unable to listen on ports 25 and 587

[xorduna]

Is there an existing issue for this?

• There is a related issue in kong/kong project (Problems with Kong installation via Helm Chart 2.38.0 kong#12898) but IMHO, i think this is more a misconfiguration or chart issue.

Context

Freshly installed kubernetes with version 1.29.1 in digitalocean

Kong version ($ kong version)

3.6

Chart version

tried with both kong/kong 2.38.0 and kong/ingress 0.12.0

Expected behaviour

I would like to use Kong Ingress Controller to listen on ports 25 and 587 because i want to expose email services that are running inside the cluster. I would like also to do SNI based routing on the port 587.

Current Behaviour

According to documentation to enable listening on ports lower than 1024, the gateway needs to run as root. This is done via the values configuration:

containerSecurityContext: # run as root to bind to lower ports
  capabilities:
    add: [NET_BIND_SERVICE]
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0
proxy:
  stream:
    - containerPort: 25
      servicePort: 25
      protocol: TCP
    - containerPort: 587
      servicePort: 587
      protocol: TCP
      parameters: [ssl]

those values are placed in values.yaml

helm repo add kong https://charts.konghq.com
helm repo update
helm install kic kong/kong -n kong

The status of the pods is checked via

kubectl get pods -n kong

When this option is used, the pod never starts because it tries to call the admin api client but gets a "conection refused".

Detailed logs

Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init)
2024-05-05T15:41:33Z	info	Diagnostics server disabled	{"v": 0}
2024-05-05T15:41:33Z	info	setup	Starting controller manager	{"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"}
2024-05-05T15:41:33Z	info	setup	The ingress class name has been set	{"v": 0, "value": "kong"}
2024-05-05T15:41:33Z	info	setup	Getting enabled options and features	{"v": 0}
2024-05-05T15:41:33Z	info	setup	Getting the kubernetes client configuration	{"v": 0}
W0505 15:41:33.633804       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
2024-05-05T15:41:33Z	info	setup	Starting standalone health check server	{"v": 0}
2024-05-05T15:41:33Z	info	setup	Getting the kong admin api client configuration	{"v": 0}
2024-05-05T15:41:33Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:34Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:35Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:36Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:37Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:38Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:39Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:40Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "7/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:41Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "8/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:42Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "9/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:43Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "10/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:44Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "11/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:45Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "12/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:46Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "13/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:47Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "14/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:48Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "15/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:49Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "16/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:50Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "17/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:51Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "18/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:52Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "19/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:53Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "20/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:54Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "21/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:55Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "22/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:56Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "23/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:57Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "24/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:58Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "25/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:41:59Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "26/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:00Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "27/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:01Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "28/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:02Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "29/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:03Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "30/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:04Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "31/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:05Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "32/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:06Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "33/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:07Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "34/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:08Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "35/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:09Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "36/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:10Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "37/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:11Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "38/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:12Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "39/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:13Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "40/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:14Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "41/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:15Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "42/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:16Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "43/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:17Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "44/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:18Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "45/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:19Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "46/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:20Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "47/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:21Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "48/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:22Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "49/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:23Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "50/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:24Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "51/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:25Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "52/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:26Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "53/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:27Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "54/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:28Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "55/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:29Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "56/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:30Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "57/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:31Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "58/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
2024-05-05T15:42:32Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "59/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
Error: could not retrieve Kong admin root(s): making HTTP request: Get "https://localhost:8444/": dial tcp [::1]:8444: connect: connection refused

Some findings

• remove stream section

  If I remove the proxy stream section (in older versions of the chart, it was needed to patch manually the service once it was deployed) the behaviour is the same.

  containerSecurityContext: # run as root to bind to lower ports
    capabilities:
      add: [NET_BIND_SERVICE]
    runAsGroup: 0
    runAsNonRoot: false
    runAsUser: 0
  

• remove security context section
  If I remove the containerSecurityContext section and only keep the stream section on ports 25 and 587 it gives the same error.

  proxy:
    stream:
      - containerPort: 25
        servicePort: 25
        protocol: TCP
      - containerPort: 587
        servicePort: 587
        protocol: TCP
        parameters: [ssl]
  

• enable stream on ports higher than 1024

  if I try to enable stream on ports higher than 1024, the pod starts perfectly although the connection to the admin api fails for 5 times.

  proxy:
    stream:
      - containerPort: 9025
        servicePort: 9025
        protocol: TCP
      - containerPort: 9587
        servicePort: 9587
        protocol: TCP
        parameters: [ssl]
  

  Detailed logs

  Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init)
  2024-05-05T15:58:05Z	info	Diagnostics server disabled	{"v": 0}
  2024-05-05T15:58:05Z	info	setup	Starting controller manager	{"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"}
  2024-05-05T15:58:05Z	info	setup	The ingress class name has been set	{"v": 0, "value": "kong"}
  2024-05-05T15:58:05Z	info	setup	Getting enabled options and features	{"v": 0}
  2024-05-05T15:58:05Z	info	setup	Getting the kubernetes client configuration	{"v": 0}
  W0505 15:58:05.279219       1 client_config.go:618] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
  2024-05-05T15:58:05Z	info	setup	Starting standalone health check server	{"v": 0}
  2024-05-05T15:58:05Z	info	setup	Getting the kong admin api client configuration	{"v": 0}
  2024-05-05T15:58:05Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:06Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:07Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:08Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:09Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:10Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:11Z	info	setup	Retrying kong admin api client call after error	{"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"}
  2024-05-05T15:58:13Z	info	setup	Configuring and building the controller manager	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Building the manager runtime scheme and loading apis into the scheme	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	DB-less mode detected, disabling leader election	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Initializing Dataplane Client	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Emitting Kubernetes events enabled, creating an event recorder for kong-client	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Starting Admission Server	{"v": 0}
  2024-05-05T15:58:13Z	info	controller-runtime.certwatcher	Updated current TLS certificate	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Initializing Dataplane Synchronizer	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Starting Status Updater	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Initializing Dataplane address Discovery	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Falling back to a default address finder for UDP	{"v": 0, "reason": "no publish status address or publish service were provided"}
  2024-05-05T15:58:13Z	info	setup	Starting Enabled Controllers	{"v": 0}
  2024-05-05T15:58:13Z	info	controller-runtime.certwatcher	Starting certificate watcher	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Add readiness probe to health server	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Starting KongLicense controller	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Inject license getter to config translator	{"v": 0, "license_getter_type": "*configuration.KongV1Alpha1KongLicenseReconciler"}
  2024-05-05T15:58:13Z	info	telemetry	starting telemetry manager	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Anonymous reports enabled	{"v": 0}
  2024-05-05T15:58:13Z	info	setup	Starting manager	{"v": 0}
  2024-05-05T15:58:13Z	info	controller-runtime.metrics	Starting metrics server	{"v": 0}
  2024-05-05T15:58:13Z	info	controller-runtime.metrics	Serving metrics server	{"v": 0, "bindAddress": ":10255", "secure": false}
  2024-05-05T15:58:13Z	info	controllers.Ingress.netv1	Starting EventSource	{"v": 0, "source": "channel source: 0xc00071af00"}
  2024-05-05T15:58:13Z	info	controllers.Ingress.netv1	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.Ingress.netv1	Starting EventSource	{"v": 0, "source": "kind source: *v1.Ingress"}
  2024-05-05T15:58:13Z	info	controllers.Ingress.netv1	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.UDPIngress	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e0000"}
  2024-05-05T15:58:13Z	info	controllers.UDPIngress	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.UDPIngress	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.UDPIngress"}
  2024-05-05T15:58:13Z	info	controllers.UDPIngress	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.TCPIngress	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e0080"}
  2024-05-05T15:58:13Z	info	controllers.TCPIngress	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.TCPIngress	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.TCPIngress"}
  2024-05-05T15:58:13Z	info	controllers.TCPIngress	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongPlugin	Starting EventSource	{"v": 0, "source": "kind source: *v1.KongPlugin"}
  2024-05-05T15:58:13Z	info	controllers.KongPlugin	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.IngressClass.netv1	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.IngressClass.netv1	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.EndpointSlice	Starting EventSource	{"v": 0, "source": "kind source: *v1.EndpointSlice"}
  2024-05-05T15:58:13Z	info	controllers.EndpointSlice	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.Service	Starting EventSource	{"v": 0, "source": "kind source: *v1.Service"}
  2024-05-05T15:58:13Z	info	controllers.Service	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.Secrets	Starting EventSource	{"v": 0, "source": "kind source: *v1.Secret"}
  2024-05-05T15:58:13Z	info	controllers.Secrets	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongIngress	Starting EventSource	{"v": 0, "source": "kind source: *v1.KongIngress"}
  2024-05-05T15:58:13Z	info	controllers.KongIngress	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.IngressClassParameters	Starting EventSource	{"v": 0, "source": "kind source: *v1alpha1.IngressClassParameters"}
  2024-05-05T15:58:13Z	info	controllers.IngressClassParameters	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongConsumerGroup	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e0240"}
  2024-05-05T15:58:13Z	info	controllers.KongConsumerGroup	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.KongConsumerGroup	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.KongConsumerGroup"}
  2024-05-05T15:58:13Z	info	controllers.KongConsumerGroup	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongConsumer	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e01c0"}
  2024-05-05T15:58:13Z	info	controllers.KongConsumer	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.KongConsumer	Starting EventSource	{"v": 0, "source": "kind source: *v1.KongConsumer"}
  2024-05-05T15:58:13Z	info	controllers.KongConsumer	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting EventSource	{"v": 0, "source": "kind source: *v1.Service"}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting EventSource	{"v": 0, "source": "kind source: *v1.HTTPRoute"}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.KongUpstreamPolicy"}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e1680"}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e16c0"}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongVault	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e1700"}
  2024-05-05T15:58:13Z	info	controllers.KongVault	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.KongVault	Starting EventSource	{"v": 0, "source": "kind source: *v1alpha1.KongVault"}
  2024-05-05T15:58:13Z	info	controllers.KongVault	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.ReferenceGrant	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"}
  2024-05-05T15:58:13Z	info	controllers.ReferenceGrant	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongClusterPlugin	Starting EventSource	{"v": 0, "source": "kind source: *v1.IngressClass"}
  2024-05-05T15:58:13Z	info	controllers.KongClusterPlugin	Starting EventSource	{"v": 0, "source": "kind source: *v1.KongClusterPlugin"}
  2024-05-05T15:58:13Z	info	controllers.KongClusterPlugin	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting EventSource	{"v": 0, "source": "kind source: *v1.Gateway"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting EventSource	{"v": 0, "source": "kind source: *v1.GatewayClass"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting EventSource	{"v": 0, "source": "kind source: *v1.Service"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting EventSource	{"v": 0, "source": "kind source: *v1.HTTPRoute"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting EventSource	{"v": 0, "source": "kind source: *v1.GatewayClass"}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting EventSource	{"v": 0, "source": "kind source: *v1.Gateway"}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting EventSource	{"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting EventSource	{"v": 0, "source": "channel source: 0xc0008e1f40"}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting EventSource	{"v": 0, "source": "kind source: *v1.HTTPRoute"}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.Gateway.V1GatewayClass	Starting EventSource	{"v": 0, "source": "kind source: *v1.GatewayClass"}
  2024-05-05T15:58:13Z	info	controllers.Gateway.V1GatewayClass	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.KongLicense	Starting EventSource	{"v": 0, "source": "channel source: 0xc0009fc600"}
  2024-05-05T15:58:13Z	info	controllers.KongLicense	Starting EventSource	{"v": 0, "source": "kind source: *v1alpha1.KongLicense"}
  2024-05-05T15:58:13Z	info	controllers.KongLicense	Starting Controller	{"v": 0}
  2024-05-05T15:58:13Z	info	controllers.Service	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.ReferenceGrant	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongClusterPlugin	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.IngressClass.netv1	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.HTTPRoute	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongPlugin	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.EndpointSlice	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.Ingress.netv1	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.Secrets	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongIngress	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.UDPIngress	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.TCPIngress	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.IngressClassParameters	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongUpstreamPolicy	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongConsumerGroup	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongConsumer	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "8464b91c-e0fb-4413-bf57-7cabb7975b34", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "8464b91c-e0fb-4413-bf57-7cabb7975b34", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway.V1GatewayClass	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongLicense	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	info	controllers.KongVault	Starting workers	{"v": 0, "worker count": 1}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "c5a628e6-4308-4263-ab8d-932796774f33", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "c5a628e6-4308-4263-ab8d-932796774f33", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "81df0c5a-80b5-4ad0-b135-4a402c63d1a7", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "81df0c5a-80b5-4ad0-b135-4a402c63d1a7", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "40d7d996-b4d1-4916-a093-dd91b5663f49", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "40d7d996-b4d1-4916-a093-dd91b5663f49", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "b92bf0e9-b3e3-41f6-8aef-6e176f30cce1", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "b92bf0e9-b3e3-41f6-8aef-6e176f30cce1", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "cdc46429-6269-4050-ab19-b1c361f5a82d", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "cdc46429-6269-4050-ab19-b1c361f5a82d", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:13Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "e9fb50ed-9d29-4dd4-a31e-f35c06290665", "v": 0}
  2024-05-05T15:58:13Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "e9fb50ed-9d29-4dd4-a31e-f35c06290665", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:14Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:14Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "abf0bafe-30b6-42f9-afc5-9fb346b8fc18", "v": 0}
  2024-05-05T15:58:14Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "abf0bafe-30b6-42f9-afc5-9fb346b8fc18", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:14Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:14Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "8f6de5f9-4096-482e-9934-84692ca03346", "v": 0}
  2024-05-05T15:58:14Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "8f6de5f9-4096-482e-9934-84692ca03346", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:16Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:16Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "bc86706e-a1c6-4f9f-86a6-2926364c1182", "v": 0}
  2024-05-05T15:58:16Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "bc86706e-a1c6-4f9f-86a6-2926364c1182", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:18Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:18Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "7e438ade-39da-48af-bbd4-4050fd5e109f", "v": 0}
  2024-05-05T15:58:18Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "7e438ade-39da-48af-bbd4-4050fd5e109f", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:21Z	info	Successfully synced configuration to Kong	{"url": "https://localhost:8444", "update_strategy": "InMemory", "v": 0}
  2024-05-05T15:58:23Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:23Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "c0508d67-82df-40fa-a64b-d016ed9824d0", "v": 0}
  2024-05-05T15:58:23Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "c0508d67-82df-40fa-a64b-d016ed9824d0", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:33Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:33Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "316ca12c-5759-497b-8542-8f812c2f622f", "v": 0}
  2024-05-05T15:58:33Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "316ca12c-5759-497b-8542-8f812c2f622f", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:54Z	error	controllers.Gateway	One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration	{"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  2024-05-05T15:58:54Z	info	controllers.Gateway	Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler	{"reconcileID": "fef9ba46-dff5-47d6-8c26-b5c43c16dbd5", "v": 0}
  2024-05-05T15:58:54Z	error	controllers.Gateway	Reconciler error	{"reconcileID": "fef9ba46-dff5-47d6-8c26-b5c43c16dbd5", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"}
  

• Enabling Admin API specifically

  If Admin API is not enabled specifically, this warning is shown when installing the helm

  WARNING: Kong Manager will not be functional because the Admin API is not
  enabled. Setting both .admin.enabled and .admin.http.enabled and/or
  .admin.tls.enabled to true to enable the Admin API over HTTP/TLS.
  

  But enabling the admin API does not produce any change in the behaviour

• Installing with kong/ingress

  I tried also to install chart kong/ingress specifically setting the security context in the gateway section

  gateway:
    containerSecurityContext: # run as root to bind to lower ports
      capabilities:
        add: [NET_BIND_SERVICE]
      runAsGroup: 0
      runAsNonRoot: false
      runAsUser: 0
    deployment:
      hostNetwork: true
    proxy:
      stream:
        - containerPort: 25
          servicePort: 25
          protocol: TCP
        - containerPort: 587
          servicePort: 587
          protocol: TCP
          parameters: [ssl]
  

  Then the controller starts perfectly

  $ kubectl get pods -n kong
  NAME                              READY   STATUS             RESTARTS     AGE
  kic-controller-69b57cfddf-wxpgx   0/1     Running            0            10s
  kic-gateway-7c4cb4985-qqghw       0/1     CrashLoopBackOff   1 (1s ago)   10s
  

  But the gateway gives this error

  $ kubectl logs kic-gateway-7c4cb4985-qqghw -n kong
  Defaulted container "proxy" out of: proxy, clear-stale-pid (init)
  nginx: [emerg] chown("/kong_prefix/dbless.lmdb", 65534) failed (1: Operation not permitted)
  

• Older versions
  After testing all older versions, I found out that the problem starts to happen on chart version 2.30.0. Chart version 2.29.0 starts without any problem with the following value configuration

  containerSecurityContext: # run as root to bind to lower ports
    capabilities:
      add: [NET_BIND_SERVICE]
    runAsGroup: 0
    runAsNonRoot: false
    runAsUser: 0
  proxy:
    stream:
      - containerPort: 25
        servicePort: 25
        protocol: TCP
      - containerPort: 587
        servicePort: 587
        protocol: TCP
        parameters: [ssl]
  

Any clue?

[xorduna]

After digging into the problem, i have seen that it seems there is a conflict between the policy set in the values.yaml. Comenting the capabilities.drop in the original values.yaml makes enabling the listening on lower ports to work.

# securityContext for containers.
containerSecurityContext:
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  runAsUser: 1000
  runAsNonRoot: true
  seccompProfile:
    type: RuntimeDefault
#  capabilities:
#    drop:
#    - ALL

This change was introduced in: 179f76c by @rainest

What still bothers me is that the difference between those two options, wether or not the pod is able to reach the admin api client

With `capabilities.drop: [ ALL ]`

``` $ kubectl logs kic-kong-78b5d9f79f-x5g8b -n kong Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init) 2024-05-05T21:26:57Z info Diagnostics server disabled {"v": 0} 2024-05-05T21:26:57Z info setup Starting controller manager {"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"} 2024-05-05T21:26:57Z info setup The ingress class name has been set {"v": 0, "value": "kong"} 2024-05-05T21:26:57Z info setup Getting enabled options and features {"v": 0} 2024-05-05T21:26:57Z info setup Getting the kubernetes client configuration {"v": 0} W0505 21:26:57.925910 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. 2024-05-05T21:26:57Z info setup Starting standalone health check server {"v": 0} 2024-05-05T21:26:57Z info setup Getting the kong admin api client configuration {"v": 0} 2024-05-05T21:26:57Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:26:58Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:26:59Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:00Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:01Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:02Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:03Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:04Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "7/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:05Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "8/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:06Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "9/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:07Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "10/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:08Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "11/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:09Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "12/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:10Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "13/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:11Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "14/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:12Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "15/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:13Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "16/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:14Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "17/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:15Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "18/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:16Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "19/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:17Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "20/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:18Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "21/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:19Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "22/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:20Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "23/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:21Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "24/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:22Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "25/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:23Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "26/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:24Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "27/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:25Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "28/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:26Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "29/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:27Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "30/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:28Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "31/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:29Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "32/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:30Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "33/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:31Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "34/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:32Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "35/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:33Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "36/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:34Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "37/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:35Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "38/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:36Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "39/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:37Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "40/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:38Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "41/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:39Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "42/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:40Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "43/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:41Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "44/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:42Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "45/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:43Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "46/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:44Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "47/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:45Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "48/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:46Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "49/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:47Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "50/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:48Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "51/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:49Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "52/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:50Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "53/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:51Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "54/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:52Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "55/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:54Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "56/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:55Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "57/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:56Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "58/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:27:57Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "59/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} Error: could not retrieve Kong admin root(s): making HTTP request: Get "https://localhost:8444/": dial tcp [::1]:8444: connect: connection refused ```

Without `capabilities.drop: [ ALL ]`

``` $ kubectl logs kic-kong-64686cf759-kmrtd -n kong Defaulted container "ingress-controller" out of: ingress-controller, proxy, clear-stale-pid (init) 2024-05-05T21:43:18Z info Diagnostics server disabled {"v": 0} 2024-05-05T21:43:18Z info setup Starting controller manager {"v": 0, "release": "3.1.4", "repo": "https://github.com/Kong/kubernetes-ingress-controller.git", "commit": "ebae7a53040f8f95272e8fa642244a88a6df57fd"} 2024-05-05T21:43:18Z info setup The ingress class name has been set {"v": 0, "value": "kong"} 2024-05-05T21:43:18Z info setup Getting enabled options and features {"v": 0} 2024-05-05T21:43:18Z info setup Getting the kubernetes client configuration {"v": 0} W0505 21:43:18.605543 1 client_config.go:618] Neither --kubeconfig nor --master was specified. Using the inClusterConfig. This might not work. 2024-05-05T21:43:18Z info setup Starting standalone health check server {"v": 0} 2024-05-05T21:43:18Z info setup Getting the kong admin api client configuration {"v": 0} 2024-05-05T21:43:18Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "0/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:19Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "1/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:20Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "2/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:21Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "3/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:22Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "4/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:23Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "5/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:24Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "6/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:25Z info setup Retrying kong admin api client call after error {"v": 0, "retries": "7/60", "error": "making HTTP request: Get \"https://localhost:8444/\": dial tcp [::1]:8444: connect: connection refused"} 2024-05-05T21:43:27Z info setup Configuring and building the controller manager {"v": 0} 2024-05-05T21:43:27Z info setup Building the manager runtime scheme and loading apis into the scheme {"v": 0} 2024-05-05T21:43:27Z info setup DB-less mode detected, disabling leader election {"v": 0} 2024-05-05T21:43:27Z info setup Initializing Dataplane Client {"v": 0} 2024-05-05T21:43:27Z info setup Emitting Kubernetes events enabled, creating an event recorder for kong-client {"v": 0} 2024-05-05T21:43:27Z info setup Starting Admission Server {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.certwatcher Updated current TLS certificate {"v": 0} 2024-05-05T21:43:27Z info setup Initializing Dataplane Synchronizer {"v": 0} 2024-05-05T21:43:27Z info setup Starting Status Updater {"v": 0} 2024-05-05T21:43:27Z info setup Initializing Dataplane address Discovery {"v": 0} 2024-05-05T21:43:27Z info setup Falling back to a default address finder for UDP {"v": 0, "reason": "no publish status address or publish service were provided"} 2024-05-05T21:43:27Z info setup Starting Enabled Controllers {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.certwatcher Starting certificate watcher {"v": 0} 2024-05-05T21:43:27Z info setup Add readiness probe to health server {"v": 0} 2024-05-05T21:43:27Z info setup Starting KongLicense controller {"v": 0} 2024-05-05T21:43:27Z info setup Inject license getter to config translator {"v": 0, "license_getter_type": "*configuration.KongV1Alpha1KongLicenseReconciler"} 2024-05-05T21:43:27Z info telemetry starting telemetry manager {"v": 0} 2024-05-05T21:43:27Z info setup Anonymous reports enabled {"v": 0} 2024-05-05T21:43:27Z info setup Starting manager {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.metrics Starting metrics server {"v": 0} 2024-05-05T21:43:27Z info controller-runtime.metrics Serving metrics server {"v": 0, "bindAddress": ":10255", "secure": false} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc040"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.Ingress"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.IngressClass.netv1 Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.IngressClass.netv1 Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.EndpointSlice Starting EventSource {"v": 0, "source": "kind source: *v1.EndpointSlice"} 2024-05-05T21:43:27Z info controllers.EndpointSlice Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Service Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T21:43:27Z info controllers.Service Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc1c0"} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting EventSource {"v": 0, "source": "kind source: *v1beta1.UDPIngress"} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Secrets Starting EventSource {"v": 0, "source": "kind source: *v1.Secret"} 2024-05-05T21:43:27Z info controllers.Secrets Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongIngress Starting EventSource {"v": 0, "source": "kind source: *v1.KongIngress"} 2024-05-05T21:43:27Z info controllers.KongIngress Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc240"} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting EventSource {"v": 0, "source": "kind source: *v1beta1.TCPIngress"} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.KongPlugin"} 2024-05-05T21:43:27Z info controllers.KongPlugin Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.IngressClassParameters Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.IngressClassParameters"} 2024-05-05T21:43:27Z info controllers.IngressClassParameters Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc400"} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting EventSource {"v": 0, "source": "kind source: *v1beta1.KongConsumerGroup"} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "channel source: 0xc0008cc380"} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting EventSource {"v": 0, "source": "kind source: *v1.KongConsumer"} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "kind source: *v1beta1.KongUpstreamPolicy"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "channel source: 0xc0008cd840"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting EventSource {"v": 0, "source": "channel source: 0xc0008cd880"} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting EventSource {"v": 0, "source": "kind source: *v1.KongClusterPlugin"} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.Gateway"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.Service"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T21:43:27Z info controllers.Gateway Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T21:43:27Z info controllers.Gateway Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongVault Starting EventSource {"v": 0, "source": "channel source: 0xc0008cd8c0"} 2024-05-05T21:43:27Z info controllers.KongVault Starting EventSource {"v": 0, "source": "kind source: *v1.IngressClass"} 2024-05-05T21:43:27Z info controllers.KongVault Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.KongVault"} 2024-05-05T21:43:27Z info controllers.KongVault Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.Gateway"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "channel source: 0xc000a58100"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting EventSource {"v": 0, "source": "kind source: *v1.HTTPRoute"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Gateway.V1GatewayClass Starting EventSource {"v": 0, "source": "kind source: *v1.GatewayClass"} 2024-05-05T21:43:27Z info controllers.Gateway.V1GatewayClass Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.KongLicense Starting EventSource {"v": 0, "source": "channel source: 0xc000a587c0"} 2024-05-05T21:43:27Z info controllers.KongLicense Starting EventSource {"v": 0, "source": "kind source: *v1alpha1.KongLicense"} 2024-05-05T21:43:27Z info controllers.KongLicense Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.ReferenceGrant Starting EventSource {"v": 0, "source": "kind source: *v1beta1.ReferenceGrant"} 2024-05-05T21:43:27Z info controllers.ReferenceGrant Starting Controller {"v": 0} 2024-05-05T21:43:27Z info controllers.Service Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.ReferenceGrant Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.IngressClass.netv1 Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.EndpointSlice Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.Gateway.V1GatewayClass Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.Secrets Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.UDPIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongPlugin Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.TCPIngress Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.IngressClassParameters Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongConsumerGroup Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongConsumer Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongUpstreamPolicy Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongClusterPlugin Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.KongVault Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z info controllers.Gateway Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "a9bb2107-92dc-49a1-9958-3d8679fbd1fa", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "a9bb2107-92dc-49a1-9958-3d8679fbd1fa", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.KongLicense Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "5b1b0b94-178e-43fc-b814-eac48ff5f286", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "5b1b0b94-178e-43fc-b814-eac48ff5f286", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "bb9c378f-c2d3-49ae-8462-5c5002f7d143", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "bb9c378f-c2d3-49ae-8462-5c5002f7d143", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "7dbd3cd0-11a6-4e00-8081-bcfe7806d5eb", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "7dbd3cd0-11a6-4e00-8081-bcfe7806d5eb", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.HTTPRoute Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "155275da-188c-4071-b601-ed106def0832", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "155275da-188c-4071-b601-ed106def0832", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Ingress.netv1 Starting workers {"v": 0, "worker count": 1} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "14a6f3bd-79de-4dee-b501-e8d2f529864d", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "14a6f3bd-79de-4dee-b501-e8d2f529864d", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "25ab04f3-c763-4c0b-b532-137f225b3959", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "25ab04f3-c763-4c0b-b532-137f225b3959", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:27Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "10d8ddc1-a720-4bb9-954b-135bf3e68792", "v": 0} 2024-05-05T21:43:27Z error controllers.Gateway Reconciler error {"reconcileID": "10d8ddc1-a720-4bb9-954b-135bf3e68792", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:28Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:28Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "c3da348e-4e63-4590-ac08-eb5f4919a4db", "v": 0} 2024-05-05T21:43:28Z error controllers.Gateway Reconciler error {"reconcileID": "c3da348e-4e63-4590-ac08-eb5f4919a4db", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:29Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:29Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "91192126-4ad0-4ec8-8fd9-ee2c8d2ea744", "v": 0} 2024-05-05T21:43:29Z error controllers.Gateway Reconciler error {"reconcileID": "91192126-4ad0-4ec8-8fd9-ee2c8d2ea744", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:32Z error controllers.Gateway One of publish services defined in Gateway's "konghq.com/publish-service" annotation didn't match controller manager's configuration {"GatewayV1Gateway": {"name":"kong","namespace":"default"}, "namespace": "default", "name": "kong", "service": "kong/kong-gateway-proxy", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:32Z info controllers.Gateway Warning: Reconciler returned both a non-zero result and a non-nil error. The result will always be ignored if the error is non-nil and the non-nil error causes reqeueuing with exponential backoff. For more details, see: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/reconcile#Reconciler {"reconcileID": "3b495718-e69f-4080-98bb-06de7be0acec", "v": 0} 2024-05-05T21:43:32Z error controllers.Gateway Reconciler error {"reconcileID": "3b495718-e69f-4080-98bb-06de7be0acec", "error": "publish service reference \"kong/kong-gateway-proxy\" from Gateway's annotations did not match configured controller manager's publish services (\"kong/kic-kong-proxy\")"} 2024-05-05T21:43:35Z info Successfully synced configuration to Kong {"url": "https://localhost:8444", "update_strategy": "InMemory", "v": 0} 2024-05-05T21:43:35Z error controllers.TCPIngress Reconciler error {"reconcileID": "ec25ef61-80e7-4d76-9a20-860167f6c28b", "error": "waiting for addresses to be provisioned for publish service kong/kic-kong-proxy"} 2024-05-05T21:43:35Z error controllers.TCPIngress Reconciler error {"reconcileID": "7e60e569-78b6-4c25-9dc3-3dfcd5e7f10c", "error": "waiting for addresses to be provisioned for publish service kong/kic-kong-proxy"} ```

[xorduna]

Finally, installing kong/kong with the following options makes everything work

helm install kic kong/kong -n kong -f proxy-stream-security.yaml

containerSecurityContext: # run as root to bind to lower ports
  capabilities:
    add: [NET_BIND_SERVICE]
    drop: []
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0
proxy:
  stream:
    - containerPort: 25
      servicePort: 25
      protocol: TCP
    - containerPort: 587
      servicePort: 587
      protocol: TCP
      parameters: [ssl]

You just need to override the capabilities.drop to []

But my limited knowledge of kong or/and kubernetes makes me wonder wether or not keeps with the spirit of issue Kong/kubernetes-ingress-controller#4102 and #909.

[rainest]

We want to drop all capabilities by default because most install don't need them and it allows installing into restricted namespaces.

AFAIK setting an explicit [] empty array value is indeed all you need here. The way default overrides work for array and object types in Helm YAML merges unfortunately isn't entirely intuitive.

Closing this since it looks solved, but if there was still some lingering issue please respond back and we can review further.

[xorduna]

Hi,

Maybe we can add a small comment on the documentation?

Thanks