search

voyagermesh / voyager

🚀 Secure L7/L4 (HAProxy) Ingress Controller for Kubernetes
https://voyagermesh.com
Apache License 2.0
1.35k stars 134 forks source link

Voyager 6.0.0 on GKE 1.8.5: Failed to list *v1beta1.Ingress: unstructured cannot convert field labels #889

Closed tamalsaha closed 6 years ago

tamalsaha commented 6 years ago 
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.6", GitCommit:"6260bb08c46c31eea6cb538b34a9ceb3e406689c", GitTreeState:"clean", BuildDate:"2017-12-21T06:34:11Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"8+", GitVersion:"v1.8.5-gke.0", GitCommit:"2c2a807131fa8708abc92f3513fe167126c8cce5", GitTreeState:"clean", BuildDate:"2017-12-19T20:05:45Z", GoVersion:"go1.8.3b4", Compiler:"gc", Platform:"linux/amd64"}
daemon.err: Feb 21 02:20:45 haproxy-controller: I0221 02:23:06.349885      27 reflector.go:240] Listing and watching *v1beta1.Ingress from github.com/appscode/voyager/informers/externalversions/factory.go:73
daemon.err: Feb 21 02:20:45 haproxy-controller: E0221 02:23:06.353685      27 reflector.go:205] github.com/appscode/voyager/informers/externalversions/factory.go:73: Failed to list *v1beta1.Ingress: unstructured cannot convert field labels
rzal commented 6 years ago

Hi Tamalsaha,

First of all, thanks for working on this ingress controller. I've got the same problem reported by the haproxy-controller

voyager haproxy-controller --analytics=true --burst=1000000 --cloud-provider=azure --ingress-api-version=voyager.appscode.com/v1beta1 --ingress-name=fsdca-mqtt-deployment-ingress --qps=1e+06 --reload-cmd=/etc/sv/haproxy/reload --logtostderr=false --alsologtostderr=false --v=100 --stderrthreshold=0

That debug level shows the following request: curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: voyager/v0.0.0 (linux/amd64) kubernetes/$Format" -H "Authorization: Bearer eyJhbGciOiJSAdqKo..." https://10.0.0.1:443/apis/voyager.appscode.com/v1beta1/namespaces/fsdca/ingresses?fieldSelector=metadata.name%3Dfsdca-deployment-ingress&limit=500&resourceVersion=0

Curling just the https://10.0.0.1:443/apis/voyager.appscode.com/v1beta1/namespaces/fsdca/ingresses without the URL parameters the API returns the list of the Ingresses without an error.

As the result the haproxy-controller doesn't seem to reflect the changes in the haproxy.conf

I am also seeing a tons of I0301 11:55:53.872636 1 logs.go:19] http: TLS handshake error from 10.244.0.6:33384: remote error: tls: bad certificate messages in the operator logs, not sure if these are related.

Thanks

tamalsaha commented 6 years ago

I think this is what is going on. In Kubernetes 1.8.x, CRDs did not support field labels. This was added https://github.com/kubernetes/apiextensions-apiserver/commit/f10f6d006980b99166963064196be2428ce1b413

This works ok in 1.9. https://github.com/kubernetes/apiextensions-apiserver/blob/release-1.9/pkg/apiserver/customresource_handler.go#L406

My understanding was that it was added in later version of kube 1.8.x (port 1.8.32) In 6.0.0-rc.x, we have started using field labels. So, I am going to remove the field selector this for now.

tamalsaha commented 6 years ago

This has been fixed in 6.0.0 .