Closed majst01 closed 8 months ago
rewall monitor successfully updated, requeuing in 10s","name":"shoot--pcfgbt--forbidden-firewall-ad19e","namespace":"firewall"}
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: {"level":"info","timestamp":"2024-01-15T13:57:08+01:00","caller":"controller/controller.go:118","msg":"Observed a panic in reconciler: runtime error: invalid memory address
or nil pointer dereference","controller":"clusterwidenetworkpolicy","controllerGroup":"metal-stack.io","controllerKind":"ClusterwideNetworkPolicy","ClusterwideNetworkPolicy":{"name":"allow-to-forbidden","namespace":"firewall"},"namespace
":"firewall","name":"allow-to-forbidden","reconcileID":"2af9ae73-266a-4a63-a55d-cf8a1b0f6b49"}
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: panic: runtime error: invalid memory address or nil pointer dereference [recovered]
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: panic: runtime error: invalid memory address or nil pointer dereference
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: [signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x168b6cd]
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: goroutine 774 [running]:
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime@v0.14.6/pkg/internal/controller/controller.go:119 +0x1e5
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: panic({0x1810a20?, 0x29dc300?})
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: runtime/panic.go:914 +0x21f
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: github.com/metal-stack/firewall-controller/v2/controllers.(*ClusterwideNetworkPolicyReconciler).validateCWNPEgressTargetPrefix(_, {{{0x16e22be, 0x18}, {0xc0007eb248, 0x11}}
, {{0xc0007eb1b8, 0x12}, {0x0, 0x0}, {0xc000d165b8, ...}, ...}, ...}, ...)
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: github.com/metal-stack/firewall-controller/v2/controllers/clusterwidenetworkpolicy_controller.go:283 +0x30d Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: github.com/metal-stack/firewall-controller/v2/controllers.(*ClusterwideNetworkPolicyReconciler).allowedCWNPsOrDelete(0xc000281c00, {0x1cee5e8, 0xc000c8ed50}, {0xc00110aa80?
, 0x7, 0xc0011fe000?}, {0xc000d851a0?, 0x53d75a?}, {{0xc000e0e040, 0x1, ...}, ...})
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: github.com/metal-stack/firewall-controller/v2/controllers/clusterwidenetworkpolicy_controller.go:222 +0x24e Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: github.com/metal-stack/firewall-controller/v2/controllers.(*ClusterwideNetworkPolicyReconciler).Reconcile(0xc000281c00, {0x1cee5e8, 0xc000c8ed50}, {{{0xc000c8ed50?, 0x0?},
{0xc000bc5d20?, 0x4105a5?}}})
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: github.com/metal-stack/firewall-controller/v2/controllers/clusterwidenetworkpolicy_controller.go:101 +0x345 Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x1cee5e8?, {0x1cee5e8?, 0xc000c8ed50?}, {{{0xc000d165b8?, 0x1756560?}, {0xc0007eb1b8?, 0x1ce
0108?}}})
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime@v0.14.6/pkg/internal/controller/controller.go:122 +0xb7
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc000621360, {0x1cee620, 0xc0005730e0}, {0x1898200?, 0xc000a9f3c0?})
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime@v0.14.6/pkg/internal/controller/controller.go:323 +0x368
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc000621360, {0x1cee620, 0xc0005730e0})
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime@v0.14.6/pkg/internal/controller/controller.go:274 +0x1c9
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime@v0.14.6/pkg/internal/controller/controller.go:235 +0x79
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2 in goroutine 643
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e ip[2052]: sigs.k8s.io/controller-runtime@v0.14.6/pkg/internal/controller/controller.go:231 +0x565
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e systemd[1]: firewall-controller.service: Main process exited, code=exited, status=2/INVALIDARGUMENT
Jan 15 13:57:08 shoot--pcfgbt--forbidden-firewall-ad19e systemd[1]: firewall-controller.service: Failed with result 'exit-code'.
Error is weird:
3s Warning ForbiddenCIDR service/nginx-gardener the specified of "nginx-gardener" to address:"212.34.83.6/32" is outside of the allowed network range:"100.64.0.0/10", ignoring
Related to: https://github.com/fi-ts/proxy-services/issues/4
Todos: