tyk-operator
tyk-operator copied to clipboard
TykTechnologies
Can't connect Api to a user_group_owners
When using a OperatorContext or Secret:tyk-operator-conf if it contains user_group_owners the creating of api's fails
Expected Behavior
To be able to create api's that belong to a specific team
Current Behavior
{"level":"info","ts":1712314883.2202964,"logger":"controllers.SecretCert","msg":"ApiDefinition updated successfully","cert":"monitoring/server-cert-prometheus-tyk"} {"level":"info","ts":1712314883.258113,"logger":"controllers.ApiDefinition","msg":"Call","ApiDefinition":"monitoring/monitoring-prometheus-ingress-tyk-7990cf181","Method":"GET","URL":"https://glorious-tinderbox-adm.aws-euc1.cloud-ara.tyk.io/api/apis/bW9uaXRvcmluZy9tb25pdG9yaW5nLXByb21ldGhldXMtaW5ncmVzcy10eWstNzk5MGNmMTgx","Status":200} {"level":"error","ts":1712314883.2591567,"logger":"controllers.ApiDefinition","msg":"Failed to update Status","ApiDefinition":"monitoring/monitoring-prometheus-ingress-tyk-7990cf181","error":"unable to get api monitoring/monitoring-prometheus-ingress-tyk-7990cf181 ApiDefinition.tyk.tyk.io "monitoring-prometheus-ingress-tyk-7990cf181" not found","stacktrace":"github.com/TykTechnologies/tyk-operator/controllers.(*ApiDefinitionReconciler).Reconcile.func1\n\t/workspace/controllers/apidefinition_controller.go:201\nsigs.k8s.io/controller-runtime/pkg/controller/controllerutil.mutate\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/controller/controllerutil/controllerutil.go:341\nsigs.k8s.io/controller-runtime/pkg/controller/controllerutil.CreateOrUpdate\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/controller/controllerutil/controllerutil.go:213\ngithub.com/TykTechnologies/tyk-operator/controllers.(*ApiDefinitionReconciler).Reconcile\n\t/workspace/controllers/apidefinition_controller.go:118\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:214"} {"level":"error","ts":1712314883.2594898,"logger":"controller-runtime.manager.controller.apidefinition","msg":"Reconciler error","reconciler group":"tyk.tyk.io","reconciler kind":"ApiDefinition","name":"monitoring-prometheus-ingress-tyk-7990cf181","namespace":"monitoring","error":"unable to get api monitoring/monitoring-prometheus-ingress-tyk-7990cf181 ApiDefinition.tyk.tyk.io "monitoring-prometheus-ingress-tyk-7990cf181" not found","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:214"}
@g-bohncke I am not able to reproduce this issue. Can you provide following details:
- Operator and Tyk Gateway/Dashboard version
- Manifest files you are applying
@komalsukhani I checked today with the latest versions and it still persists tyk-operator Helm version: 0.17.0 tyk-data-plane Helm version: 1.3.0 Dashboard is the trail version running at https://glorious-tinderbox-adm.aws-euc1.cloud-ara.tyk.io/apis
by adding TYK_USER_GROUP_OWNERS I get the above error
The tyk-operator-conf :
apiVersion: v1 data: TYK_AUTH: Y2YxNjA4Nzc0MDJhNDA0ZTc2MTRjYmI4YjY0NTNkZDI= TYK_MODE: cHJv TYK_ORG: NjYwZWQ5MWU3ZDI0NzIwMDAxZGUzYzky TYK_TLS_INSECURE_SKIP_VERIFY: dHJ1ZQ== TYK_URL: aHR0cHM6Ly9nbG9yaW91cy10aW5kZXJib3gtYWRtLmF3cy1ldWMxLmNsb3VkLWFyYS50eWsuaW8= TYK_USER_GROUP_OWNERS: cGxhdGZvcm0= immutable: false kind: Secret metadata: annotations: reconcile.external-secrets.io/data-hash: c7047e8ff8ec82145eeca0ef3a9a64e1 labels: argocd.argoproj.io/instance: portals-non-prod-tyk-operator-system reconcile.external-secrets.io/created-by: d8b76303a7a9c2bb45a913e23b124493 name: tyk-operator-conf namespace: tyk-operator-system ownerReferences:
- apiVersion: external-secrets.io/v1beta1 blockOwnerDeletion: true controller: true kind: ExternalSecret name: tyk-operator-conf type: Opaque
@g-bohncke Sorry for delay in response.
You have set platform in the user group owners. We need to set user group id in that field instead of group name.