Comments (7)
raffaelespazzoli
commented on May 24, 2024
what version of OCP are you using? one should be definitely able to change the certificate of a route. In fact you can do it from the console I believe.
from cert-utils-operator.
Gl4di4torRr
commented on May 24, 2024
@raffaelespazzoli i was testing on a 3.10 cluster. I can test on a 3.11 if you would like me to.
from cert-utils-operator.
raffaelespazzoli
commented on May 24, 2024
@Gl4di4torRr yes please. I tested this operator with 3.11 and 4.x and never had the issue you are seeing.
from cert-utils-operator.
Gl4di4torRr
commented on May 24, 2024
uh oh...
E0610 12:28:20.580852 1 runtime.go:69] Observed a panic: "invalid memory address or nil pointer dereference" (runtime error: invalid memory address or nil pointer dereference)
--
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:76
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:65
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:51
| /home/travis/.gimme/versions/go1.11.linux.amd64/src/runtime/asm_amd64.s:522
| /home/travis/.gimme/versions/go1.11.linux.amd64/src/runtime/panic.go:513
| /home/travis/.gimme/versions/go1.11.linux.amd64/src/runtime/panic.go:82
| /home/travis/.gimme/versions/go1.11.linux.amd64/src/runtime/signal_unix.go:390
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/pkg/controller/route/route_controller.go:246
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/pkg/controller/route/route_controller.go:170
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:215
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88
| /home/travis/.gimme/versions/go1.11.linux.amd64/src/runtime/asm_amd64.s:1333
| panic: runtime error: invalid memory address or nil pointer dereference [recovered]
| panic: runtime error: invalid memory address or nil pointer dereference
| [signal SIGSEGV: segmentation violation code=0x1 addr=0x8 pc=0x10f6f1d]
| goroutine 443 [running]:
| github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/runtime.HandleCrash(0x0, 0x0, 0x0)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:58 +0x108
| panic(0x124fae0, 0x20f2f20)
| /home/travis/.gimme/versions/go1.11.linux.amd64/src/runtime/panic.go:513 +0x1b9
| github.com/redhat-cop/cert-utils-operator/pkg/controller/route.populateRouteWithCertifcates(0xc0014d96c0, 0xc001764f00)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/pkg/controller/route/route_controller.go:246 +0x2d
| github.com/redhat-cop/cert-utils-operator/pkg/controller/route.(*ReconcileRoute).Reconcile(0xc0006fdd70, 0xc000360700, 0xc, 0xc0003606b4, 0x7, 0x2107000, 0x0, 0x0, 0x0)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/pkg/controller/route/route_controller.go:170 +0x828
| github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc00046e280, 0x0)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:215 +0x18f
| github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1()
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158 +0x36
| github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1(0xc0002def90)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133 +0x54
| github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil(0xc0002def90, 0x3b9aca00, 0x0, 0x1, 0xc0006d6000)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134 +0xbe
| github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait.Until(0xc0002def90, 0x3b9aca00, 0xc0006d6000)
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88 +0x4d
| created by github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start
| /home/travis/gopath/src/github.com/redhat-cop/cert-utils-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:157 +0x32a
from cert-utils-operator.
raffaelespazzoli
commented on May 24, 2024
@Gl4di4torRr can you give me some context on where/when you saw that error?
looking at the code, it could probably panic if the annotation was applied to a non secured route.
is your use case to create a non secure route and then secure it via the annotation?
The annotation was supposed to only update the cert, not to change the nature of the route. We could talk about whether that would make sense.
from cert-utils-operator.
Gl4di4torRr
commented on May 24, 2024
@raffaelespazzoli i did a dumb thing and created an insecure route LOL. However, this did cause the container to bounce and that shouldn't be the expected behavior. Let me test again and get back to you. Probably won't be today but will get to it ASAP.
from cert-utils-operator.
raffaelespazzoli
commented on May 24, 2024
ok, regardless this is a bug as the code should treat this situation more gracefully.
I will stick to my original design that a route must be already secured. I will filter out events regarding insecure reputes and improve the docs around this aspect.
from cert-utils-operator.
Related Issues (20)
- Possible Issue stemming from null password on keystore
- Problem with certificate in route sinced a changed has been made in cert-manager HOT 12
- Ability to create truststore from Operator controlled Secrets HOT 3
- Unable to stop expiry alert HOT 7
- false alerts HOT 1
- Helm installation is broken
- generating the truststore in an new secret of type Opaque HOT 3
- unable to update route error HOT 3
- ConstraintsNotSatisfiable - V1.3.9 HOT 3
- Missing webhook-server-cert Secret when installed with Helm HOT 1
- Cert-Manager vs. OpenShift Service serving-cert-secret-name Annotation (1.3.9) HOT 6
- ServiceMonitor contains a hard-coded serverName that assumes the operator namespace is cert-utils-operator HOT 22
- Ability to inject openshift-service-ca.crt ConfigMap as route destinationCACertificate
- truststore.jks in ConfigMaps updated on every pod restart HOT 10
- Image is out of date HOT 3
- Problem with high memory consumption on kube-apiserver HOT 2
- Operator logs access token HOT 6
- Dependency Dashboard
- It should be possible to use multiple source-ca-keys to generate a truststore
- regarding storing CA bundle in a secret to populate route certificates in openshift HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cert-utils-operator.