opensearch-k8s-operator icon indicating copy to clipboard operation
opensearch-k8s-operator copied to clipboard

Published 20 hours ago verified publisher icon opensearch-project

Partial OpenSearchCluster spec > security > tls results in controller validation error

Open elimumford opened this issue 2 years ago • 0 comments

Creating an OpenSearchCluster resource with a partial spec:

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: test-opensearch
  namespace: default
spec:
  security:
    tls:
      http:
        secret:
          name: test-opensearch-http
...

Results in:

1.6522032290237098e+09  INFO    controller.opensearchcluster    Reconciling OpenSearchCluster   {"reconciler group": "opensearch.opster.io", "reconciler kind": "OpenSearchCluster", "name": "test-opensearch", "namespace": "default", "cluster": "default/test-opensearch"}
1.6522032290357742e+09  ERROR   controller.opensearchcluster    Not all secrets for http provided       {"reconciler group": "opensearch.opster.io", "reconciler kind": "OpenSearchCluster", "name": "test-opensearch", "namespace": "default", "error": "missing secret in spec"}
opensearch.opster.io/pkg/reconcilers.(*TLSReconciler).Reconcile
        /workspace/pkg/reconcilers/tls.go:70
opensearch.opster.io/controllers.(*OpenSearchClusterReconciler).reconcilePhaseRunning
        /workspace/controllers/opensearchController.go:326
opensearch.opster.io/controllers.(*OpenSearchClusterReconciler).Reconcile
        /workspace/controllers/opensearchController.go:141
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
        /go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227

If pass in a ~full spec (with expected defaults) it will error the same.

apiVersion: opensearch.opster.io/v1
kind: OpenSearchCluster
metadata:
  name: test-opensearch
  namespace: default
spec:
  security:
    tls:
      http:
        generate: false
        caSecret:
          name: test-opensearch-http
        secret:
          name: test-opensearch-http
      transport:
        generate: true
        perNode: true
...

Expected behavior would be that remaining defaults would populate on their own... the CRD documentation list most of the properties as optional and does not specify this level of cross dependency (all or none like behavior). Or that the logged error was more clear... since the "secret" is not missing...

elimumford avatar May 10 '22 17:05 elimumford