Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors when encryptionConfig is enabled, but no encryptionconfig secret #9885

Merged
merged 1 commit into from
Sep 8, 2020
Merged

Errors when encryptionConfig is enabled, but no encryptionconfig secret #9885

merged 1 commit into from
Sep 8, 2020

Conversation

olemarkus
Copy link
Member

When encryptionConfig is enabled, but the secret is missing, there is no visible errors anywhere. kube-apiserver just goes into a crashloop without any complains. This PR adds warnings both on the client side and through nodeup.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 8, 2020
@olemarkus
Copy link
Member Author

/kind bug

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 8, 2020
hakman
hakman reviewed Sep 8, 2020
View reviewed changes
nodeup/pkg/model/kube_apiserver.go Outdated
Comment on lines 74 to 75
encryptioncfg, err := b.SecretStore.Secret(key)
if encryptioncfg != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems odd to read the error, but condition based on the encryptioncfg value.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, you are right. If the secret is not set, Secret will return an error too. So I guess we can trust we have a secret if err is nil. Amended.

Errors when encryptionConfig is enabled, but no encryptionconfig secret
192d6a4 
When encryptionConfig is enabled, but the secret is missing, there is no
visible errors anywhere. kube-apiserver just goes into a crashloop
without any complains. This PR adds warnings both on the client side and
through nodeup.
@olemarkus olemarkus force-pushed the encryptionconfig-warn branch from 96dc3b7 to 192d6a4 Compare September 8, 2020 15:46
@hakman
Copy link
Member

hakman commented Sep 8, 2020

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 8, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hakman, olemarkus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 8, 2020
@k8s-ci-robot k8s-ci-robot merged commit 68b2302 into kubernetes:master Sep 8, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.19 milestone Sep 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hakman hakman hakman left review comments

@joshbranham joshbranham Awaiting requested review from joshbranham

Assignees

@hakman hakman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/nodeup cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.19
Development

Successfully merging this pull request may close these issues.
3 participants
@olemarkus @hakman @k8s-ci-robot