-
Notifications
You must be signed in to change notification settings - Fork 592
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KongUpstreamPolicy controller depends on HTTPRoute CRD presence #5729
Comments
I met the same issue. |
Our deployments are also affected by this and hence stuck @ Kong 3.5. This specific version of Kong has a slightly problematic dns_no_sync flag value for a Kubernetes-like environment where the upstream can fluctuate very much with HPA. |
@carlosrmendes I tried to reproduce the problem with your steps (install
|
@randmonkey Sorry for jumping in @skybalsamoan created another issue with the full description on how to replicate the issue Kong/kong#12661. |
Got the reason why KIC3.1 has the problem: kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml ? |
after that apply I got this error on KIC:
|
I've installed and updated the kong gateway and kic using the kong helm chart |
@carlosrmendes Can you try install gateway CRDs first (apply the yaml) then upgrade/install KIC bye helm? |
Changed the title of this issue to pinpoint the reason as identified by @randmonkey. The workaround seems to be installing the Gateway API CRDs (pending verification). |
This stems from #5444, which feels pretty non-critical. Ancestor status info is nice, but we can probably live without it. IMO supporting existing Kong functionality on the (probably, at this point) majority of clusters that lack GWAPI CRDs outweighs providing the additional status info. I don't know of an obvious reason we'd need to trigger reconciles outside that, since all the actual application of the upstream config happens in the translators. Can we gate the required HTTPRoute CRD in the KUP controller definition and additional watch using a feature flag, and default it off pending wider availability of GWAPI CRDs on major providers? IDK if we have a clear use case that requires surfacing ancestor status yet (other than it being part of the policy attachment design spec), so it seems a reasonable candidate for something you can turn on if you want it. The specific trigger mentioned (reconciling based on Services used by an HTTPRoute that have upstream configuration) sounds a bit odd in itself (shouldn't the Service be the ancestor in that case? the KUP settings that affect Services don't affect HTTPRoutes), but ultimately you can also apply KUP route config to HTTPRoutes directly, so I assume that relationship would exist regardless. |
@randmonkey For simplicity I will describe the reproduction procedure with k3s. Is there anything wrong with my procedures? k3s(single server cluster) setup with k3d
apiVersion: k3d.io/v1alpha5
kind: Simple
metadata:
name: kongCheck
servers: 1
agents: 0
kubeAPI:
host: "0.0.0.0"
hostIP: "0.0.0.0"
hostPort: "6443"
image: rancher/k3s:v1.29.3-k3s1
subnet: "10.32.0.0/16"
token: superSecretToken
options:
k3s:
extraArgs:
- arg: "--tls-san=127.0.0.1"
nodeFilters:
- server:*
- arg: "--disable-network-policy"
nodeFilters:
- server:*
- arg: "--disable=traefik"
nodeFilters:
- server:*
runtime: # runtime (docker) specific options
ulimits:
- name: nofile
soft: 26677
hard: 26677
- name: nproc
soft: 26677
hard: 26677
apply gatewayapi
install kong chart (Kong:3.4 KIC:3.0)
controller:
ingressController:
enabled: false
gateway:
admin:
http:
enabled: true
manager:
type: ClusterIP
ingressController:
enabled: true
env:
role: traditional
database: "off"
check status
create gatwayclass&gateway
apply application
apply KongUpstreamPolicy(consistent-hashign) & httproute
check logsno issue.
check resourcesno issue.
Upgrade kong chart (Kong:3.6 KIC:3.1)
check status
check logs
check resourcesPolicy is not applied
cleanup
Perhaps the problem is not caused by an upgrade, but a new installation will have the same problem. I rewrite the KIC image tag to 3.0 on the 0.12.0 chart, the error no longer occurs and it works correctly. Thanks. |
Is there an existing issue for this?
Current Behavior
After upgrading to version 3.1, I'm receiving errors while validating KongUpstreamPolicies with the following error:
2024-02-28T09:24:23Z error failed fetching KongUpstreamPolicy: KongUpstreamPolicy mynamespace/kong-health-check not found {"name": "myservice", "namespace": "mynamespace", "GVK": "/v1, Kind=Service", "error": "resource processing failed"}
Expected Behavior
Existing KongUpstreamPolicies should be fetched correctly by the kong ingress-controller
Steps To Reproduce
Kong Ingress Controller version
Kubernetes version
Anything else?
No response
The text was updated successfully, but these errors were encountered: