KDS extra errors on fresh startup #8505

lahabana · 2023-12-01T09:00:43Z

Description

When you connect a zone and there's already global state there's a KDS NACK because we try to create the resources before the mesh.

This is not an actual problem as it's retried shortly after but creates noisy logs.

2023-12-01T08:50:14.498Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Secret", "name": "external-service-locality-lb-no-egress.ca-builtin-key-ca-1", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.607Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Secret", "name": "dataplane-token-signing-key-external-service-locality-lb-no-egress-1", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.614Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Secret", "name": "external-service-locality-lb.ca-builtin-cert-ca-1", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.618Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Secret", "name": "external-service-locality-lb.ca-builtin-key-ca-1", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.622Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Secret", "name": "dataplane-token-signing-key-external-service-locality-lb-1", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.626Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Secret", "name": "external-service-locality-lb-no-egress.ca-builtin-cert-ca-1", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.630Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Retry", "name": "retry-all-external-service-locality-lb-no-egress-48cc2dbcb5d4456v", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.633Z	INFO	kds-delta-zone	error during callback received, sending NACK	{"kds-version": "v2", "err": "failed to create k8s resource: admission webhook \"owner-reference.kuma-admission.kuma.io\" denied the request: Mesh.kuma.io \"external-service-locality-lb-no-egress\" not found", "errVerbose": "admission webhook \"owner-reference.kuma-admission.kuma.io\" denied the request: Mesh.kuma.io \"external-service-locality-lb-no-egress\" not found\nfailed to create k8s resource\ngithub.com/kumahq/kuma/pkg/plugins/resources/k8s.(*KubernetesStore).Create\n\tgithub.com/kumahq/kuma/pkg/plugins/resources/k8s/store.go:76\ngithub.com/kumahq/kuma/pkg/core/resources/store.(*paginationStore).Create\n\tgithub.com/kumahq/kuma/pkg/core/resources/store/pagination_store.go:30\ngithub.com/kumahq/kuma/pkg/metrics/store.(*MeteredStore).Create\n\tgithub.com/kumahq/kuma/pkg/metrics/store/store.go:44\ngithub.com/kumahq/kuma/pkg/core/resources/store.(*customizableResourceStore).Create\n\tgithub.com/kumahq/kuma/pkg/core/resources/store/customizable_store.go:44\ngithub.com/kumahq/kuma/pkg/kds/v2/store.(*syncResourceStore).Sync.func2\n\tgithub.com/kumahq/kuma/pkg/kds/v2/store/sync.go:219\ngithub.com/kumahq/kuma/pkg/core/resources/store.InTx\n\tgithub.com/kumahq/kuma/pkg/core/resources/store/transactions.go:46\ngithub.com/kumahq/kuma/pkg/kds/v2/store.(*syncResourceStore).Sync\n\tgithub.com/kumahq/kuma/pkg/kds/v2/store/sync.go:196\ngithub.com/kumahq/kuma/pkg/kds/zone.Setup.func2.ZoneSyncCallback.func3\n\tgithub.com/kumahq/kuma/pkg/kds/v2/store/sync.go:304\ngithub.com/kumahq/kuma/pkg/kds/v2/client.(*kdsSyncClient).Receive\n\tgithub.com/kumahq/kuma/pkg/kds/v2/client/kds_client.go:90\ngithub.com/kumahq/kuma/pkg/kds/zone.Setup.func2.1\n\tgithub.com/kumahq/kuma/pkg/kds/zone/components.go:137\nruntime.goexit\n\truntime/asm_arm64.s:1197"}
2023-12-01T08:50:14.633Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Mesh", "name": "external-service-locality-lb", "mesh": ""}
2023-12-01T08:50:14.639Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Mesh", "name": "external-service-locality-lb-no-egress", "mesh": ""}
2023-12-01T08:50:14.643Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "TrafficRoute", "name": "route-all-external-service-locality-lb-no-egress-xcx75fx9424v42fw", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.647Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "TrafficRoute", "name": "route-all-external-service-locality-lb-zc22v4wb2252c44w", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.651Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "TrafficPermission", "name": "allow-all-external-service-locality-lb-wf6xzz4bfcb68dbc", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.654Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "TrafficPermission", "name": "allow-all-external-service-locality-lb-no-egress-25wd488w2xdw5444", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.657Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Timeout", "name": "timeout-all-external-service-locality-lb-7x44zxfv7d84c4b5", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.660Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Timeout", "name": "timeout-all-external-service-locality-lb-no-egress-f44757zzdcfzwx2f", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.663Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "CircuitBreaker", "name": "circuit-breaker-all-external-service-locality-lb-no-egress-zb9c99xd4wx95622", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.666Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "CircuitBreaker", "name": "circuit-breaker-all-external-service-locality-lb-ff2dzzffdx52w7wv", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.669Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Retry", "name": "retry-all-external-service-locality-lb-no-egress-48cc2dbcb5d4456v", "mesh": "external-service-locality-lb-no-egress"}
2023-12-01T08:50:14.673Z	INFO	kds-delta-zone	creating a new resource from upstream	{"type": "Retry", "name": "retry-all-external-service-locality-lb-2b777wdbzbcv2722", "mesh": "external-service-locality-lb"}
2023-12-01T08:50:14.743Z	INFO	xds.secrets	generating certificate	{"ZoneEgress": {"Mesh":"external-service-locality-lb","Name":"kuma-egress-79877697cd-jm4kd.kuma-system"}, "reason": "mTLS is enabled and DP hasn't received a certificate yet"}

The text was updated successfully, but these errors were encountered:

jakubdyszkiewicz · 2023-12-04T15:09:26Z

Triage: if it's impossible to fix, we can at least add more context into a log itself.

github-actions · 2024-03-04T08:09:46Z

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana · 2024-03-04T08:26:53Z

@lobkovilya there is some level of ordering in go-control-plane now right?

lobkovilya · 2024-03-06T13:27:01Z

yes, there is some kind of ordering of envoy resources, but there is no support for custom resources https://github.com/envoyproxy/go-control-plane/blob/main/pkg/cache/types/types.go#L45

lahabana · 2024-03-06T17:52:56Z

Does that work in DeltaXDS too @lobkovilya ?

lobkovilya · 2024-03-08T11:43:42Z

Yes, implemented here envoyproxy/go-control-plane#752

lahabana · 2024-03-08T12:19:20Z

Ok IIRC @jakubdyszkiewicz argued this can't work exactly well because of the following reasons:

The order needs to be reversed for deletion
This only sends things in a specific order, it doesn't wait for ack of the first resources before sending the rest. So it may reduce the occurence but it won't remove the error completely.

In any case we discussed having the list of resource types be overridable in such use cases. I believe that'd be quite good.

github-actions · 2024-06-07T07:14:34Z

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions · 2024-09-09T07:17:04Z

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed.
If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana added triage/pending This issue will be looked at on the next triage meeting kind/bug A bug labels Dec 1, 2023

jakubdyszkiewicz added triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Dec 4, 2023

github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Mar 4, 2024

lahabana removed the triage/stale Inactive for some time. It will be triaged again label Mar 4, 2024

github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Jun 7, 2024

lobkovilya removed the triage/stale Inactive for some time. It will be triaged again label Jun 10, 2024

github-actions bot added the triage/stale Inactive for some time. It will be triaged again label Sep 9, 2024

slonka removed the triage/stale Inactive for some time. It will be triaged again label Sep 16, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KDS extra errors on fresh startup #8505

KDS extra errors on fresh startup #8505

lahabana commented Dec 1, 2023

jakubdyszkiewicz commented Dec 4, 2023

github-actions bot commented Mar 4, 2024

lahabana commented Mar 4, 2024

lobkovilya commented Mar 6, 2024

lahabana commented Mar 6, 2024

lobkovilya commented Mar 8, 2024

lahabana commented Mar 8, 2024

github-actions bot commented Jun 7, 2024

github-actions bot commented Sep 9, 2024

KDS extra errors on fresh startup #8505

KDS extra errors on fresh startup #8505

Comments

lahabana commented Dec 1, 2023

Description

jakubdyszkiewicz commented Dec 4, 2023

github-actions bot commented Mar 4, 2024

lahabana commented Mar 4, 2024

lobkovilya commented Mar 6, 2024

lahabana commented Mar 6, 2024

lobkovilya commented Mar 8, 2024

lahabana commented Mar 8, 2024

github-actions bot commented Jun 7, 2024

github-actions bot commented Sep 9, 2024