From e5436df521015057e77de3fe02c174ea8a863b93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Valais?= Date: Thu, 15 Jul 2021 15:00:33 +0200 Subject: [PATCH] gateway-shim: don't crash cert-manager if the Gateway CRD isn't there MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Gateway CRD has to be installed, meaning that the CRDs may be installed after cert-manager. We don't want cert-manager to crash in that case; instead, we let the user know that cert-manager will keep retrying looking for the CRDs with this message on startup: controller.go:181] cert-manager/controller/build-context "msg"="the Gateway API CRDs do not seem to be present, cert-manager will keep retrying watching for them" The user then sees the following message printed (using an exponential back-off): reflector.go:167: Failed to watch *v1alpha1.Gateway: failed to list *v1alpha1.Gateway: the server could not find the requested resource (get gateways.networking.x-k8s.io) Signed-off-by: Maƫl Valais --- cmd/controller/app/BUILD.bazel | 1 + cmd/controller/app/controller.go | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/cmd/controller/app/BUILD.bazel b/cmd/controller/app/BUILD.bazel index b9268ec43..797bf62bf 100644 --- a/cmd/controller/app/BUILD.bazel +++ b/cmd/controller/app/BUILD.bazel @@ -34,6 +34,7 @@ go_library( "//pkg/util/feature:go_default_library", "@com_github_spf13_cobra//:go_default_library", "@io_k8s_api//core/v1:go_default_library", + "@io_k8s_apimachinery//pkg/api/errors:go_default_library", "@io_k8s_apimachinery//pkg/api/resource:go_default_library", "@io_k8s_apimachinery//pkg/util/errors:go_default_library", "@io_k8s_client_go//informers:go_default_library", diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 7a0a0523c..d52477629 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -24,6 +24,7 @@ import ( "time" corev1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" kubeinformers "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" @@ -169,17 +170,19 @@ func buildControllerContext(ctx context.Context, stopCh <-chan struct{}, opts *o return nil, nil, fmt.Errorf("error creating kubernetes client: %s", err.Error()) } + // cert-manager will try watching the Gateway resources with an exponential + // back-off, which allows the user to install the CRDs after cert-manager + // itself. Let's let the user know that the CRDs have not been found yet. if opts.EnabledControllers().Has(shimgw.ControllerName) { - // The user may have enabled the gateway-shim controller but forgotten to - // install the Gateway API CRDs. Failing here will cause cert-manager to go - // into CrashLoopBackoff which is nice and obvious. d := cl.Discovery() resources, err := d.ServerResourcesForGroupVersion(gwapi.GroupVersion.String()) - if err != nil { - return nil, nil, fmt.Errorf("couldn't discover Gateway API resources (are the Gateway API CRDs installed?): %w", err) - } - if len(resources.APIResources) == 0 { - return nil, nil, fmt.Errorf("no gateway API resources were discovered (are the Gateway API CRDs installed?)") + switch { + case apierrors.IsNotFound(err): + log.Info("the Gateway API CRDs do not seem to be present, cert-manager will keep retrying watching for them") + case err != nil: + return nil, nil, fmt.Errorf("while checking if the Gateway API CRD is installed: %s", err.Error()) + case len(resources.APIResources) == 0: + log.Info("the Gateway API CRDs do not seem to be present, cert-manager will keep retrying watching for them") } }