Skip to content

Infrastructure runner trying to create/update proxy despite empty listeners #3044

Closed
#3043
Closed
Infrastructure runner trying to create/update proxy despite empty listeners#3044
#3043
Assignees
cnvergence
Labels
kind/bugSomething isn't workingtriage
@cnvergence

Description

@cnvergence
cnvergence
opened on Mar 27, 2024

Description:

Sending faulty Gateway spec will result in deploying envoy proxy infra despite no listeners added in infra-ir.
This will result in an error when creating or updating the envoy service:

2024-03-27T17:48:02.953+0100    ERROR   infrastructure  runner/runner.go:70     failed to create new infra      {"runner": "infrastructure", "error": "failed to create or update service envoy-gateway-system/envoy-envoy-gateway-system-example-7a77c167: for Create: Service \"envoy-envoy-gateway-system-example-7a77c167\" is invalid: spec.ports: Required value"}
2024-03-27T17:48:02.954+0100    ERROR   watchable       message/watchutil.go:56 observed an error       {"runner": "infrastructure", "error": "failed to create or update service envoy-gateway-system/envoy-envoy-gateway-system-example-7a77c167: for Create: Service \"envoy-envoy-gateway-system-example-7a77c167\" is invalid: spec.ports: Required value"}

Repro steps:

Deploy example Gateway spec with a missing certificate on the cluster

---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: eg
spec:
  controllerName: gateway.envoyproxy.io/gatewayclass-controller
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: example
spec:
  gatewayClassName: eg
  listeners:
  - allowedRoutes:
      namespaces:
        from: All
    hostname: www.example.com
    name: https
    port: 443
    protocol: HTTPS
    tls:
      certificateRefs:
      - group: ""
        kind: Secret
        name: example-tls
        namespace: envoy-gateway-system
      mode: Terminate

observe that listeners condition will be set properly:

    listeners:
    - attachedRoutes: 0
      conditions:
      - lastTransitionTime: "2024-03-27T16:49:41Z"
        message: Secret envoy-gateway-system/example-tls does not exist.
        observedGeneration: 1
        reason: InvalidCertificateRef
        status: "False"
        type: ResolvedRefs
      - lastTransitionTime: "2024-03-27T16:49:41Z"
        message: Listener is invalid, see other Conditions for details.
        observedGeneration: 1
        reason: Invalid
        status: "False"
        type: Programmed

expect the logs with failing to create service and check that the envoy proxy pod was created anyway:

NAME                                                            READY   STATUS    RESTARTS   AGE
envoy-envoy-gateway-system-example-7a77c167-fcc444889-rv6x9     2/2     Running   0          28s

Environment:
latest

Logs:

2024-03-27T17:48:02.895+0100    INFO    gateway-api     runner/runner.go:56     received an update      {"runner": "gateway-api"}
2024-03-27T17:48:02.897+0100    INFO    gateway-api     runner/runner.go:104    proxy:
  metadata:
    labels:
      gateway.envoyproxy.io/owning-gateway-name: example
      gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway-system
  name: envoy-gateway-system/example
        {"runner": "gateway-api", "infra-ir": "envoy-gateway-system/example"}
2024-03-27T17:48:02.897+0100    INFO    infrastructure  runner/runner.go:59     received an update      {"runner": "infrastructure"}
2024-03-27T17:48:02.898+0100    INFO    gateway-api     runner/runner.go:115    accessLog:
  text:
  - path: /dev/stdout
        {"runner": "gateway-api", "xds-ir": "envoy-gateway-system/example"}
2024-03-27T17:48:02.898+0100    INFO    xds-translator  runner/runner.go:55     received an update      {"runner": "xds-translator"}
2024-03-27T17:48:02.898+0100    INFO    provider        status/status.go:122    received a status update        {"runner": "provider", "namespace": "envoy-gateway-system", "name": "example"}
2024-03-27T17:48:02.898+0100    INFO    xds-server      runner/runner.go:141    received an update      {"runner": "xds-server"}
2024-03-27T17:48:02.932+0100    INFO    provider        status/status.go:122    received a status update        {"runner": "provider", "namespace": "envoy-gateway-system", "name": "example"}
2024-03-27T17:48:02.933+0100    INFO    provider.example.envoy-gateway-system   status/status.go:92     status unchanged, bypassing update      {"runner": "provider"}
2024-03-27T17:48:02.946+0100    INFO    provider        status/status.go:122    received a status update        {"runner": "provider", "namespace": "envoy-gateway-system", "name": "example"}
2024-03-27T17:48:02.946+0100    INFO    provider.example.envoy-gateway-system   status/status.go:92     status unchanged, bypassing update      {"runner": "provider"}
2024-03-27T17:48:02.953+0100    ERROR   infrastructure  runner/runner.go:70     failed to create new infra      {"runner": "infrastructure", "error": "failed to create or update service envoy-gateway-system/envoy-envoy-gateway-system-example-7a77c167: for Create: Service \"envoy-envoy-gateway-system-example-7a77c167\" is invalid: spec.ports: Required value"}
2024-03-27T17:48:02.954+0100    ERROR   watchable       message/watchutil.go:56 observed an error       {"runner": "infrastructure", "error": "failed to create or update service envoy-gateway-system/envoy-envoy-gateway-system-example-7a77c167: for Create: Service \"envoy-envoy-gateway-system-example-7a77c167\" is invalid: spec.ports: Required value"}

Metadata

Metadata

Assignees

Labels

kind/bugSomething isn't workingtriage

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions