@@ -22,6 +22,13 @@ import (
2222 "github.com/nginxinc/nginx-kubernetes-gateway/internal/mode/static/state/validation"
2323)
2424
25+ const (
26+ validationErrorLogMsg = "the resource failed validation: Gateway API CEL validation (Kubernetes 1.25+) " +
27+ "by the Kubernetes API server and/or the Gateway API webhook validation (if installed) failed to reject " +
28+ "the resource with the error; make sure Gateway API CRDs include CEL validation and/or (if installed) the " +
29+ "webhook is running correctly."
30+ )
31+
2532//go:generate go run github.com/maxbrunsfeld/counterfeiter/v6 . ChangeProcessor
2633
2734type extractGVKFunc func (obj client.Object ) schema.GroupVersionKind
@@ -160,18 +167,19 @@ func NewChangeProcessorImpl(cfg ChangeProcessorConfig) *ChangeProcessorImpl {
160167
161168 var err error
162169 switch o := obj .(type ) {
163- // We don't validate GatewayClass or ReferenceGrant, because as of 0.7.1, the webhook doesn't validate them.
170+ // We don't validate GatewayClass or ReferenceGrant, because as of the latest version,
171+ // the webhook doesn't validate them.
164172 // It only validates a GatewayClass update that requires the previous version of the resource,
165173 // which NKG cannot reliably provide - for example, after NKG restarts).
166- // https://github.com/kubernetes-sigs/gateway-api/blob/v0.7.1 /apis/v1beta1/validation/gatewayclass.go#L28
174+ // https://github.com/kubernetes-sigs/gateway-api/blob/v0.8.0 /apis/v1beta1/validation/gatewayclass.go#L28
167175 case * v1beta1.Gateway :
168176 err = gwapivalidation .ValidateGateway (o ).ToAggregate ()
169177 case * v1beta1.HTTPRoute :
170178 err = gwapivalidation .ValidateHTTPRoute (o ).ToAggregate ()
171179 }
172180
173181 if err != nil {
174- return fmt .Errorf ("validation error : %w"err )
182+ return fmt .Errorf (validationErrorLogMsg + " : %w"err )
175183 }
176184
177185 return nil
0 commit comments