search

aws / aws-application-networking-k8s

A Kubernetes controller for Amazon VPC Lattice
https://www.gateway-api-controller.eks.aws.dev/
Apache License 2.0
175 stars 50 forks source link

Controller errors out when TLSRoute CRD is not installed #658

Closed xonstone closed 3 months ago

xonstone commented 3 months ago

We installed the latest version (v1.0.6) onto our cluster without first installing the TLSRoute CRD since we dont need it. The controller started erroring out with the following error:

 {"level":"error","ts":"2024-07-30T13:29:26.831Z","logger":"setup","caller":"workspace/main.go:249","msg":"failed to wait for tlsroute caches to sync: timed out waiting for cache to be synced for Kind *v1alpha2.TLSRouteproblem running manager"}

This was resolved by applying the TLSRoute CRD...

zijun726911 commented 3 months ago

The TLSRoute CRD is included in the v1.0.6 controller helm chart. Without it, the v1.0.6 controller is not fully functional and expect not to work. Any specific reasons why you prefer not to install the TLSRoute in your cluster? just you don't need the TLSRoute and TLS pass-through functionality ?

Maybe we can do that improvement in the controller code: once that controller detect the current cluster don't have TLSRoute CRD, it automatically disable the TLSRoute(TLS pass-through) functionality and the controller start normally. (However, this may be challenging to implement due to the extensive integration of TLSRoute logic within the controller code. Nonetheless, this is more of an implementation concern and not a user experience concern.)

What do you think about this approach?

xonstone commented 3 months ago

I think that approach can definitely work but the approach mentioned in https://github.com/aws/aws-application-networking-k8s/issues/660 could also work.

Either way the additional required CRD's should also be mentioned in upgrade notes or something since the Helm Chart won't install those automatically when upgrading like explained here.

xonstone commented 3 months ago

Any specific reasons why you prefer not to install the TLSRoute in your cluster? just you don't need the TLSRoute and TLS pass-through functionality ?

We are indeed not using this functionality and would like to not expose it in our platform cluster

zijun726911 commented 3 months ago

ok, I will update the public doc and v1.0.6 release note to mention user need to install TLSRoute CRD if they hope to use v1.0.6 controller