Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingress fails to create when specifying port in spec.controlPlane.ingress.hostname #345

Closed
fchiacchiaretta opened this issue Aug 4, 2023 · 2 comments · Fixed by #346
Closed

Ingress fails to create when specifying port in spec.controlPlane.ingress.hostname #345

fchiacchiaretta opened this issue Aug 4, 2023 · 2 comments · Fixed by #346
Assignees
@prometherion
Labels
bug Something isn't working
Milestone
v0.3.3

Comments

@fchiacchiaretta
Copy link

kamaji by default sets spec.networkProfile.port in server endpoint of "my-cluster-control-plane-admin-kubeconfig" Secret, but when using ingress you may need to customize the port in that Secret.

Specifying port in spec.controlPlane.ingress.hostname as my.domain.cloud:443 results in a broken ingress spec:

2023-08-04T10:19:47Z	ERROR	handling of resource failed	{"controller": "tenantcontrolplane", "controllerGroup": "kamaji.clastix.io", "controllerKind": "TenantControlPlane", "TenantControlPlane": {"name":"my-cluster-control-plane","namespace":"capi-tenants"}, "namespace": "capi-tenants", "name": "my-cluster-control-plane", "reconcileID": "391fa624-5bb4-4d59-ac3b-80781104ee0d", "resource": "ingress", "error": "Ingress.extensions \"my-cluster-control-plane\" is invalid: spec.rules[0].host: Invalid value: \"my-cluster.my.domain.cloud:443\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"}
github.com/clastix/kamaji/controllers.(*TenantControlPlaneReconciler).Reconcile
	/workspace/controllers/tenantcontrolplane_controller.go:182
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:122
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:323
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:274
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:235
2023-08-04T10:19:47Z	ERROR	Reconciler error	{"controller": "tenantcontrolplane", "controllerGroup": "kamaji.clastix.io", "controllerKind": "TenantControlPlane", "TenantControlPlane": {"name":"my-cluster-control-plane","namespace":"capi-tenants"}, "namespace": "capi-tenants", "name": "my-cluster-control-plane", "reconcileID": "391fa624-5bb4-4d59-ac3b-80781104ee0d", "error": "Ingress.extensions \"my-cluster-control-plane\" is invalid: spec.rules[0].host: Invalid value: \"my-cluster.my.domain.cloud:443\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:329
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:274
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.14.0/pkg/internal/controller/controller.go:235

A possible solution would be to parse spec.controlPlane.ingress.hostname to strip the port thus creating a valid ingress resource, and then only use this port to generate the "my-cluster-control-plane-admin-kubeconfig" Secret .
@prometherion
Copy link
Member

Kamaji has been always designed to avoid port translation, also from the Service standpoint.

We already have a sort of heritage that we have to keep. I would suggest addressing this in this way:

  • if the port is unspecified in the Ingress hostname, the NetworkProfile one will be used.
  • if a port is specified in the Ingress Hostname, it will be stripped from the FQDN to let create the Ingress object, and the provided port will be injected in the admin Kubeconfig since it will reached by users on that specific endpoint

WDYT?

@prometherion prometherion self-assigned this Aug 4, 2023
@prometherion prometherion added the bug Something isn't working label Aug 4, 2023
@prometherion prometherion added this to the v0.3.3 milestone Aug 4, 2023
@prometherion prometherion mentioned this issue Aug 4, 2023
Merged
@fchiacchiaretta
Copy link
Author

That's exactly what I think, I'm just bad at explaining myself :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prometherion prometherion

Labels
bug Something isn't working
Projects
None yet
Milestone
v0.3.3
Development

Successfully merging a pull request may close this issue.

fix(ingress): referencing ingress port from hostname prometherion/kamaji
2 participants
@prometherion @fchiacchiaretta