Skip to content

Commit 892f773

Browse files
fra98fra98
committed
fix: avoid panic on wireguard server controller
1 parent a479469 commit 892f773

File tree

2 files changed

+18
-16
lines changed

2 files changed

+18
-16
lines changed

pkg/liqo-controller-manager/networking/external-network/wireguard/wggatewayclient_controller.go

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -155,13 +155,6 @@ func (r *WgGatewayClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
155155
r.eventRecorder.Event(wgClient, corev1.EventTypeNormal, "Reconciled", "WireGuard gateway client reconciled")
156156
}()
157157

158-
if err := r.handleSecretRefStatus(ctx, wgClient); err != nil {
159-
klog.Errorf("Error while handling secret ref status: %v", err)
160-
r.eventRecorder.Event(wgClient, corev1.EventTypeWarning, "SecretRefStatusFailed",
161-
fmt.Sprintf("Failed to handle secret ref status: %s", err))
162-
return ctrl.Result{}, err
163-
}
164-
165158
if err := r.handleInternalEndpointStatus(ctx, wgClient, deploy); err != nil {
166159
klog.Errorf("Error while handling internal endpoint status: %v", err)
167160
r.eventRecorder.Event(wgClient, corev1.EventTypeWarning, "InternalEndpointStatusFailed",
@@ -178,11 +171,19 @@ func (r *WgGatewayClientReconciler) Reconcile(ctx context.Context, req ctrl.Requ
178171
}
179172
r.eventRecorder.Event(wgClient, corev1.EventTypeNormal, "KeysSecretEnforced", "Enforced keys secret")
180173
} else {
181-
// Check if the secret exists and has the correct labels
174+
// Check that the secret exists and is correctly labeled
182175
if err = checkExistingKeysSecret(ctx, r.Client, wgClient.Spec.SecretRef.Name, wgClient.Namespace); err != nil {
183176
r.eventRecorder.Event(wgClient, corev1.EventTypeWarning, "KeysSecretCheckFailed", fmt.Sprintf("Failed to check keys secret: %s", err))
184177
return ctrl.Result{}, err
185178
}
179+
r.eventRecorder.Event(wgClient, corev1.EventTypeNormal, "KeysSecretChecked", "Checked keys secret")
180+
}
181+
182+
if err := r.handleSecretRefStatus(ctx, wgClient); err != nil {
183+
klog.Errorf("Error while handling secret ref status: %v", err)
184+
r.eventRecorder.Event(wgClient, corev1.EventTypeWarning, "SecretRefStatusFailed",
185+
fmt.Sprintf("Failed to handle secret ref status: %s", err))
186+
return ctrl.Result{}, err
186187
}
187188

188189
// Ensure deployment (create or update)

pkg/liqo-controller-manager/networking/external-network/wireguard/wggatewayserver_controller.go

Lines changed: 9 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -164,20 +164,14 @@ func (r *WgGatewayServerReconciler) Reconcile(ctx context.Context, req ctrl.Requ
164164
return ctrl.Result{}, err
165165
}
166166

167-
if err := r.handleSecretRefStatus(ctx, wgServer); err != nil {
168-
klog.Errorf("Error while handling secret ref status: %v", err)
169-
r.eventRecorder.Event(wgServer, corev1.EventTypeWarning, "SecretRefStatusFailed",
170-
fmt.Sprintf("Failed to handle secret ref status: %s", err))
171-
return ctrl.Result{}, err
172-
}
173-
174167
if err := r.handleInternalEndpointStatus(ctx, wgServer, svcNsName, deploy); err != nil {
175168
klog.Errorf("Error while handling internal endpoint status: %v", err)
176169
r.eventRecorder.Event(wgServer, corev1.EventTypeWarning, "InternalEndpointStatusFailed",
177170
fmt.Sprintf("Failed to handle internal endpoint status: %s", err))
178171
return ctrl.Result{}, err
179172
}
180173

174+
// If a secret has not been provided in the gateway specification, the controller is in charge of generating a secret with the Wireguard keys.
181175
if wgServer.Spec.SecretRef.Name == "" {
182176
// Ensure WireGuard keys secret (create or update)
183177
if err = ensureKeysSecret(ctx, r.Client, wgServer, gateway.ModeServer); err != nil {
@@ -187,13 +181,20 @@ func (r *WgGatewayServerReconciler) Reconcile(ctx context.Context, req ctrl.Requ
187181
r.eventRecorder.Event(wgServer, corev1.EventTypeNormal, "KeysSecretEnforced", "Enforced keys secret")
188182
} else {
189183
// Check that the secret exists and is correctly labeled
190-
if err = checkExistingKeysSecret(ctx, r.Client, wgServer.Status.SecretRef.Name, wgServer.Namespace); err != nil {
184+
if err = checkExistingKeysSecret(ctx, r.Client, wgServer.Spec.SecretRef.Name, wgServer.Namespace); err != nil {
191185
r.eventRecorder.Event(wgServer, corev1.EventTypeWarning, "KeysSecretCheckFailed", fmt.Sprintf("Failed to check keys secret: %s", err))
192186
return ctrl.Result{}, err
193187
}
194188
r.eventRecorder.Event(wgServer, corev1.EventTypeNormal, "KeysSecretChecked", "Checked keys secret")
195189
}
196190

191+
if err := r.handleSecretRefStatus(ctx, wgServer); err != nil {
192+
klog.Errorf("Error while handling secret ref status: %v", err)
193+
r.eventRecorder.Event(wgServer, corev1.EventTypeWarning, "SecretRefStatusFailed",
194+
fmt.Sprintf("Failed to handle secret ref status: %s", err))
195+
return ctrl.Result{}, err
196+
}
197+
197198
// Ensure deployment (create or update)
198199
_, err = r.ensureDeployment(ctx, wgServer, deployNsName)
199200
if err != nil {

0 commit comments

Comments
 (0)