cilium-ingress autogenerated CEC definition removed on k8s ingress deletion #29306
Description
Is there an existing issue for this?
- I have searched the existing issues
What happened?
I am using cilium-ingress in shared LB mode as our ingress controller. When doing an ingress deletion the autogenerated cilium-ingress CEC definition gets removed. This does not happen on Background type deletion, but it does for others types (Foreground and Orphan).
apiVersion: cilium.io/v2
kind: CiliumEnvoyConfig
metadata:
creationTimestamp: "2023-11-17T10:00:19Z"
generation: 234
name: cilium-ingress
namespace: kube-system
resourceVersion: "133239285"
uid: 1f1ef3c1-126d-4e7c-963d-44cf12e20891
spec:
services:
- listener: ""
name: cilium-ingress
namespace: kube-system
In v1.14.3, the cec was not being recreated, but gone once I deleted an ingress. In v1.14.4 it recreates a non-defined cec.
The following logs were observed:
level=debug msg="Handling ingress updated event" ingress=goldilocks-dashboard k8sNamespace=goldilocks subsys=ingress-controller
level=debug msg="Generated model for ingress" forcedShared=false ingress=goldilocks-dashboard k8sNamespace=goldilocks model="&{[] []}" subsys=ingress-controller
level=debug msg="Translated resources for ingress" ciliumEnvoyConfig="&{{ } {cilium-ingress kube-system 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []} {[0xc000ca9f80] [] []}}" endpoint=nil ingress=goldilocks-dashboard k8sNamespace=goldilocks service=nil subsys=ingress-controller
level=debug msg="Updated CiliumEnvoyConfig for ingress" subsys=ingress-controller
level=debug msg="Handling ingress deleted event" ingress=goldilocks-dashboard k8sNamespace=goldilocks subsys=ingress-controller
level=debug msg="Deleting CiliumEnvoyConfig for ingress" ingress=goldilocks-dashboard k8sNamespace=goldilocks subsys=ingress-controller
level=debug msg="Generated model for ingress" forcedShared=true ingress=goldilocks-dashboard k8sNamespace=goldilocks model="&{[] []}" subsys=ingress-controller
level=debug msg="Translated resources for ingress" ciliumEnvoyConfig="&{{ } {cilium-ingress kube-system 0 0001-01-01 00:00:00 +0000 UTC <nil> <nil> map[] map[] [] [] []} {[0xc000cfc900] [] []}}" endpoint=nil ingress=goldilocks-dashboard k8sNamespace=goldilocks service=nil subsys=ingress-controller
level=debug msg="No change for existing CiliumEnvoyConfig" ciliumEnvoyConfigName=kube-system/cilium-ingress subsys=ingress-controller
This most likely happens due to ownership references. The ingresses are owners of the cec and for those types of deletion whenever an ingress is deleted, it deletes the cec also.
Cilium Version
v1.14.4
Kernel Version
5.15
Kubernetes Version
v1.27.3-gke.1700
Sysdump
No response
Relevant log output
No response
Anything else?
No response
Code of Conduct
- I agree to follow this project's Code of Conduct
Metadata
Metadata
Assignees
Labels
Cilium agent related.Impacts the kubernetes API, or kubernetes -> cilium internals translation layers.The GH issue has received a reply from the authorThis is a bug in the Cilium logic.This was reported by a user in the Cilium community, eg via Slack.This issue requires triaging to establish severity and next steps.