papdaniel commented on issue #1221:
URL:
https://github.com/apache/apisix-ingress-controller/issues/1221#issuecomment-1214363470
Here is how to reproduce:
create namespace and the ApisixTls:
```
kubectl create namespace apisix-tls-test
cat <<EOF | kubectl apply -f -
apiVersion: apisix.apache.org/v2beta3
kind: ApisixTls
metadata:
name: test-tls
namespace: apisix-tls-test
spec:
hosts:
- "*.example.com"
secret:
name: test-tls
namespace: apisix-tls-test
EOF
```
check the ApisixTls status:
```
kubectl -n apisix-tls-test get apisixtls test-tls -o yaml
...
status:
conditions:
- lastTransitionTime: "2022-08-14T19:01:48Z"
message: secret "test-tls" not found
observedGeneration: 1
reason: ResourceSyncAborted
status: "False"
type: ResourcesAvailable
...
```
ingress controller logs (secret not found):
```
kubectl -n ingress-apisix logs <apisix-ingress-controller-pod>
...
022-08-14T19:02:46+08:00 warn ingress/apisix_tls.go:178 sync
ApisixTls failed, will retry {"object":
{"Type":1,"Object":"apisix-tls-test/test-tls","Tombstone":null}, "error":
"secret \"test-tls\" not found"}
2022-08-14T19:02:46+08:00 error ingress/apisix_tls.go:118
failed to translate ApisixTls {"error": "secret \"test-tls\" not found",
"ApisixTls":
{"metadata":{"name":"test-tls","namespace":"apisix-tls-test","uid":"44895291-29d5-4454-a011-079a64140420","resourceVersion":"49712","generation":1,"creationTimestamp":"2022-08-14T11:02:46Z","annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"apisix.apache.org/v2beta3\",\"kind\":\"ApisixTls\",\"metadata\":{\"annotations\":{},\"name\":\"test-tls\",\"namespace\":\"apisix-tls-test\"},\"spec\":{\"hosts\":[\"*.example.com\"],\"secret\":{\"name\":\"test-tls\",\"namespace\":\"apisix-tls-test\"}}}\n"},"managedFields":[{"manager":"apisix-ingress-controller","operation":"Update","apiVersion":"apisix.apache.org/v2beta3","time":"2022-08-14T11:02:46Z","fieldsType":"FieldsV1","fieldsV1":{"f:status":{".":{},"f:conditions":{}}},"subresource":"status"},{"manager":"kubectl-client-side-apply","operation":"Updat
e","apiVersion":"apisix.apache.org/v2beta3","time":"2022-08-14T11:02:46Z","fieldsType":"FieldsV1","fieldsV1":{"f:metadata":{"f:annotations":{".":{},"f:kubectl.kubernetes.io/last-applied-configuration":{}}},"f:spec":{".":{},"f:hosts":{},"f:secret":{".":{},"f:name":{},"f:namespace":{}}}}}]},"spec":{"hosts":["*.example.com"],"secret":{"name":"test-tls","namespace":"apisix-tls-test"}},"status":{"conditions":[{"type":"ResourcesAvailable","status":"False","observedGeneration":1,"lastTransitionTime":"2022-08-14T11:02:46Z","reason":"ResourceSyncAborted","message":"secret
\"test-tls\" not found"}]}}}
...
```
wait a few seconds, then create the tls secret
```
cat <<EOF | kubectl apply -f -
kind: Secret
apiVersion: v1
metadata:
name: test-tls
namespace: apisix-tls-test
data:
tls.crt:
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURmVENDQW1XZ0F3SUJBZ0lVQlpyZ0M2ZFFTWmNWYzNhWlJlU2R6Ulg4aktJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xaWGhoYlhCc1pTNWpiMjB3SGhjTk1qSXdPREE0TVRJMU56QXpXaGNOTkRreApNakkwTVRJMU56QXpXakFTTVJBd0RnWURWUVFEREFkMFpYTjBMV051TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGCkFBT0NBUThBTUlJQkNnS0NBUUVBeWtuU2pJMjRkSHg5L1hxRGwwcHQ2emVydUh0N29FQXhwOHp2bW85TUp1aFQKSTQxL2NNZENCVi93TFFPQnk5TzRTMVhBcU9tUEpPUDNPQ1JsbWZPdndyYXhHY0V0NWlYNG4vT2dmRzhuMVJQLwo3emlwZG5DZWpzMVQzNFh0TFZnL3RzNWM4MDBJU0NtRGlLaUtLcUl6SktaUDVQRVB2b2tXNlV2TTVaNVNCbTJKClBiU2psL0I2MUtBVW5UaEVzSjUvc2tqckgyOVB0N1JONFVBTDNlM1RmL1YxZW9ESmZJOWo0QlRjSGdTQUNvL1QKOXBWNmo3cWs4aWdqSEJpWWtFaW1RSi9vKzRXSFhTb2IwYzdIN3lRbVBXLzJ0UFNvd2twMnlTUGhZQWRla0NBMQo1TDVHTjl6ZUl4TFJpZDVXKzd0WldkYzliU3RIWGFoQkY5OUVHTFJ4UndJREFRQUJvNEhHTUlIRE1GRUdBMVVkCkl3UktNRWlBRktnMnk0ZGlzR1BUaVhJY2lwTjUyMjNYa04wUW9ScWtHREFXTVJRd0VnWURWUVFEREF0bGVHRnQKY0d4bExtTnZiWUlVT1FMZlZqa094elQ2KzZDZEZlTGFnNHd1ZGVvd0NRWURWUjBUQkFJd0FEQUxCZ05W
SFE4RQpCQU1DQkRBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQmdHQTFVZEVRUVJNQStDCkRTb3VaWGhoYlhCc1pTNWpiMjB3SFFZRFZSME9CQllFRkZuS2hmQkhoT1JwYVB0eVF5NVBBMExmMDBtOE1BMEcKQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFBQ2NSK0J2S1FPYmw2YUhwZnpObE1GajVXTmhucWE1N3NVelpYREhERQpzVEpJMFlDa3hVZHBEdXNCS3RlSno1dWgwTmlXZkI5c2RSa3F1c2V6b3dvSkU0UnZnMUNqOWRrWlQ4TzZPN2VPCjljczFkM0hydEdoODMvemk5ajM3WFNldEIzQXNkUHA1ZnhjcXQzbDVLVGE4enZIUHF5ZWhxS3JHamlodkFRUGkKeUZzMGsra0R1TXIvSk96QmY2b09xS2dGdy9LVmZrTFdQSlRmSWlvNjYzcUp4dDQzTmlsbnpQNGFpY2dXQm93RgpHcXJndDdOcHhBRWkvMlEwYkF5b0JFdURuZngwamxSMytKaWtuYTNxUENMQlAzNEFqZ0ZJZnFUOGNjWjIwQm5ECk9aMitDM2xra1JhZ3luMlRtUU5RTzBXbzh5YVJLRUY1T0g5Wk5mZThIbDZICi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
tls.key:
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRREtTZEtNamJoMGZIMzkKZW9PWFNtM3JONnU0ZTN1Z1FER256TythajB3bTZGTWpqWDl3eDBJRlgvQXRBNEhMMDdoTFZjQ282WThrNC9jNApKR1daODYvQ3RyRVp3UzNtSmZpZjg2QjhieWZWRS8vdk9LbDJjSjZPelZQZmhlMHRXRCsyemx6elRRaElLWU9JCnFJb3Fvak1rcGsvazhRKytpUmJwUzh6bG5sSUdiWWs5dEtPWDhIclVvQlNkT0VTd25uK3lTT3NmYjArM3RFM2gKUUF2ZDdkTi85WFY2Z01sOGoyUGdGTndlQklBS2o5UDJsWHFQdXFUeUtDTWNHSmlRU0taQW4rajdoWWRkS2h2Ugp6c2Z2SkNZOWIvYTA5S2pDU25iSkkrRmdCMTZRSURYa3ZrWTMzTjRqRXRHSjNsYjd1MWxaMXoxdEswZGRxRUVYCjMwUVl0SEZIQWdNQkFBRUNnZ0VBQklld1JMRDlkN0J5T2c3S3JQcTNqOEdiK3Mwc0VNYzRnVDJKbDNiQXJ0SmYKRk1qbDhIL3RhWFlqVmVGQVlpMTFwdE1VdktMSTNyNzlPQ1U0R0RQUlQ0c2d3NmJ3R0hZZWwrb3dUeFFEQXdkWApRcGxrRlJNd2Rab2NROVdNSFpoUkE3QnNIVEZ6aUp0dU94NDVBUWo5bFNoRHF1d242T1QvUGNYcUdmVUY4bUVUCkRsRWtRUXowSi9BNmhqTURDR244U1Z1V29lallOdWJHRnV6OGdQUEdhUFowcjltbXlrRHBpQkMrbTluZkpjQnUKM1REWDY5Rmc1dzJSSWs4STQ4VTdVWW5yZjQ3aDRVbDA2NFU3a0VtekNYcERwdDJvQk1pMzFqWDMvajJu
L2tkUApGMjNEdEY0RHgvT1FackFBMzVtaTRkZ2x5WCtQWHZTZ2hIa2dHaUF6cVFLQmdRRFZybGlONFFVbFJmTTlCU0F6Cmw3YWEySnpTNXYyTldVNVpXWlVhd1NIRFNlUERDL21LZnpLVzBOYWNvQmFkWnJ2VkJibTMrTUszbjBvVlRDaFkKUVN3c1ByZmFjV3VIRk1tejZZWFFjT0djWWVOeW8yelBRbU9LcnB0WC9Vck5GeGozRUV6QTcrelBPOUxRQXZFego1NFJWYkFRQUJoMUU5ZmFISHpORjljbjByUUtCZ1FEeVdkM29sZ2p6amlZbjgwMGJ1a0JEWUxRVEFHN2tRd1BDCjd4TFQzN21zL001S1I2d1dEVUE3VzlXWFlqcjAxbGJidm5Ha0RNdHNLM0poRlZMQ3dMN1VHWUU4dWVKZmdyNHgKOVFtcFMwN05XWXVqdC81MGdEa3VsNjRUdndIZ25JWFJTK0ZSRHE1K0I5OWtlaWkyZktwQjUrRlFUWWI4Y3VCawpNR2V5L0lRSVF3S0JnRlNSRUlqdUlrd3pGK1h4Ym1JY3krOFNoVlpPaHRCM0pMUGw2VVhTWTV0WFZlV3VpbzhPCmNpWVA5cSs4QjljNWZtTDdSaG9TUUhYTmU5TmI5YWVmKzJ4elVlNEk3MFpocXNZaVNJeEs4RzhrcXBDSEx4d0QKcVVPTWdQeGN5VXJMdGx5cFBjY3A3UzNDL2xiR28xRW9jazRnVnFEdnlvdXRVR2ovcHhvc0FVWnRBb0dBSHZ3awpaZ2RBcjdyOTM5KzRmUklNQTFGSzFKOGFqbTZPL1k1SmJ2Tk1ydlJIZjdHNEs3Mlg5NzdmQ1JMVEROaVdsRk85Ci9jWncvNnh5WEQwNHJwT3NFandNalBJTElrRDZCak1aQUI4VHZTZDB0Z0xoTW8zdVFhbTg1T05uM3dyRUJTVloKY2w2WktwM2hEdHliZGZGc1p5NjVYT1g4bXl3b
3lrWnlDNjFEU0RjQ2dZRUFnK1hkWVdYTDQwNzY5MVlKSEJDTQpKcG5BZjM2V2dOUXNLVGxwbkR0MFNGNk9LRms3VjZPRXdXdFgxWm1VUmY4a1B2YWxUTFh0OEZYcVAyRk90TkRYClUzTlNNdEhxS3lWeHZwTm5YdUFLSlkrNnNtckZhdXZTTlVHWEVoUElUdi9rcXZOdGRmMXhFaml6cTJ4NGpoaDAKZkZUUEppWThoWjlORVdTWkVoaHB0RWs9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
type: kubernetes.io/tls
EOF
```
ingress controller logs (only healthcheck, no error):
```
kubectl -n ingress-apisix logs <apisix-ingress-controller-pod>
...
[GIN] 2022/08/14 - 19:03:11 | 200 | 42.061µs | 10.0.43.201 | GET
"/healthz"
[GIN] 2022/08/14 - 19:03:11 | 200 | 36.23µs | 10.0.43.201 | GET
"/healthz"
[GIN] 2022/08/14 - 19:03:21 | 200 | 36.421µs | 10.0.43.201 | GET
"/healthz"
[GIN] 2022/08/14 - 19:03:21 | 200 | 22.711µs | 10.0.43.201 | GET
"/healthz"
...
```
apisix logs (ssl resource created successfully in apisix):
```
kubectl -n ingress-apisix logs <apisix-pod>
...
10.0.41.91 - - [14/Aug/2022:11:03:51 +0000]
apisix-admin.ingress-apisix.svc.cluster.local:9180 "PUT
/apisix/admin/ssl/21210e5d HTTP/1.1" 201 3878 0.049 "-" "Go-http-client/1.1" -
- - "http://apisix-admin.ingress-apisix.svc.cluster.local:9180";
...
```
Check the ApisixTls status again, not updated:
```
kubectl -n apisix-tls-test get apisixtls test-tls -o yaml
...
status:
conditions:
- lastTransitionTime: "2022-08-14T19:01:48Z"
message: secret "test-tls" not found
observedGeneration: 1
reason: ResourceSyncAborted
status: "False"
type: ResourcesAvailable
...
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
