Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GKE: DataPlane in Konnect never gets marked as ready #888

Open
mlavacca opened this issue Nov 26, 2024 · 1 comment
Open

GKE: DataPlane in Konnect never gets marked as ready #888

mlavacca opened this issue Nov 26, 2024 · 1 comment
Assignees
Labels
area/gcp area/konnect-DPs bug Something isn't working
Milestone

Comments

@mlavacca
Copy link
Member

Current Behavior

When creating a DataPlane with a KonnectExtension all the expected resources are provisioned and properly works, but the DataPlane CR never gets marked as ready by KGO

Expected Behavior

When the DataPlane is properly configured and running, it should be marked as Ready by KGO

Additional Information

This issue has been observed in GKE. It should be tested if that happens in Kind or other environments as well.

@mlavacca mlavacca added bug Something isn't working area/konnect-DPs labels Nov 26, 2024
@mlavacca mlavacca added this to the KGO v1.5.x milestone Nov 26, 2024
@programmer04 programmer04 self-assigned this Jan 13, 2025
@programmer04
Copy link
Member

programmer04 commented Jan 17, 2025

It occurs on a GKE Autopilot cluster. You can use config/samples/dataplane-konnect-extension.yaml to reproduce it.

The root cause is mutation of DataPlane's respective K8s Deployment by K8s GKE Autopilot cluster, see

...
- 				Resources: v1.ResourceRequirements{
- 					Limits: v1.ResourceList{
- 						s"cpu":               {i: resource.int64Amount{...}, s: "1", Format: "DecimalSI"},
- 						s"ephemeral-storage": {i: resource.int64Amount{...}, s: "1Gi", Format: "BinarySI"},
- 						s"memory":            {i: resource.int64Amount{...}, Format: "BinarySI"},
- 					},
- 					Requests: v1.ResourceList{
- 						s"cpu":               {i: resource.int64Amount{...}, s: "100m", Format: "DecimalSI"},
- 						s"ephemeral-storage": {i: resource.int64Amount{...}, s: "1Gi", Format: "BinarySI"},
- 						s"memory":            {i: resource.int64Amount{...}, s: "103Mi", Format: "BinarySI"},
- 					},
- 				},
+ 				Resources: v1.ResourceRequirements{
+ 					Limits: v1.ResourceList{
+ 						s"cpu":    {i: resource.int64Amount{...}, s: "1", Format: "DecimalSI"},
+ 						s"memory": {i: resource.int64Amount{...}, Format: "BinarySI"},
+ 					},
+ 					Requests: v1.ResourceList{
+ 						s"cpu":    {i: resource.int64Amount{...}, s: "100m", Format: "DecimalSI"},
+ 						s"memory": {i: resource.int64Amount{...}, s: "20Mi", Format: "BinarySI"},
+ 					},
+ 				},
...
- 				SecurityContext:          s"&SecurityContext{Capabilities:&Capabilities{Add:[],Drop:[NET_RAW],},Privileged:nil,SELinuxOptions:nil,RunAsUser:nil,RunAsNonRoot:nil,ReadOnlyRootFilesystem:nil,AllowPrivilegeEscalation:nil,RunAsGroup:nil,ProcMount:nil,WindowsOptions:nil,SeccompProfile:nil,"...,
+ 				SecurityContext:          nil,

where those marked with - are from GKE and those with + are prepared by KGO.

Modified fields

that leads to getting stuck on

if err != nil {
return ctrl.Result{}, fmt.Errorf("could not build Deployment for DataPlane %s: %w", dpNn, err)
}
if res != op.Noop {
return ctrl.Result{}, nil
}

because res is always different than op.Noop and reconciliation doesn't progress, hence code responsible for setting proper status is never reached

❗ Exactly the same happens for ControlPlane

@programmer04 programmer04 changed the title DataPlane in Konnect never gets marked as ready GKE: DataPlane in Konnect never gets marked as ready Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/gcp area/konnect-DPs bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants