standalone mode always emits error logs that are not actionable or fixable by users

[mathetake]

These four logs are useless as it's not user-triggered bug or error, so simply distracting users. Ideally we should either do not log all of them or fix the error accordingly.

2025-07-25T08:50:46.014-0700    ERROR   infrastructure  runner/runner.go:71     failed to delete ratelimit infra        {"runner": "infrastructure", "error": "delete ratelimit infrastructure is not supported yet for host infrastructure"}
2025-07-25T08:50:46.510-0700    ERROR   provider        kubernetes/controller.go:304    failed processOIDCHMACSecret for gatewayClass aigw-run  {"runner": "provider", "error": "secrets \"envoy-oidc-hmac\" not found"}
2025-07-25T08:50:46.510-0700    ERROR   provider        kubernetes/controller.go:313    failed processEnvoyTLSSecret for gatewayClass aigw-run  {"runner": "provider", "error": "secrets \"envoy\" not found"}
2025-07-25T08:50:46.520-0700    ERROR   gateway-api     runner/runner.go:184    errors detected during translation      {"runner": "gateway-api", "gateway-class": "aigw-run", "error": "envoy TLS secret envoy-gateway-system/envoy not found"}

at least for the ratelimit stuff, i would suggest the change like this

diff --git a/internal/infrastructure/host/ratelimit_infra.go b/internal/infrastructure/host/ratelimit_infra.go
index 41871c913..665e64fda 100644
--- a/internal/infrastructure/host/ratelimit_infra.go
+++ b/internal/infrastructure/host/ratelimit_infra.go
@@ -18,6 +18,9 @@ func (i *Infra) CreateOrUpdateRateLimitInfra(ctx context.Context) error {
 }
 
 // DeleteRateLimitInfra removes the managed host rate limit process, if it doesn't exist.
-func (i *Infra) DeleteRateLimitInfra(ctx context.Context) error {
-       return fmt.Errorf("delete ratelimit infrastructure is not supported yet for host infrastructure")
+func (i *Infra) DeleteRateLimitInfra(context.Context) error {
+       // Currently, nothing to do here while this is unconditionally called due to the abstraction over k8s vs. host infra.
+       // We need to do something once the CreateOrUpdateRateLimitInfra is actually implemented.
+       // Meanwhile, this being called is not an error.
+       return nil
 }

The other threes should either make it conditional or adds secrets created via kubeneters.CertsToSecret into the fake client used by offline controller.

[dxtym]

Hello, can I get this issue?

[arkodg]

hey @mathetake these errors are all legit, they are limitations of the standalone mode to support features such as rate limiting and oidc

instead of suppressing these errors, we could flag the feature limitation or just address these
cc @shawnh2

[github-actions]

This issue has been automatically marked as stale because it has not had activity in the last 30 days.