From 1d8310ed447342733de70aa8080085a94677e0ab Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 22 Apr 2024 09:29:37 -0700 Subject: [PATCH] clarify error message for when there is no healthy controller manager --- internal/controller/kubecertagent/kubecertagent.go | 11 +++++++++-- .../controller/kubecertagent/kubecertagent_test.go | 12 +++++++----- test/integration/concierge_credentialissuer_test.go | 5 +++-- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/internal/controller/kubecertagent/kubecertagent.go b/internal/controller/kubecertagent/kubecertagent.go index bdf6344f3..4e801719c 100644 --- a/internal/controller/kubecertagent/kubecertagent.go +++ b/internal/controller/kubecertagent/kubecertagent.go @@ -1,4 +1,4 @@ -// Copyright 2021-2023 the Pinniped contributors. All Rights Reserved. +// Copyright 2021-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 // Package kubecertagent provides controllers that ensure a pod (the kube-cert-agent), is @@ -9,6 +9,7 @@ import ( "context" "encoding/base64" "encoding/json" + "errors" "fmt" "strings" "time" @@ -278,7 +279,13 @@ func (c *agentController) Sync(ctx controllerlib.Context) error { // If there are no healthy controller manager pods, we alert the user that we can't find the keypair via // the CredentialIssuer. if newestControllerManager == nil { - err := fmt.Errorf("could not find a healthy kube-controller-manager pod (%s)", pluralize(controllerManagerPods)) + msg := fmt.Sprintf("could not find a healthy kube-controller-manager pod (%s)", pluralize(controllerManagerPods)) + if len(controllerManagerPods) == 0 { + err = fmt.Errorf("%s: note that this error is the expected behavior for some cluster types, "+ + "including most cloud provider clusters (e.g. GKE, AKS, EKS)", msg) + } else { + err = errors.New(msg) + } return c.failStrategyAndErr(ctx.Context, credIssuer, err, configv1alpha1.CouldNotFetchKeyStrategyReason) } diff --git a/internal/controller/kubecertagent/kubecertagent_test.go b/internal/controller/kubecertagent/kubecertagent_test.go index 2756e743b..564c11c97 100644 --- a/internal/controller/kubecertagent/kubecertagent_test.go +++ b/internal/controller/kubecertagent/kubecertagent_test.go @@ -270,13 +270,15 @@ func TestAgentController(t *testing.T) { }, }, wantDistinctErrors: []string{ - "could not find a healthy kube-controller-manager pod (0 candidates)", + "could not find a healthy kube-controller-manager pod (0 candidates): " + + "note that this error is the expected behavior for some cluster types, including most cloud provider clusters (e.g. GKE, AKS, EKS)", }, wantStrategy: &configv1alpha1.CredentialIssuerStrategy{ - Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, - Status: configv1alpha1.ErrorStrategyStatus, - Reason: configv1alpha1.CouldNotFetchKeyStrategyReason, - Message: "could not find a healthy kube-controller-manager pod (0 candidates)", + Type: configv1alpha1.KubeClusterSigningCertificateStrategyType, + Status: configv1alpha1.ErrorStrategyStatus, + Reason: configv1alpha1.CouldNotFetchKeyStrategyReason, + Message: "could not find a healthy kube-controller-manager pod (0 candidates): " + + "note that this error is the expected behavior for some cluster types, including most cloud provider clusters (e.g. GKE, AKS, EKS)", LastUpdateTime: metav1.NewTime(now), }, }, diff --git a/test/integration/concierge_credentialissuer_test.go b/test/integration/concierge_credentialissuer_test.go index f416da0bc..c7edd1388 100644 --- a/test/integration/concierge_credentialissuer_test.go +++ b/test/integration/concierge_credentialissuer_test.go @@ -1,4 +1,4 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2024 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package integration @@ -90,7 +90,8 @@ func TestCredentialIssuer(t *testing.T) { } else { require.Equal(t, configv1alpha1.ErrorStrategyStatus, actualStatusStrategy.Status) require.Equal(t, configv1alpha1.CouldNotFetchKeyStrategyReason, actualStatusStrategy.Reason) - require.Contains(t, actualStatusStrategy.Message, "could not find a healthy kube-controller-manager pod (0 candidates)") + require.Contains(t, actualStatusStrategy.Message, "could not find a healthy kube-controller-manager pod (0 candidates): "+ + "note that this error is the expected behavior for some cluster types, including most cloud provider clusters (e.g. GKE, AKS, EKS)") require.Nil(t, actualStatusKubeConfigInfo) } })