Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global Plugin - Config update error #5802

Closed
1 task done
mheap opened this issue Apr 3, 2024 · 2 comments
Closed
1 task done

Global Plugin - Config update error #5802

mheap opened this issue Apr 3, 2024 · 2 comments
Assignees
@pmalek
Labels
bug Something isn't working

Comments

@mheap
Copy link
Member

mheap commented Apr 3, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

A user could not apply a global exit-transformer plugin using KIC:

error    Entity tags missing fields    {"name": "exit-transformer", "error": "no namespace"}

error    dataplane-synchronizer    Could not update kong admin    {"error": "performing update for https://localhost:8444/ fail
ed: failed posting new config to /config: got status code 400"}

The error occurred when untrusted_lua: "off" was set.

Expected Behavior

The error logs return a useful error message to help debug the issue

Steps To Reproduce

1. Deploy KIC with `KONG_UNTRUSTED_LUA="off"` in `gateway.env`
2. Create a `KongClusterPlugin` that adds `exit-transformer`

Kong Ingress Controller version

No response

Kubernetes version

No response

Anything else?

No response
@mheap mheap added the bug Something isn't working label Apr 3, 2024
@pmalek
Copy link
Member

pmalek commented Apr 3, 2024

This should already be fixed in nightly via #5764 (and will be released in 3.1.3 via #5789)

@pmalek pmalek self-assigned this Apr 3, 2024
@pmalek
Copy link
Member

pmalek commented Apr 9, 2024

In 3.1.3 when you apply a global exit transformer KIC properly logs an error warning:

2024-04-09T18:09:33+02:00	error	dataplane-synchronizer	Could not update kong admin	{"error": "performing update for https://10.244.0.20:8444 failed: failed posting new config to /config: got status code 400"}
2024-04-09T18:09:36+02:00	error	recording a Warning event for object	{"name": "exit-transformer", "namespace": "default", "kind": "KongPlugin", "apiVersion": "configuration.konghq.com/v1", "reason": "KongConfigurationApplyFailed", "message": "invalid config.functions.1: Error parsing function: /usr/local/share/lua/5.1/kong/tools/sandbox.lua:128: loading of untrusted Lua code disabled because 'untrusted_lua' config option is set to 'off'", "error": "object failed to apply"}

and an event will be emitted correctly:

k get events --field-selector reason=KongConfigurationApplyFailed -n default
lt
LAST SEEN   TYPE      REASON                         OBJECT                                      MESSAGE
10m         Warning   KongConfigurationApplyFailed   kongplugin/exit-transformer                 invalid config.functions.1: Error parsing function: /usr/local/share/lua/5.1/kong/tools/sandbox.lua:128: loading of untrusted Lua code disabled because 'untrusted_lua' config option is set to 'off'

There's an issue with creating event for cluster scoped resources though. Events are namespaced and hence cannot be created without one. I've created #5847 to track this.

@pmalek pmalek closed this as completed Apr 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pmalek pmalek

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mheap @pmalek