Fix panic when routes is called in single-namespace mode (#2123)

Fixes #2119 When Linkerd is installed in single-namespace mode, the public-api container panics when it attempts to access watch service profiles. In single-namespace mode, we no longer watch service profiles and return an informative error when the TopRoutes API is called. Signed-off-by: Alex Leong <alex@buoyant.io>
2019-01-23 16:47:05 -08:00 · 2019-01-23 16:47:05 -08:00 · 32efab41b5
parent b227c85a5b
commit 32efab41b5
8 changed files with 45 additions and 31 deletions
--- a/controller/api/public/grpc_server.go
+++ b/controller/api/public/grpc_server.go
@ -30,6 +30,7 @@ type (
 		k8sAPI              *k8s.API
 		controllerNamespace string
 		ignoredNamespaces   []string
+		singleNamespace     bool
 	}
 )

@ -52,6 +53,7 @@ func newGrpcServer(
 	k8sAPI *k8s.API,
 	controllerNamespace string,
 	ignoredNamespaces []string,
+	singleNamespace bool,
 ) *grpcServer {
 	return &grpcServer{
 		prometheusAPI:       promAPI,
@ -59,6 +61,7 @@ func newGrpcServer(
 		k8sAPI:              k8sAPI,
 		controllerNamespace: controllerNamespace,
 		ignoredNamespaces:   ignoredNamespaces,
+		singleNamespace:     singleNamespace,
 	}
 }

--- a/controller/api/public/grpc_server_test.go
+++ b/controller/api/public/grpc_server_test.go
@ -243,6 +243,7 @@ spec:
 				k8sAPI,
 				"linkerd",
 				[]string{},
+				false,
 			)

 			k8sAPI.Sync()
@ -343,6 +344,7 @@ metadata:
 				k8sAPI,
 				"linkerd",
 				[]string{},
+				false,
 			)

 			k8sAPI.Sync()
--- a/controller/api/public/http_server.go
+++ b/controller/api/public/http_server.go
@ -247,6 +247,7 @@ func NewServer(
 	k8sAPI *k8s.API,
 	controllerNamespace string,
 	ignoredNamespaces []string,
+	singleNamespace bool,
 ) *http.Server {
 	baseHandler := &handler{
 		grpcServer: newGrpcServer(
@ -255,6 +256,7 @@ func NewServer(
 			k8sAPI,
 			controllerNamespace,
 			ignoredNamespaces,
+			singleNamespace,
 		),
 	}

--- a/controller/api/public/stat_summary_test.go
+++ b/controller/api/public/stat_summary_test.go
@ -776,6 +776,7 @@ status:
 				k8sAPI,
 				"linkerd",
 				[]string{},
+				false,
 			)

 			_, err := fakeGrpcServer.StatSummary(context.TODO(), &exp.req)
@ -800,6 +801,7 @@ status:
 			k8sAPI,
 			"linkerd",
 			[]string{},
+			false,
 		)

 		invalidRequests := []statSumExpected{
--- a/controller/api/public/test_helper.go
+++ b/controller/api/public/test_helper.go
@ -281,6 +281,7 @@ func newMockGrpcServer(exp expectedStatRPC) (*mockProm, *grpcServer, error) {
 		k8sAPI,
 		"linkerd",
 		[]string{},
+		false,
 	)

 	k8sAPI.Sync()
--- a/controller/api/public/top_routes.go
+++ b/controller/api/public/top_routes.go
@ -42,6 +42,10 @@ type resourceTable struct {
 func (s *grpcServer) TopRoutes(ctx context.Context, req *pb.TopRoutesRequest) (*pb.TopRoutesResponse, error) {
 	log.Debugf("TopRoutes request: %+v", req)

+	if s.singleNamespace {
+		return topRoutesError(req, "Routes are not available in single-namespace mode"), nil
+	}
+
 	errRsp := validateRequest(req)
 	if errRsp != nil {
 		return errRsp, nil
--- a/controller/cmd/proxy-api/main.go
+++ b/controller/cmd/proxy-api/main.go
@ -7,6 +7,7 @@ import (
 	"syscall"

 	"github.com/linkerd/linkerd2/controller/api/proxy"
+	spclient "github.com/linkerd/linkerd2/controller/gen/client/clientset/versioned"
 	"github.com/linkerd/linkerd2/controller/k8s"
 	"github.com/linkerd/linkerd2/pkg/admin"
 	"github.com/linkerd/linkerd2/pkg/flags"
@ -32,34 +33,28 @@ func main() {
 		log.Fatal(err.Error())
 	}

-	var k8sAPI *k8s.API
+	var spClient *spclient.Clientset
+	restrictToNamespace := ""
+	resources := []k8s.APIResource{k8s.Endpoint, k8s.Pod, k8s.RS, k8s.Svc}
+
 	if *singleNamespace {
-		k8sAPI = k8s.NewAPI(
-			k8sClient,
-			nil,
-			*controllerNamespace,
-			k8s.Endpoint,
-			k8s.Pod,
-			k8s.RS,
-			k8s.Svc,
-		)
+		restrictToNamespace = *controllerNamespace
 	} else {
-		spClient, err := k8s.NewSpClientSet(*kubeConfigPath)
+		spClient, err = k8s.NewSpClientSet(*kubeConfigPath)
 		if err != nil {
 			log.Fatal(err.Error())
 		}
-		k8sAPI = k8s.NewAPI(
-			k8sClient,
-			spClient,
-			"",
-			k8s.Endpoint,
-			k8s.Pod,
-			k8s.RS,
-			k8s.Svc,
-			k8s.SP,
-		)
+
+		resources = append(resources, k8s.SP)
 	}

+	k8sAPI := k8s.NewAPI(
+		k8sClient,
+		spClient,
+		restrictToNamespace,
+		resources...,
+	)
+
 	done := make(chan struct{})

 	server, lis, err := proxy.NewServer(*addr, *k8sDNSZone, *controllerNamespace, *enableTLS, *enableH2Upgrade, *singleNamespace, k8sAPI, done)
--- a/controller/cmd/public-api/main.go
+++ b/controller/cmd/public-api/main.go
@ -9,6 +9,7 @@ import (
 	"syscall"

 	"github.com/linkerd/linkerd2/controller/api/public"
+	spclient "github.com/linkerd/linkerd2/controller/gen/client/clientset/versioned"
 	"github.com/linkerd/linkerd2/controller/k8s"
 	"github.com/linkerd/linkerd2/controller/tap"
 	"github.com/linkerd/linkerd2/pkg/admin"
@ -41,24 +42,27 @@ func main() {
 	if err != nil {
 		log.Fatal(err.Error())
 	}
-	spClient, err := k8s.NewSpClientSet(*kubeConfigPath)
-	if err != nil {
-		log.Fatal(err.Error())
-	}
+
+	var spClient *spclient.Clientset
 	restrictToNamespace := ""
+	resources := []k8s.APIResource{k8s.Deploy, k8s.Pod, k8s.RC, k8s.RS, k8s.Svc}
+
 	if *singleNamespace {
 		restrictToNamespace = *controllerNamespace
+	} else {
+		spClient, err = k8s.NewSpClientSet(*kubeConfigPath)
+		if err != nil {
+			log.Fatal(err.Error())
+		}
+
+		resources = append(resources, k8s.SP)
 	}
+
 	k8sAPI := k8s.NewAPI(
 		k8sClient,
 		spClient,
 		restrictToNamespace,
-		k8s.Deploy,
-		k8s.Pod,
-		k8s.RC,
-		k8s.RS,
-		k8s.SP,
-		k8s.Svc,
+		resources...,
 	)

 	prometheusClient, err := promApi.NewClient(promApi.Config{Address: *prometheusURL})
@ -73,6 +77,7 @@ func main() {
 		k8sAPI,
 		*controllerNamespace,
 		strings.Split(*ignoredNamespaces, ","),
+		*singleNamespace,
 	)

 	k8sAPI.Sync() // blocks until caches are synced