Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sync error regression in 1.5.1 #713

Closed
pdeva opened this issue Apr 4, 2019 · 6 comments
Closed

sync error regression in 1.5.1 #713

pdeva opened this issue Apr 4, 2019 · 6 comments
Assignees
@rramkumar1
Labels
kind/bug Categorizes issue or PR as related to a bug. kind/documentation Categorizes issue or PR as related to documentation. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@pdeva
Copy link

pdeva commented Apr 4, 2019
edited
Loading

We recently upgraded our GKE cluster 1.12.6-gke.7 (and subsequently to 1.12.6-gke.10) and started noticing this error in the ingress:

Error during sync: error running load balancer syncing routine: resource name may not be empty

While the ingress is still functioning, this messages keep appearing.
it seems be some regression in 1.5.1 which was introduced in 1.12.6-gke.7
@rramkumar1
Copy link
Contributor

@pdeva Can you please send me an email with your project name, cluster name and cluster location?

@pdeva
Copy link
Author

pdeva commented Apr 4, 2019

@rramkumar1 done.

@rramkumar1 rramkumar1 self-assigned this Apr 4, 2019
@rramkumar1
Copy link
Contributor

rramkumar1 commented Apr 5, 2019
edited
Loading

Had an offline discussion with @pdeva. Here is what we found:

  1. In 1.12.6-gke.7 (Ingress-GCE v1.5.1), we introduced logic to accept both preshared certs and secrets specified in the "tls" field. We previously did not process secrets if you had the preshared cert annotation, but upon upgrade to this version, we now did.

  2. The Ingress being used specified both pre-shared certs and hosts in the "tls" field. Note that it did not specify "secretName". The user was under the impression that we respect the hosts you provide in the "tls" field, but we don't. Since we reconcile GCP SSLCertificate objects, the hosts you specify in your cert are the ones that are respected.

  3. The combination of 1 and 2 meant that we tried to fetch the secret because we were now capable of it but since "secretName" was empty, the resulting error occured. The workaround was to simply delete whatever was specified under the "tls" field since it was not being used anyway.

Couple action items for myself before this issue is closed:

  • Add documentation for this new capability of specifying both preshared certs and secrets.
  • Add documentation that we do not respect what you put under the "hosts" field.
  • Submit a fix in our next patch release that ensures we do not attempt to fetch a secret if the name is not provided.

@rramkumar1 rramkumar1 added kind/documentation Categorizes issue or PR as related to documentation. kind/bug Categorizes issue or PR as related to a bug. labels Apr 5, 2019
@rramkumar1 rramkumar1 mentioned this issue Apr 16, 2019
Merged
@rramkumar1 rramkumar1 mentioned this issue Apr 30, 2019
Merged
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 7, 2019
@bowei
Copy link
Member

bowei commented Aug 8, 2019

/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 8, 2019
@rramkumar1
Copy link
Contributor

All AIs have been address here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rramkumar1 rramkumar1

Labels
kind/bug Categorizes issue or PR as related to a bug. kind/documentation Categorizes issue or PR as related to documentation. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bowei @pdeva @k8s-ci-robot @rramkumar1 @fejta-bot