weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

gateway-shim: don't crash cert-manager if the Gateway CRD isn't there

Browse Source 
The Gateway CRD has to be installed, meaning that the CRDs may be
installed after cert-manager. We don't want cert-manager to crash in
that case; instead, we let the user know that cert-manager will keep
retrying looking for the CRDs with this message on startup:

  controller.go:181] cert-manager/controller/build-context "msg"="the
  Gateway API CRDs do not seem to be present, cert-manager will keep
  retrying watching for them"

The user then sees the following message printed (using an exponential
back-off):

  reflector.go:167: Failed to watch *v1alpha1.Gateway: failed to list
  *v1alpha1.Gateway: the server could not find the requested resource
  (get gateways.networking.x-k8s.io)

Signed-off-by: Maël Valais <mael@vls.dev>
This commit is contained in:
Maël Valais 2021-07-15 15:00:33 +02:00
parent f77954e5e3
commit e5436df521
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/controller/app/BUILD.bazel
View File

@ -34,6 +34,7 @@ go_library(
"//pkg/util/feature:go_default_library",
"@com_github_spf13_cobra//:go_default_library",
"@io_k8s_api//core/v1:go_default_library",
"@io_k8s_apimachinery//pkg/api/errors:go_default_library",
"@io_k8s_apimachinery//pkg/api/resource:go_default_library",
"@io_k8s_apimachinery//pkg/util/errors:go_default_library",
"@io_k8s_client_go//informers:go_default_library",

19
cmd/controller/app/controller.go
View File

@ -24,6 +24,7 @@ import (
"time"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/resource"
kubeinformers "k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
@ -169,17 +170,19 @@ func buildControllerContext(ctx context.Context, stopCh <-chan struct{}, opts *o
return nil, nil, fmt.Errorf("error creating kubernetes client: %s", err.Error())
}
// cert-manager will try watching the Gateway resources with an exponential
// back-off, which allows the user to install the CRDs after cert-manager
// itself. Let's let the user know that the CRDs have not been found yet.
if opts.EnabledControllers().Has(shimgw.ControllerName) {
// The user may have enabled the gateway-shim controller but forgotten to
// install the Gateway API CRDs. Failing here will cause cert-manager to go
// into CrashLoopBackoff which is nice and obvious.
d := cl.Discovery()
resources, err := d.ServerResourcesForGroupVersion(gwapi.GroupVersion.String())
if err != nil {
return nil, nil, fmt.Errorf("couldn't discover Gateway API resources (are the Gateway API CRDs installed?): %w", err)
}
if len(resources.APIResources) == 0 {
return nil, nil, fmt.Errorf("no gateway API resources were discovered (are the Gateway API CRDs installed?)")
switch {
case apierrors.IsNotFound(err):
log.Info("the Gateway API CRDs do not seem to be present, cert-manager will keep retrying watching for them")
case err != nil:
return nil, nil, fmt.Errorf("while checking if the Gateway API CRD is installed: %s", err.Error())
case len(resources.APIResources) == 0:
log.Info("the Gateway API CRDs do not seem to be present, cert-manager will keep retrying watching for them")
}
}