Nginx Question posted in
The official documentation can be found here.

ingress-nginx-controller-admission: what does it do? Why is it there

I am new to Kubernetes. Setting up nginx-ingress in a test cluster. One of our senior people rolled by and noticed the following.

# kubectl get services
...
ingress-ingress-nginx-controller-admission   ClusterIP      xx.xxx.xxx.xxx   <none>        443/TCP
...

What’s that, he asked. Get rid of it if you don’t need it.

Before I rip it out and maybe get cripple my test cluster .. what is ingress-nginx-controller-admission and why do I need it?

Tags:

2

Answers


  1. 0

    It’s the service for the validating webhook that ingress-nginx includes. If you remove it, you’ll be unable to create or update Ingress objects unless you also remove the webhook configuration.

    tl;dr it’s important, no touchy

    Login or Signup to reply.
  2. 0

    Because the ingress controller works using the synchronization loop
    pattern, it is applying the configuration for all matching objects. In
    case some Ingress objects have a broken configuration, for example a
    syntax error in the nginx.ingress.kubernetes.io/configuration-snippet
    annotation, the generated configuration becomes invalid, does not
    reload and hence no more ingresses will be taken into account.

    To prevent this situation to happen, the nginx ingress controller
    optionally exposes a validating admission webhook server to ensure the
    validity of incoming ingress objects. This webhook appends the
    incoming ingress objects to the list of ingresses, generates the
    configuration and calls nginx to ensure the configuration has no
    syntax errors.

    https://kubernetes.github.io/ingress-nginx/how-it-works/#avoiding-outage-from-wrong-configuration

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search