Getting "invalid memory address or nil pointer dereference" error when associating k8s secret of kongCredType=oauth2 to KongConsumer while using OAuth2 Plugin

I got Kong up and running fine using the Kong Helm chart (Kong version: 2.1) and the oauth2 plugin. However, I get a runtime error when I try to create a secret and associate it with my KongConsumer.

The error message:

kristoph_matthews@cloudshell:~/nxauthdemo/gateway$ kubectl logs -f kong-1604980559-kong-6b7dc96594-gc846 -c ingress-controller
-------------------------------------------------------------------------------
Kong Ingress controller
  Release:    1.0.0
  Build:      a34ce92
  Repository: git@github.com:Kong/kubernetes-ingress-controller.git
  Go:         go1.15.2
-------------------------------------------------------------------------------
W1110 17:26:45.138134       1 client_config.go:608] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
time="2020-11-10T17:26:45Z" level=info msg="version of kubernetes api-server: 1.16+" api-server-host="https://10.116.0.1:443" git_commit=eb94c181eea5290e9da1238db02cfef263542f5f git_tree_state=clean git_vers
ion=v1.16.13-gke.401 major=1 minor=16+ platform=linux/amd64
time="2020-11-10T17:26:45Z" level=info msg="kong version: 2.1.4" kong_version=2.1.4
time="2020-11-10T17:26:45Z" level=info msg="datastore strategy for kong: postgres"
time="2020-11-10T17:26:45Z" level=info msg="chosen Ingress API version: networking.k8s.io/v1beta1"
time="2020-11-10T17:26:45Z" level=info msg="starting leader election" component=elector retry-count=1
I1110 17:26:45.436106       1 leaderelection.go:243] attempting to acquire leader lease  default/kong-ingress-controller-leader-kong-kong...
I1110 17:26:45.446289       1 leaderelection.go:253] successfully acquired lease default/kong-ingress-controller-leader-kong-kong
time="2020-11-10T17:26:45Z" level=info msg="started leading" component=status-syncer
time="2020-11-10T17:26:45Z" level=info msg="leadership changed" component=status-syncer leader=kong-1604980559-kong-6b7dc96594-gc846
time="2020-11-10T17:26:48Z" level=info msg="syncing configuration" component=controller
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x14ea60e]
goroutine 342 [running]:
github.com/kong/deck/state.(*Oauth2Credential).Console(0xc000177730, 0x19bac66, 0x6)
        /go/pkg/mod/github.com/kong/deck@v1.2.1/state/types.go:883 +0x4e
github.com/kong/deck/solver.Solve.func2(0x19bac66, 0x6, 0x19c1c1e, 0xb, 0x18e8000, 0xc000177730, 0x0, 0x0, 0x6b4e7946545a4970, 0xc0007fce80, ...)
        /go/pkg/mod/github.com/kong/deck@v1.2.1/solver/solver.go:43 +0x6b6
github.com/kong/deck/diff.(*Syncer).handleEvent(0xc000ded680, 0xc000e09220, 0x19bac66, 0x6, 0x19c1c1e, 0xb, 0x18e8000, 0xc000177730, 0x0, 0x0, ...)
        /go/pkg/mod/github.com/kong/deck@v1.2.1/diff/diff.go:373 +0x62
github.com/kong/deck/diff.(*Syncer).eventLoop(0xc000ded680, 0xc000e09220, 0x5457494a56537251, 0xc0008c7440)
        /go/pkg/mod/github.com/kong/deck@v1.2.1/diff/diff.go:363 +0x139
github.com/kong/deck/diff.(*Syncer).Run.func1(0xc000ded680, 0xc000e09220, 0xc000e16244)
        /go/pkg/mod/github.com/kong/deck@v1.2.1/diff/diff.go:307 +0x35
created by github.com/kong/deck/diff.(*Syncer).Run
        /go/pkg/mod/github.com/kong/deck@v1.2.1/diff/diff.go:306 +0x185

Here is the kongconsumer.yaml:

apiVersion: configuration.konghq.com/v1
kind: KongConsumer
metadata:
  name: nx-default-kong-consumer
  annotations:
    kubernetes.io/ingress.class: kong
    konghq.com/plugins: request-termination
username: nx-default-kong-consumer
# custom_id: nxdefaultkongconsumer0
credentials:
  - kong-oauth2-secret-flasky

oauth2plugin.yaml

apiVersion: configuration.konghq.com/v1
kind: KongPlugin
metadata:
  name: oauth2
config:
  scopes: 
    - default
  enable_client_credentials: true
  anonymous: "nx-default-kong-consumer"
  # anonymous: "184324f9-25f7-4d6f-a7ee-6c49ff64f54c"
  # provision_key: "abc"

plugin: oauth2

How I created the secret:

kubectl create secret generic kong-oauth2-secret-flasky  \
  --from-literal=kongCredType=oauth2  \
  --from-literal=client_id=abc \
  --from-literal=client_secret=xyz

I added --from-literal=name=mysecret to the “create secret” line, and it works. I think this can be resolved.


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ