Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Generated svc seems to be invalid when using namespaced and manually making secret #35

Open
samip5 opened this issue Feb 11, 2023 · 8 comments
Labels
enhancement New feature or request spec webhook

Comments

@samip5
Copy link

samip5 commented Feb 11, 2023

Describe the bug
When trying to deploy a onionService, it fails with spec.ports being invalid on the resulting svc but I did not set those.

To Reproduce

  1. Use chart version 0.1.10.
  2. Try to deploy your own onion hidden service using already existing secret

Expected behavior
I would have expected it to work out of the box.

Additional information

1.6760656458278763e+09  INFO    setup   Namespaced mode. Namespace=tor
I0210 23:47:26.879122       1 request.go:665] Waited for 1.042846605s due to client-side throttling, not priority and fairness, request: GET:https://10.96.0.1:443/apis/flowcontrol.apiserver.k8s.io/v1beta2?timeout=32s
1.6760656517309356e+09  INFO    controller-runtime.metrics      Metrics server is starting to listen    {"addr": "127.0.0.1:8080"}
1.6760656517313352e+09  INFO    setup   starting manager
1.67606565173157e+09    INFO    Starting server {"path": "/metrics", "kind": "metrics", "addr": "127.0.0.1:8080"}
1.6760656517315936e+09  INFO    Starting server {"kind": "health probe", "addr": "[::]:8081"}
I0210 23:47:31.731660       1 leaderelection.go:248] attempting to acquire leader lease tor/59806307.k8s.torproject.org...
I0210 23:47:31.739819       1 leaderelection.go:258] successfully acquired lease tor/59806307.k8s.torproject.org
1.6760656517398953e+09  DEBUG   events  Normal  {"object": {"kind":"ConfigMap","namespace":"tor","name":"59806307.k8s.torproject.org","uid":"fbd90cbf-9093-4d01-ac57-b65f7e7f8f99","apiVersion":"v1","resourceVersion":"37451085"}, "reason": "LeaderElection", "message": "controller-tor-controller-9498d848-7rlnf_53a7ea13-44a1-43b6-b95d-2ee8d5aacfe5 became leader"}
1.6760656517399955e+09  DEBUG   events  Normal  {"object": {"kind":"Lease","namespace":"tor","name":"59806307.k8s.torproject.org","uid":"bc0bd139-a8b3-4aad-af0c-e40712e645a2","apiVersion":"coordination.k8s.io/v1","resourceVersion":"37451086"}, "reason": "LeaderElection", "message": "controller-tor-controller-9498d848-7rlnf_53a7ea13-44a1-43b6-b95d-2ee8d5aacfe5 became leader"}
1.676065651740228e+09   INFO    controller.onionservice Starting EventSource    {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService", "source": "kind source: *v1alpha2.OnionService"}
1.6760656517403154e+09  INFO    controller.onionservice Starting Controller     {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService"}
1.6760656517404015e+09  INFO    controller.tor  Starting EventSource    {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "Tor", "source": "kind source: *v1alpha2.Tor"}
1.6760656517404346e+09  INFO    controller.tor  Starting Controller     {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "Tor"}
1.6760656517405043e+09  INFO    controller.onionbalancedservice Starting EventSource    {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionBalancedService", "source": "kind source: *v1alpha2.OnionBalancedService"}
1.6760656517405345e+09  INFO    controller.onionbalancedservice Starting Controller     {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionBalancedService"}
1.6760656518420749e+09  INFO    controller.tor  Starting workers        {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "Tor", "worker count": 1}
1.67606565184213e+09    INFO    controller.onionservice Starting workers        {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService", "worker count": 1}
1.6760656518420577e+09  INFO    controller.onionbalancedservice Starting workers        {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionBalancedService", "worker count": 1}
1.6761279208114672e+09  INFO    controller.onionservice Secret ahmia-onion-secret already exists and is not controller by ahmia-search  {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService", "name": "ahmia-search", "namespace": "tor"}
1.6761279212766361e+09  ERROR   controller.onionservice Reconciler error        {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService", "name": "ahmia-search", "namespace": "tor", "error": "Service \"ahmia-search-tor-svc\" is invalid: spec.ports: Required value"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227
1.6761279212831628e+09  INFO    controller.onionservice Secret ahmia-onion-secret already exists and is not controller by ahmia-search  {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService", "name": "ahmia-search", "namespace": "tor"}
1.676127921300338e+09   ERROR   controller.onionservice Reconciler error        {"reconciler group": "tor.k8s.torproject.org", "reconciler kind": "OnionService", "name": "ahmia-search", "namespace": "tor", "error": "Service \"ahmia-search-tor-svc\" is invalid: spec.ports: Required value"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227

System (please complete the following information):

  • Platform: amd64
  • Version 0.1.10 of Chart

Additional context

Values are here

@samip5 samip5 added the bug Something isn't working label Feb 11, 2023
@samip5
Copy link
Author

samip5 commented Feb 11, 2023

Oh, there is no validating webhook to make sure it's right?

@bugfest
Copy link
Owner

bugfest commented Feb 12, 2023

Hi @samip5, thanks for opening the issue; gonna investigate. The secret and service you're using are in the same namespace? (tor in your example)

@bugfest bugfest self-assigned this Feb 12, 2023
@samip5
Copy link
Author

samip5 commented Feb 12, 2023

Hi @samip5, thanks for opening the issue; gonna investigate. The secret and service you're using are in the same namespace? (tor in your example)

The generated svc and secret are in the same namespace, but my goal is that the backend for the onionservice is not in the same namespace (which doesn't seem supported)...

@bugfest
Copy link
Owner

bugfest commented Feb 12, 2023

Still not sure what's going on; from the log it seems the controller is not able to build the Ports list to create the Service the tor instance will be pointing to:

for _, r := range onion.Spec.Rules {

Can you test deploying the example:
https://github.com/bugfest/tor-controller/blob/master/hack/sample/echoserver.yaml
https://github.com/bugfest/tor-controller/blob/master/hack/sample/onionservice.yaml

And check if the error is reproduced? Also, what k8s version is your affected cluster using?

@samip5
Copy link
Author

samip5 commented Feb 13, 2023

I think it would be useful to include a validating webhook so that there is no such wierd errors when the manifest is incorrect.

I believe it was the result of not including rules at all eg https://github.com/samip5/k8s-cluster/blob/987bb26aedbbbe7672c80cce0e06f0297a5d5179/cluster/apps/tor/services/ahmia-hidden.yaml (which used api version tor.k8s.torproject.org/v1alpha1) and https://github.com/samip5/k8s-cluster/blob/abc35c15e2c16d7dba61869a35ed960d62284e8d/cluster/apps/tor/services/ahmia-hidden.yaml does work.

@bugfest
Copy link
Owner

bugfest commented Feb 13, 2023

Thanks @samip5. I agree, a webhook to validate those will help. I'll change this one too enhancement and will start working on it.

@bugfest bugfest added enhancement New feature or request spec webhook and removed bug Something isn't working labels Feb 13, 2023
@bugfest bugfest modified the milestones: 0.9.x, 0.10.x Mar 14, 2023
@bugfest bugfest removed their assignment Mar 14, 2023
@samip5
Copy link
Author

samip5 commented Aug 22, 2023

@bugfest Was this forgotten?

@bugfest
Copy link
Owner

bugfest commented Aug 22, 2023

Hi @samip5, not forgotten but deprioritized; I've been working on other bug fixes and OLM future migration. I'll keep this open so I don't forget about it. Any implementation draft will welcomed via PR. Thanks for your understanding

@bugfest bugfest removed this from the 0.10.x milestone Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request spec webhook
Projects
None yet
Development

No branches or pull requests

2 participants