Panic in OpenStackClusterReconciler if the apiServerLoadBalancer.additionalPorts is configured with more than 1 port #2666
Description
/kind bug
What steps did you take and what happened:
[A clear and concise description of what the bug is.]
I'm configuring openstack cluster with k0s, which requires 2 additional ports - 8132 and 9443 to open alongside the kubeapi server 6443
I configured the openstack cluster with:
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: OpenStackCluster
metadata:
name: capi-k0s-ubuntu-openstack
namespace: capi-k0s-ubuntu-openstack
spec:
apiServerLoadBalancer:
enabled: true
additionalPorts:
- 8132
- 9443
What did you expect to happen:
I expected the LB would have those to additional ports on listeners but it ended up being panicked
It will get panic because being out of index
E0820 14:06:48.216483 1 controller.go:316] "Reconciler error" err="panic: runtime error: index out of range [1] with length 1 [recovered]" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster=
I0820 14:10:14.113229 1 openstackcluster_controller.go:314] "Reconciling Cluster" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
I0820 14:10:14.113265 1 openstackcluster_controller.go:678] "Reconciling network components" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
I0820 14:10:14.216044 1 network.go:92] "External network found" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
I0820 14:10:14.216112 1 network.go:98] "Reconciling network" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
I0820 14:10:14.239660 1 network.go:178] "Reconciling subnet" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
I0820 14:10:14.252257 1 router.go:49] "Reconciling router" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
I0820 14:10:14.305271 1 securitygroups.go:45] "Reconciling security groups" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
E0820 14:10:14.341772 1 securitygroups_rules.go:271] "Observed a panic" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster="capi-k0s-ubuntu-openstack/capi-k0s-ubuntu-openstack"
goroutine 338 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic({0x24cb1f0, 0xc0011b2990}, {0x1fe7220, 0xc000e04798})
/go/pkg/mod/k8s.io/[email protected]/pkg/util/runtime/runtime.go:107 +0xbc
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile.func1()
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:105 +0x112
panic({0x1fe7220?, 0xc000e04798?})
/usr/local/go/src/runtime/panic.go:791 +0x132
sigs.k8s.io/cluster-api-provider-openstack/pkg/cloud/services/networking.getSGControlPlaneAdditionalPorts(...)
/workspace/pkg/cloud/services/networking/securitygroups_rules.go:271
sigs.k8s.io/cluster-api-provider-openstack/pkg/cloud/services/networking.(*Service).generateDesiredSecGroups(0xc0007855e0?, 0xc000ee8008, 0xc0007855a0, 0xc000785768)
/workspace/pkg/cloud/services/networking/securitygroups.go:220 +0x1d71
sigs.k8s.io/cluster-api-provider-openstack/pkg/cloud/services/networking.(*Service).ReconcileSecurityGroups(0xc000ff8210, 0xc000ee8008, {0xc000ca1500, 0x33})
/workspace/pkg/cloud/services/networking/securitygroups.go:107 +0xa07
sigs.k8s.io/cluster-api-provider-openstack/controllers.reconcileNetworkComponents(0xc00117c120, 0xc0006d8fc0, 0xc000ee8008)
/workspace/controllers/openstackcluster_controller.go:704 +0x352
sigs.k8s.io/cluster-api-provider-openstack/controllers.(*OpenStackClusterReconciler).reconcileNormal(0xc0004091a0, {0x24cb1f0, 0xc0011b2990}, 0xc00117c120, 0xc0006d8fc0, 0xc000ee8008)
/workspace/controllers/openstackcluster_controller.go:327 +0xf2
sigs.k8s.io/cluster-api-provider-openstack/controllers.(*OpenStackClusterReconciler).Reconcile(0xc0004091a0, {0x24cb1f0, 0xc0011b2990}, {{{0xc000e10600?, 0xc0011b2990?}, {0xc000e105e0?, 0x0?}}})
/workspace/controllers/openstackcluster_controller.go:134 +0x6d0
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Reconcile(0xc000b3e000?, {0x24cb1f0?, 0xc0011b2990?}, {{{0xc000e10600?, 0x0?}, {0xc000e105e0?, 0x0?}}})
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:116 +0xbf
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).reconcileHandler(0x24e4fa0, {0x24cb228, 0xc000564230}, {{{0xc000e10600, 0x19}, {0xc000e105e0, 0x19}}})
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:303 +0x3a5
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).processNextWorkItem(0x24e4fa0, {0x24cb228, 0xc000564230})
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:263 +0x20e
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2.2()
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:224 +0x85
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller[...]).Start.func2 in goroutine 200
/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:220 +0x510
E0820 14:10:14.341851 1 controller.go:316] "Reconciler error" err="panic: runtime error: index out of range [1] with length 1 [recovered]" controller="openstackcluster" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="OpenStackCluster" OpenStackCluster=
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Look at the error, it looks like the logic need to get the additional ports information but it's only allowed to get 1. I tried with 1 additional port and it's ok without error
For now I have to disable feature Managedsecurity group and attach the predefined security group into the OpenstackMachine pemplate.
Environment:
- Cluster API Provider OpenStack version (Or
git rev-parse HEADif manually built): - Cluster-API version: v1.10.4
- OpenStack version: 2025.1
- Minikube/KIND version:
- Kubernetes version (use
kubectl version): 1.31.1 - OS (e.g. from
/etc/os-release): Ubuntu-22.04