• Configuration Validation Webhook

    Configuration Validation Webhook

    Galley’s configuration validation ensures user authored Istioconfiguration is syntactically and semantically valid. It uses aKubernetes ValidatingWebhook. The istio-galleyValidatingWebhookConfiguration has two webhooks.

    • pilot.validation.istio.io - Served on path /admitpilot and isresponsible for validating configuration consumed by Pilot(e.g. VirtualService, Authentication).

    • mixer.validation.istio.io - Served on path /admitmixer and isresponsible for validating configuration consumed by Mixer.

    Both webhooks are implemented by the istio-galley service onport 443. Each webhook has its own clientConfig, namespaceSelector,and rules section. Both webhooks are scoped to all namespaces. ThenamespaceSelector should be empty. Both rules apply to Istio CustomResource Definitions (CRDs).