Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding missing Secret for already configured KonnectExtension with DataPlane does not trigger reconciliation #1048

Open
programmer04 opened this issue Jan 17, 2025 · 0 comments
Open

Adding missing Secret for already configured KonnectExtension with DataPlane does not trigger reconciliation #1048

programmer04 opened this issue Jan 17, 2025 · 0 comments
Labels
area/konnect area/konnect-DPs bug Something isn't working

Comments

@programmer04
Copy link
Member

Current Behavior

Applying KonnectExtension with DataPlane, but without the required Secret marks DataPlane is not ready as expected.

...
  status:
    conditions:
    - lastTransitionTime: "2025-01-17T13:33:48Z"
      message: There are other conditions that are not yet ready
      observedGeneration: 1
      reason: DependenciesNotReady
      status: "False"
      type: Ready
    - lastTransitionTime: "2025-01-17T13:33:48Z"
      message: cluster certificate not found - the cluster certificate secret kong-system/konnect-client-tls
        referenced by the extension kong-system/my-konnect-config is not found
      observedGeneration: 1
      reason: InvalidSecret
      status: "False"
      type: ResolvedRefs
    readyReplicas: 0
    replicas: 0
    selector: f22988cc-19ee-4f6a-8cdd-8f50dec313e1

but after adding the missing Secret the reconciliation is not triggered and DataPlane gets stuck in the above state.

Expected Behavior

Required Secret can be added after applying KonnectExtension with DataPlane - reconciliation is triggered and the status of DataPlane is marked as ready.

Steps To Reproduce

Apply the above

apiVersion: gateway-operator.konghq.com/v1alpha1
kind: KonnectExtension
metadata:
  name: my-konnect-config
spec:
  controlPlaneRef:
    type: konnectID
    konnectID: 89722ff2ee
  controlPlaneRegion: eu
  serverHostname: konghq.tech
  konnectControlPlaneAPIAuthConfiguration:
    clusterCertificateSecretRef:
      name: konnect-client-tls
---
apiVersion: gateway-operator.konghq.com/v1beta1
kind: DataPlane
metadata:
  name: konnect-extension-example
spec:
  extensions:
    - kind: KonnectExtension
      name: my-konnect-config
      group: gateway-operator.konghq.com
  deployment:
    replicas: 3
    podTemplateSpec:
      metadata:
        labels:
          dataplane-pod-label: example
        annotations:
          dataplane-pod-annotation: example
      spec:
        containers:
          - name: proxy
            # renovate: datasource=docker versioning=docker
            image: kong/kong-gateway:3.9
            readinessProbe:
              initialDelaySeconds: 1
              periodSeconds: 1

check status

kubectl get dataplane

column READY shows False as expected

Add missing Secret

kubectl create secret tls konnect-client-tls  --cert=./tls.crt --key=./tls.key

still, column READY shows False.

Operator Version

Current main as written 10ca2ec - KGO v1.4+
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/konnect area/konnect-DPs bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@programmer04