search

arangodb / kube-arangodb

ArangoDB Kubernetes Operator - Start ArangoDB on Kubernetes in 5min
https://arangodb.github.io/kube-arangodb/
Apache License 2.0
225 stars 70 forks source link

Istio ENABLE_NATIVE_SIDECARS #1677

Closed boris-senapt closed 2 months ago

boris-senapt commented 2 months ago

Same problem as here https://github.com/istio/istio/issues/49054#issuecomment-1915073586

It looks like the same issue as above, the operator is trying to update its own role to leader, and loses the restartPolicy=Always in the Isitio initcontainer definition, this causes the pod to become invalid

Arango Operator 1.2.36

2024-06-27T15:46:25Z ERR Failed to update Pod wrt 'role' label error="Pod \"arango-deployment-operator-7fbcd7dd4c-8tpjh\" is invalid: [spec.initContainers[1].lifecycle: Forbidden: may not be set for init containers without restartPolicy=Always, spec.initContainers[1].readinessProbe: Forbidden: may not be set for init containers without restartPolicy=Always, spec.initContainers[1].startupProbe: Forbidden: may not be set for init containers without restartPolicy=Always, spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`,`spec.initContainers[*].image`,`spec.activeDeadlineSeconds`,`spec.tolerations` (only additions to existing tolerations),`spec.terminationGracePeriodSeconds` (allow it to be set to 1 if it was previously negative)\n  core.PodSpec{\n  \tVolumes: {{Name: \"workload-socket\", VolumeSource: {EmptyDir: &{}}}, {Name: \"credential-socket\", VolumeSource: {EmptyDir: &{}}}, {Name: \"workload-certs\", VolumeSource: {EmptyDir: &{}}}, {Name: \"istio-envoy\", VolumeSource: {EmptyDir: &{Medium: \"Memory\"}}}, ...},\n  \tInitContainers: []core.Container{\n  \t\t{Name: \"istio-init\", Image: \"docker.io/istio/proxyv2:1.22.2\", Args: {\"istio-iptables\", \"-p\", \"15001\", \"-z\", ...}, Resources: {Limits: {s\"cpu\": {i: {...}, s: \"2\", Format: \"DecimalSI\"}, s\"memory\": {i: {...}, s: \"1Gi\", Format: \"BinarySI\"}}, Requests: {s\"cpu\": {i: {...}, s: \"100m\", Format: \"DecimalSI\"}, s\"memory\": {i: {...}, Format: \"BinarySI\"}}}, ...},\n  \t\t{\n  \t\t\t... // 8 identical fields\n  \t\t\tResources:     {Limits: {s\"cpu\": {i: {...}, s: \"2\", Format: \"DecimalSI\"}, s\"memory\": {i: {...}, s: \"1Gi\", Format: \"BinarySI\"}}, Requests: {s\"cpu\": {i: {...}, s: \"100m\", Format: \"DecimalSI\"}, s\"memory\": {i: {...}, Format: \"BinarySI\"}}},\n  \t\t\tResizePolicy:  nil,\n- \t\t\tRestartPolicy: &\"Always\",\n+ \t\t\tRestartPolicy: nil,\n  \t\t\tVolumeMounts:  {{Name: \"workload-socket\", MountPath: \"/var/run/secrets/workload-spiffe-uds\"}, {Name: \"credential-socket\", MountPath: \"/var/run/secrets/credential-uds\"}, {Name: \"workload-certs\", MountPath: \"/var/run/secrets/workload-spiffe-credentials\"}, {Name: \"istiod-ca-cert\", MountPath: \"/var/run/secrets/istio\"}, ...},\n  \t\t\tVolumeDevices: nil,\n  \t\t\t... // 11 identical fields\n  \t\t},\n  \t},\n  \tContainers:          {{Name: \"operator\", Image: \"arangodb/kube-arangodb:1.2.36\", Args: {\"--scope=legacy\", \"--operator.deployment\", \"--mode.single\", \"--chaos.allowed=false\"}, Ports: {{Name: \"metrics\", ContainerPort: 8528, Protocol: \"TCP\"}}, ...}},\n  \tEphemeralContainers: nil,\n  \t... // 29 identical fields\n  }\n]" lock-name=arango-deployment-operator namespace=arangodb operator-id=8tpjh pod-name=arango-deployment-operator-7fbcd7dd4c-8tpjh
boris-senapt commented 2 months ago

Resolved by upgrading to 1.2.41