Ambassador: Regression: Ambassador fails to start if there is an IngressClass resource in the cluster

Created on 8 Jan 2021  路  5Comments  路  Source: datawire/ambassador

Describe the bug

Ambassador fails to start in a cluster that has an IngressClass resource (see [1] for log output).

The error appears to be related to the logic here when working with IngressClasses - where the code calls obj.namespace which fails for IngressClass because it is a cluster-scoped resource.

This does not fail with Ambassador version 1.8.1 - I believe because the validation in def namespace (self) was only added in this commit.

To Reproduce
Steps to reproduce the behavior:

  1. Create an IngressClass resource e.g.
apiVersion: networking.k8s.io/v1beta1
kind: IngressClass
metadata:
  creationTimestamp: "2021-01-05T22:37:32Z"
  generation: 1
  managedFields:
  - apiVersion: networking.k8s.io/v1beta1
    fieldsType: FieldsV1
    fieldsV1:
      f:spec:
        f:controller: {}
    manager: oc
    operation: Update
    time: "2021-01-05T22:37:32Z"
  name: nginx
  resourceVersion: "5440401"
  selfLink: /apis/networking.k8s.io/v1beta1/ingressclasses/nginx
  uid: 9f33c857-c6fa-4adb-90cc-a2954b9c962b
spec:
  controller: nginx.org/ingress-controller
  1. Start Ambassador - the pod will fail to start with the error in [1]

Expected behavior
Ambassador startup is not impacted by IngressClass resources

Versions (please complete the following information):

  • Ambassador: 1.9.1, 1.10.0
  • Kubernetes environment [e.g. Minikube, bare metal, Google Kubernetes Engine]
  • Version [e.g. 1.8.1]

Additional context
Note - we are using annotations for Ambassador configuration instead of CRDs.

Startup logs:
[1]

2021-01-05 23:43:01 diagd 1.9.1 [P61TAEW] ERROR: could not reconfigure: KubernetesObject ingressclass.networking.k8s.io nginx has no namespace (it is cluster-scoped)
2021-01-05 23:43:01 diagd 1.9.1 [P61TAEW] ERROR: KubernetesObject ingressclass.networking.k8s.io nginx has no namespace (it is cluster-scoped)
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/ambassador-0.0.0.dev0-py3.8.egg/ambassador_diag/diagd.py", line 1298, in run
    self.load_config_watt(rqueue, url)
  File "/usr/lib/python3.8/site-packages/ambassador-0.0.0.dev0-py3.8.egg/ambassador_diag/diagd.py", line 1447, in load_config_watt
    fetcher.parse_watt(serialization)
  File "/usr/lib/python3.8/site-packages/ambassador-0.0.0.dev0-py3.8.egg/ambassador/fetch/fetcher.py", line 242, in parse_watt
    self.handle_k8s(obj)
  File "/usr/lib/python3.8/site-packages/ambassador-0.0.0.dev0-py3.8.egg/ambassador/fetch/fetcher.py", line 315, in handle_k8s
    if not self.check_k8s_dup(obj.kind, obj.namespace, obj.name):
  File "/usr/lib/python3.8/site-packages/ambassador-0.0.0.dev0-py3.8.egg/ambassador/fetch/k8sobject.py", line 119, in namespace
    raise AttributeError(f'{self.__class__.__name__} {self.gvk.domain} {self.name} has no namespace (it is cluster-scoped)')
AttributeError: KubernetesObject ingressclass.networking.k8s.io nginx has no namespace (it is cluster-scoped)
bug

Most helpful comment

I built a Docker image for you from the PR in #3143 that should fix this issue. You're welcome to give it a try if you like: nfontes/ambassador:pull-3143

Thanks @impl . I did try this in a cluster and it appears to have fixed the issue.

All 5 comments

Ouch, thanks for the report @vkamra!

@impl has graciously offered to help as we dig into this -- thanks!

@impl has graciously offered to help as we dig into this -- thanks!

That's amazing - thank you @kflynn and @impl . LMK what I can help with - would be happy to repro/test a fix/private build if that would be helpful.

Hey there @vkamra,

I built a Docker image for you from the PR in #3143 that should fix this issue. You're welcome to give it a try if you like: nfontes/ambassador:pull-3143

Thanks, and my apologies for the inconvenience!

I built a Docker image for you from the PR in #3143 that should fix this issue. You're welcome to give it a try if you like: nfontes/ambassador:pull-3143

Thanks @impl . I did try this in a cluster and it appears to have fixed the issue.

Leaving this open until a release ships with the fix.

Was this page helpful?
0 / 5 - 0 ratings