API Connect v10 - DataPower Pods are not created after Gateway CR is applied

When installing gateway sub component this can fail if stale webhooks are not cleaned up first.

Symptoms

DataPower CR is applied but nothing happens.
The API Connect Operator has an error message similar to

{
  "level": "error",
  "ts": "2020-06-23T14:24:48.464Z",
  "logger": "controller-runtime.controller",
  "msg": "Reconciler error",
  "controller": "gatewaycluster-controller",
  "request": "apic/gwv5",
  "error": "Internal error occurred: failed calling webhook \"DataPowerservices.validator.DataPower.ibm.com\": Post https://DataPower-operator.apic.svc:443/validate-DataPower-ibm-com-v1beta1-DataPowerservice?timeout=2s: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"DataPower-operator-ca\")",
  "stacktrace": "github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/jenkins/go/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/jenkins/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/jenkins/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/home/jenkins/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/jenkins/go/pkg/mod/k8s.io/apimachinery@v0.17.4/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/jenkins/go/pkg/mod/k8s.io/apimachinery@v0.17.4/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/jenkins/go/pkg/mod/k8s.io/apimachinery@v0.17.4/pkg/util/wait/wait.go:88"
}

The actual error is

"Internal error occurred: failed calling webhook \"DataPowerservices.validator.DataPower.ibm.com\": Post https://DataPower-operator.apic.svc:443/validate-DataPower-ibm-com-v1beta1-DataPowerservice?timeout=2s: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"DataPower-operator-ca\")"

Solution

This problems is caused by stale webhooks. The solution to this problem can be found here https://ibm.github.io/datapower-operator-doc/troubleshooting/stale-webhooks/

Then delete both the DataPower operator and API Connect operator pod to force them to recreate the webhooks.

Now you will need to remove the DataPower CR and apply it again.

DataPower should start deploying its pods.

Chris Phillips’ Blog - API, Integration and Governance

Home

About

Search

Categories

Guest Authors

API Connect v10 - DataPower Pods are not created after Gateway CR is applied

Symptoms

Solution

ABOUT	APICONNECT	API	DATAPOWER	OPENSHIFT	EVENTSTREAMS	INTEGRATION	DAY2-OPS	ACE
*All opinions expressed here are very much my own or of the author of the article, not those of IBM. All Code provided is provide as is with no support unless otherwise stated.*