[BUG] Webhook Health Checker Panics on Startup, Crashes Controller #2355
Description
What happened:
The kruise-controller webhook server crashes on startup with an unrecoverable panic if:
- The CA certificate file cannot be loaded from
/kruise/cert-dir/ca-cert.pem, OR - The filesystem watcher (
fsnotify.Watcher) fails to initialize, OR - The watcher fails to add the CA cert file path
The panic occurs in pkg/webhook/util/health/checker.go at lines 113, 117, and 120 within a sync.Once block, making it impossible to recover.
What you expected to happen:
The health checker should:
- Return an error instead of panicking
- Allow the webhook server to start with a failing health check
- Log the error and retry initialization gracefully
- Not crash the entire controller process
How to reproduce it (as minimally and precisely as possible):
- Deploy kruise-controller in a namespace where the cert directory is misconfigured or missing
- OR: Deploy on a filesystem that doesn't support
fsnotify(certain network filesystems) - OR: Set incorrect permissions on the certificate directory
- Observe the controller pod crash-looping with panic trace like: