kube-lego
kube-lego copied to clipboard
jetstack
Crashes with invalid (?) ingress definition
I was messing around with ingress and accidentally made an error which I didn't notice at first:
...
rules:
- http:
- host: example.com
http:
paths:
...
You can see there was an empty http. Load balancer didn't have any weird entries, other paths worked as expected. However, kube-lego kept crashing. Didn't realise what the issue was at first and did a bunch of fruitless changes until I noticed the error. I then pushed fixed ingress definition and it started functioning again. Didn't double check that it was the cause, though.
Whole pod log is pasted below:
2017-04-29T12:48:57.898037535Z time="2017-04-29T12:48:57Z" level=info msg="kube-lego 0.1.3-d425b293 starting" context=kubelego
2017-04-29T12:48:58.093553723Z time="2017-04-29T12:48:58Z" level=info msg="connected to kubernetes api v1.5.6" context=kubelego
2017-04-29T12:48:58.094114827Z time="2017-04-29T12:48:58Z" level=info msg="server listening on http://:8080/" context=acme
2017-04-29T12:48:58.110941875Z time="2017-04-29T12:48:58Z" level=info msg="disable provider no TLS hosts found" context=provider provider=nginx
2017-04-29T12:48:58.113296434Z panic: runtime error: invalid memory address or nil pointer dereference
2017-04-29T12:48:58.113437526Z [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x6a25ba]
2017-04-29T12:48:58.113454246Z
2017-04-29T12:48:58.113521092Z goroutine 15 [running]:
2017-04-29T12:48:58.113600034Z panic(0x1816780, 0xc42000a030)
2017-04-29T12:48:58.113675207Z /usr/local/go/src/runtime/panic.go:500 +0x1a1
2017-04-29T12:48:58.113789801Z github.com/jetstack/kube-lego/pkg/provider/gce.(*Gce).Process(0xc420011f50, 0x2444760, 0xc42017f0a0, 0x3, 0x1)
2017-04-29T12:48:58.113862767Z /go/src/github.com/jetstack/kube-lego/pkg/provider/gce/gce.go:121 +0x1ca
2017-04-29T12:48:58.114021282Z github.com/jetstack/kube-lego/pkg/kubelego.(*KubeLego).processProvider(0xc4204123c0, 0xc4203961a0, 0x1, 0x1, 0x1, 0xc4203961a0)
2017-04-29T12:48:58.114099706Z /go/src/github.com/jetstack/kube-lego/pkg/kubelego/configure.go:67 +0x1bf
2017-04-29T12:48:58.114234882Z github.com/jetstack/kube-lego/pkg/kubelego.(*KubeLego).reconfigure(0xc4204123c0, 0xc420396170, 0x1, 0x1, 0x1, 0x0)
2017-04-29T12:48:58.114306820Z /go/src/github.com/jetstack/kube-lego/pkg/kubelego/configure.go:96 +0x370
2017-04-29T12:48:58.114386836Z github.com/jetstack/kube-lego/pkg/kubelego.(*KubeLego).Reconfigure(0xc4204123c0, 0x19d54c6, 0x1b)
Which is here: https://github.com/jetstack/kube-lego/blob/master/pkg/provider/gce/gce.go#L121
Were you able to apply the invalid yaml to kubernetes API in the first place?
Yes, I just went into CI logs and checked - it was like this and was accepted by Kubernetes (and worked with GCE Load Balancer). That is mainly my point here. It's a valid definition (accepted by Kubernetes and functions with GCE Load Balancer) but is not supported by kube-lego.
It's not a very big deal (because such definition does not really make sense anyway) but I did expect kube-lego not to crash. It's up to you to decide whether it's worth fixing 😄
this example will also make it crash. Note that " - http:" should be " http:"
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: echoserver
annotations:
kubernetes.io/tls-acme: "true"
kubernetes.io/ingress.class: "gce"
spec:
tls:
- hosts:
- echo.example.com
secretName: echoserver-tls
rules:
- host: echo.example.com
- http:
paths:
- path: /*
backend:
serviceName: echoserver
servicePort: 80
