controller-manager does not respect config.server.https #4605

timebertt · 2021-09-03T07:27:57Z

How to categorize this issue?

/kind bug

What happened:

When configuring ControllerManagerConfiguration.server.https (

gardener/pkg/controllermanager/apis/config/v1alpha1/types.go

Lines 325 to 326 in dc4eb4b

    
           // HTTPS is the configuration for the HTTPS server. 
        
           HTTPS HTTPSServer `json:"https"`

), it is simply ignored by gardener-controller-manager

gardener/cmd/gardener-controller-manager/app/gardener_controller_manager.go

Lines 290 to 297 in dc4eb4b

    
           go server. 
        
           	NewBuilder(). 
        
           	WithBindAddress(g.Config.Server.HTTP.BindAddress). 
        
           	WithPort(g.Config.Server.HTTP.Port). 
        
           	WithHandler("/metrics", promhttp.Handler()). 
        
           	WithHandlerFunc("/healthz", healthz.HandlerFunc(healthManager)). 
        
           	Build(). 
        
           	Start(ctx)

and no HTTPS handler is started using the provided configuration.

What you expected to happen:

controller-manager to respect the configuration options just like gardenlet:

gardener/cmd/gardenlet/app/gardenlet.go

Lines 425 to 454 in dc4eb4b

    
           // Start HTTPS server. 
        
           if g.Config.Server.HTTPS.TLS == nil { 
        
           	g.Logger.Info("No TLS server certificates provided... self-generating them now...") 
        
           	_, _, tempDir, err := secrets.SelfGenerateTLSServerCertificate("gardenlet", []string{ 
        
           		"gardenlet", 
        
           		fmt.Sprintf("gardenlet.%s", v1beta1constants.GardenNamespace), 
        
           		fmt.Sprintf("gardenlet.%s.svc", v1beta1constants.GardenNamespace), 
        
           	}, nil) 
        
           	if err != nil { 
        
           		return err 
        
           	} 
        
           	g.Config.Server.HTTPS.TLS = &config.TLSServer{ 
        
           		ServerCertPath: filepath.Join(tempDir, secrets.DataKeyCertificate), 
        
           		ServerKeyPath:  filepath.Join(tempDir, secrets.DataKeyPrivateKey), 
        
           	} 
        
           	g.Logger.Info("TLS server certificates successfully self-generated.") 
        
           } 
        
           go server. 
        
           	NewBuilder(). 
        
           	WithBindAddress(g.Config.Server.HTTPS.BindAddress). 
        
           	WithPort(g.Config.Server.HTTPS.Port). 
        
           	WithTLS(g.Config.Server.HTTPS.TLS.ServerCertPath, g.Config.Server.HTTPS.TLS.ServerKeyPath). 
        
           	WithHandler("/metrics", promhttp.Handler()). 
        
           	WithHandlerFunc("/healthz", healthz.HandlerFunc(g.HealthManager)). 
        
           	Build(). 
        
           	Start(ctx)

The text was updated successfully, but these errors were encountered:

timebertt · 2021-10-21T14:06:44Z

depends on the decision in #2829

gardener-ci-robot · 2022-03-30T13:01:31Z

The Gardener project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed
You can:
Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close

/lifecycle stale

rfranzke · 2022-03-30T13:10:13Z

/remove-lifecycle rotten

gardener-ci-robot · 2022-06-28T14:08:36Z

The Gardener project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue or PR as fresh with /remove-lifecycle stale
Mark this issue or PR as rotten with /lifecycle rotten
Close this issue or PR with /close

/lifecycle stale

timebertt · 2022-06-29T05:29:19Z

/remove-lifecycle stale

https was never working, ref gardener#4605 The config structure is similar to admission-controller now and fits to the manager.Options structure as well.

https was never working, ref gardener#4605 The config structure is similar to admission-controller now and fits to the manager.Options structure as well. Co-Authored-By: Rafael Franzke <rafael.franzke@sap.com>

… `CloudProfile` controller (#6333) * Drop broken `kubernetesLogLevel` setting The configuration option wasn't effective, drop it instead of fixing it. Co-Authored-By: Rafael Franzke <rafael.franzke@sap.com> * Rework entrypoint package and introduce c-r manager Co-Authored-By: Rafael Franzke <rafael.franzke@sap.com> * Rework ControllerManagerConfiguration server settings https was never working, ref #4605 The config structure is similar to admission-controller now and fits to the manager.Options structure as well. Co-Authored-By: Rafael Franzke <rafael.franzke@sap.com> * Transform garden cluster bootstrapping into runnable * Add `test.FakeManager` * Transform factory for legacy controllers into runnable Co-Authored-By: Rafael Franzke <rafael.franzke@sap.com> * Get clients from manager instead of clientmap * Allow creating PlantClientMap with plain c-r reader This will be used to create a standalone PlantClientMap for the plant controller with the client from the c-r manager. * Create standalone clientmap in plant controller * Disable cached client for plants * Refactor cloudprofile controller to controller-runtime * Set `RecoverPanic` for new controller * Adapt PlantClientMap test * Nits * Use controller name for event recorders * Comment about disabled cache for plants Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>

timebertt added the kind/bug Bug label Sep 3, 2021

timebertt mentioned this issue Sep 3, 2021

Add profiling to control plane components and gardenlet #4568

Merged

gardener-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 30, 2022

rfranzke removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 30, 2022

gardener-prow bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 28, 2022

timebertt mentioned this issue Jun 29, 2022

Refactor Gardener components to native controller-runtime components #4251

Closed

76 tasks

gardener-prow bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 29, 2022

timebertt mentioned this issue Jun 29, 2022

Support HTTPS for /healthz, /readyz, /metrics and /debug endpoints #2829

Closed

timebertt mentioned this issue Jul 14, 2022

[controller-manager] Introduce controller-runtime manager and switch CloudProfile controller #6333

Merged

gardener-prow bot closed this as completed in #6333 Jul 15, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

controller-manager does not respect config.server.https #4605

controller-manager does not respect config.server.https #4605

timebertt commented Sep 3, 2021

timebertt commented Oct 21, 2021

gardener-ci-robot commented Mar 30, 2022

rfranzke commented Mar 30, 2022

gardener-ci-robot commented Jun 28, 2022

timebertt commented Jun 29, 2022

controller-manager does not respect config.server.https #4605

controller-manager does not respect config.server.https #4605

Comments

timebertt commented Sep 3, 2021

timebertt commented Oct 21, 2021

gardener-ci-robot commented Mar 30, 2022

rfranzke commented Mar 30, 2022

gardener-ci-robot commented Jun 28, 2022

timebertt commented Jun 29, 2022