correct and the operation is rejected so the resource never gets created in the Kubernetes API server. This provides quick feedback to the user that's very useful when developing new configurations, and avoids having to troubleshoot problems by inspecting the Envoy logs.

Error from server ({"validationErrors":["Error deserializing resource: 'bad Duration: time: unknown unit \" miliseconds\" in duration \"10 miliseconds\"'"]}): error when creating "STDIN": admission webhook "envoyconfig.marin3r.3scale.net" denied the request: {"validationErrors":["Error deserializing resource: 'bad Duration: time: unknown unit \" miliseconds\" in duration \"10 miliseconds\"'"]}

Beware though, that even with the webhook performing this validation, there are times that even if the config is perfectly right from an API spec standpoint, not all versions of envoy support a given API spec exactly, as there may be deprecations and additions to the API between different versions of Envoy.

It's especially important that you check the Envoy release notes when you are switching between Envoy versions in order to validate that all your EnvoyConfigs will still work after the change.