carvel-dev
kapp-controller failing to start when isitio proxy is enabled on the namespace
What steps did you take:
- Install kapp-controller on your cluster, kapp-controller will be running with 1 container
- Install istio-/proxy v1.13 in your cluster
- Enable istio injection on the namespace where kapp-controller is running
- Manually delete the kapp-controller pod so that istio/proxy can be injected into it
- Now you will notice the kapp-controller pod has 2 containers (1 kc and other of istio proxy side car). The kapp-controller container fails to come up with the following error -
{"level":"info","ts":1647424851.3420548,"logger":"kc.main","msg":"kapp-controller","version":"0.30.0"}
{"level":"info","ts":1647424851.3424857,"logger":"kc.init","msg":"start init"}
{"level":"info","ts":1647424851.3504808,"logger":"kc.init","msg":"starting zombie reaper"}
{"level":"info","ts":1647424851.4911575,"logger":"kc.main","msg":"kapp-controller","version":"0.30.0"}
{"level":"info","ts":1647424851.4914856,"logger":"kc.controller","msg":"start controller"}
{"level":"info","ts":1647424851.4915998,"logger":"kc.controller","msg":"setting up manager"}
I0316 10:00:53.493011 12 request.go:645] Throttling request took 1.044402152s, request: GET:[https://10.245.0.1:443/apis/admissionregistration.k8s.io/v1?timeout=32s](https://10.245.0.1/apis/admissionregistration.k8s.io/v1?timeout=32s)
{"level":"info","ts":1647424854.7012618,"logger":"controller-runtime.metrics","msg":"metrics server is starting to listen","addr":":8080"}
{"level":"info","ts":1647424854.702086,"logger":"kc.controller","msg":"setting up controller"}
{"level":"info","ts":1647424854.7249172,"logger":"kc.controller","msg":"setting up metrics"}
I0316 10:00:55.820692 12 serving.go:325] Generated self-signed cert (/home/kapp-controller/kc-agg-api-selfsigned-certs/kapp-controller.crt, /home/kapp-controller/kc-agg-api-selfsigned-certs/kapp-controller.key)
I0316 10:00:55.822394 12 apiserver.go:190] Syncing CA certificate with APIServices
{"level":"error","ts":1647424855.8656304,"logger":"kc.main","msg":"Exited run with error","error":"Building API server: error updating api service with generated certs: error updating kapp-controller CA cert of APIService v1alpha1.data.packaging.carvel.dev: Operation cannot be fulfilled on apiservices.apiregistration.k8s.io \"v1alpha1.data.packaging.carvel.dev\": the object has been modified; please apply your changes to the latest version and try again","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tgithub.com/go-logr/[email protected]/zapr.go:132\nmain.main\n\t./main.go:44\nruntime.main\n\truntime/proc.go:255"}
{"level":"error","ts":1647424855.8730576,"logger":"kc.init","msg":"Could not start controller","error":"exit status 1","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\tgithub.com/go-logr/[email protected]/zapr.go:132\ngithub.com/vmware-tanzu/carvel-kapp-controller/cmd/controllerinit.Run\n\tgithub.com/vmware-tanzu/carvel-kapp-controller/cmd/controllerinit/run.go:38\nmain.main\n\t./main.go:51\nruntime.main\n\truntime/proc.go:255"}
What happened:
The kapp-controller container is failing to come up when the istio proxy side car container is running along with it
What did you expect:
Expect the kapp-controller container to run as expected
Anything else you would like to add: [Additional information that will assist in solving the issue.]
Environment:
- kapp Controller version (execute
kubectl get deployment -n kapp-controller kapp-controller -o yamland the annotation iskbld.k14s.io/images):
kapp-controller version - v0.30.0
- Kubernetes version (use
kubectl version)
k8s version - v1.21.1
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible" 👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.
