Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Superfluous error logs when only ImpersonationProxy strategy is available #1370

Open
peterbuecker-form3 opened this issue Jan 17, 2023 · 1 comment
Open

Superfluous error logs when only ImpersonationProxy strategy is available #1370

peterbuecker-form3 opened this issue Jan 17, 2023 · 1 comment
Labels
enhancement New feature or request priority/undecided Not yet prioritized

Comments

@peterbuecker-form3
Copy link

Is your feature request related to a problem? Please describe.

When running Pinniped Concierge in a managed Kubernetes cluster like EKS, it regularly logs error messages stating that it can't find any kube-controller-manager pods, although it has been configured to always run in ImpersonationProxy mode:

{"level":"error","timestamp":"2023-01-17T15:20:13.935196Z","caller":"go.pinniped.dev/internal/controllerlib/controller.go:219$controllerlib.(*controller).handleKey","message":"kube-cert-agent-controller: { } failed with: could not find a healthy kube-controller-manager pod (0 candidates)\n"}

The CredentialIssuer in use:

apiVersion: config.concierge.pinniped.dev/v1alpha1
kind: CredentialIssuer
metadata:
  labels:
    app: pinniped-concierge
  name: pinniped-concierge-config
spec:
  impersonationProxy:
    mode: enabled
    service:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000"
      type: LoadBalancer
status:
  strategies:
    - lastUpdateTime: "2023-01-16T09:13:21Z"
      message: could not find a healthy kube-controller-manager pod (0 candidates)
      reason: CouldNotFetchKey
      status: Error
      type: KubeClusterSigningCertificate
    - frontend:
        impersonationProxyInfo:
          certificateAuthorityData: LS0tLS1CRUdJTiB...
          endpoint: https://...
        type: ImpersonationProxy
      lastUpdateTime: "2023-01-16T09:13:27Z"
      message: impersonation proxy is ready to accept client connections
      reason: Listening
      status: Success
      type: ImpersonationProxy

Describe the solution you'd like

When ImpersonationProxy has been selected, and it's working correctly, I don't expect to see any error logs from Concierge relating to KubeClusterSigningCertificate mode.

Describe alternatives you've considered

Alternatively, the log level of these messages could be reduced from error to debug.

Are you considering submitting a PR for this feature?

Yes, I'd be happy to send a PR for this if you find it a reasonable improvement and it seems like a relatively simple change to do for a newcomer to this project.

Additional context

None.
@pinniped-ci-bot pinniped-ci-bot added enhancement New feature or request priority/undecided Not yet prioritized labels Jan 18, 2023
@cfryanr
Copy link
Member

cfryanr commented Jan 20, 2023

Thanks for opening this issue, @peterbuecker-form3!

I'm not sure when we'll have a chance to look into this, but please feel free to consider submitting a PR if you're interested. If you'd like to try a PR, happy to discuss possible solutions in more detail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request priority/undecided Not yet prioritized
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cfryanr @pinniped-ci-bot @peterbuecker-form3