search

nirmata / kyverno-aws-adapter

An adapter for Amazon EKS to use with Kyverno for making policy decisions
Apache License 2.0
11 stars 5 forks source link

Adapter pod crashes with a panic #73

Open anusha94 opened 1 year ago

anusha94 commented 1 year ago

Describe the problem: I have an EKS cluster in which NodeGroup is still in creating state. This causes a panic on this line - https://github.com/nirmata/kyverno-aws-adapter/blob/4b8754188c56d4595bfce6bf54e15b72c39fcc66/controllers/awsadapterconfig_controller.go#L279-L281

Here is the stack trace -

1.6807039009989645e+09  INFO    Reconciling {"controller": "awsadapterconfig", "controllerGroup": "security.nirmata.io", "controllerKind": "AWSAdapterConfig", "AWSAdapterConfig": {"name":"kyverno-aws-adapter","namespace":"nirmata-aws-adapter"}, "namespace": "nirmata-aws-adapter", "name": "kyverno-aws-adapter", "reconcileID": "fa612f4a-6f93-421c-bec0-c4f3371d1d54", "req": "nirmata-aws-adapter/kyverno-aws-adapter"}
1.680703900999001e+09   INFO    Loading AWS Adapter config  {"controller": "awsadapterconfig", "controllerGroup": "security.nirmata.io", "controllerKind": "AWSAdapterConfig", "AWSAdapterConfig": {"name":"kyverno-aws-adapter","namespace":"nirmata-aws-adapter"}, "namespace": "nirmata-aws-adapter", "name": "kyverno-aws-adapter", "reconcileID": "fa612f4a-6f93-421c-bec0-c4f3371d1d54"}
1.6807039009992619e+09  INFO    AWS Adapter config loaded successfully  {"controller": "awsadapterconfig", "controllerGroup": "security.nirmata.io", "controllerKind": "AWSAdapterConfig", "AWSAdapterConfig": {"name":"kyverno-aws-adapter","namespace":"nirmata-aws-adapter"}, "namespace": "nirmata-aws-adapter", "name": "kyverno-aws-adapter", "reconcileID": "fa612f4a-6f93-421c-bec0-c4f3371d1d54"}
1.680703902277657e+09   INFO    Observed a panic in reconciler: runtime error: invalid memory address or nil pointer dereference    {"controller": "awsadapterconfig", "controllerGroup": "security.nirmata.io", "controllerKind": "AWSAdapterConfig", "AWSAdapterConfig": {"name":"kyverno-aws-adapter","namespace":"nirmata-aws-adapter"}, "namespace": "nirmata-aws-adapter", "name": "kyverno-aws-adapter", "reconcileID": "fa612f4a-6f93-421c-bec0-c4f3371d1d54"}
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
    panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x1634e6d]

goroutine 252 [running]:
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:118 +0x1f4
panic({0x17b2120, 0x29f0cc0})
    /usr/local/go/src/runtime/panic.go:884 +0x212
github.com/nirmata/kyverno-aws-adapter/controllers.(*AWSAdapterConfigReconciler).Reconcile(0xc0006da5d0, {0x1de5e58, 0xc0006d1380}, {{{0xc000598b28?, 0x10?}, {0xc000598b10?, 0x40dae7?}}})
    /workspace/controllers/awsadapterconfig_controller.go:279 +0x320d
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x1de5db0?, {0x1de5e58?, 0xc0006d1380?}, {{{0xc000598b28?, 0x18e1bc0?}, {0xc000598b10?, 0x4045d4?}}})
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:121 +0xc8
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0003ca6e0, {0x1de5db0, 0xc0007441c0}, {0x1813c40?, 0xc0006053e0?})
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:320 +0x33c
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0003ca6e0, {0x1de5db0, 0xc0007441c0})
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:273 +0x1d9
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:234 +0x85
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.13.0/pkg/internal/controller/controller.go:230 +0x333

Attaching a screenshot from EKS console:

image

Expected Behavior: I would expect that the AWSAdapterConfig has information about the NodeGroup that is Ready and reconcile the other NodeGroup on the next reconcile loop. It should definitely not cause panic.