Infinispan not updating the status part with the secret credentials

[r00ta]

Hi,

When installing the operator from the channel 2.0.6 for example with

minikube stop
minikube delete
minikube start

# install olm
kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.17.0/crds.yaml
kubectl apply -f https://github.com/operator-framework/operator-lifecycle-manager/releases/download/v0.17.0/olm.yaml

# create ns
kubectl create ns trusty-demo

#install infinispan operator
wget https://raw.githubusercontent.com/infinispan/infinispan-operator/2.0.6/deploy/operator-install.yaml
sed -i '/# Replace/{n;s/.*/  namespace: trusty-demo/}' operator-install.yaml
kubectl apply -f operator-install.yaml -n trusty-demo

When you try to create the following CR

apiVersion: infinispan.org/v1
kind: Infinispan
metadata:
  name: example-infinispan
spec:
  replicas: 1
  security:
    endpointEncryption:
      type: None

The operator fails with the following errors:

{"level":"info","ts":1611309931.2376752,"logger":"controller_infinispan","msg":"Reconciling Infinispan. Operator Version: 2.0.6-15-ga68e32a","Request.Namespace":"trusty-demo","Request.Name":"example-infinispan"}
{"level":"info","ts":1611309931.2516348,"logger":"controller_infinispan","msg":"Error reading the object","Request.Namespace":"trusty-demo","Request.Name":"example-infinispan"}
{"level":"error","ts":1611309931.2516677,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"infinispan-controller","request":"trusty-demo/example-infinispan","error":"Infinispan.infinispan.org \"example-infinispan\" is invalid: [status.conditions.message: Required value, status.security: Required value]","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:88"}0

The main problem here is the ISPN not updating the status part with the secret credentials. Apparently this issue is only in nightly 2.0.x images, because we tested with the channel 2.0.x (https://operatorhub.io/install/2.0.x/infinispan.yaml) and it works without any problem.

[dmvolod]

This update not needed anymore The changes detection implementing with another logic

[ricardozanini]

Hi @dmvolod!

The Kogito Operator uses this status attribute to fetch the credentials secret in order to configure our services connection to the Infinispan instance.

If you remove this attribute, which field or how can we fetch this information? I understand that the spec.security.endpointSecretName field also provides it, but when the secret is generated, the field is empty. We could guess by appending -generated to the instance name, but this approach is not much reliable, IMO. Can you please consider providing this information in the spec since after this new version status won't be provided anymore?

[dmvolod]

Hi, @ricardozanini

Oh, sorry, I never noticed that anyone project using this filed for internal purposes. Yeah, two possible approaches for this issue:

• return back status update with spec.security or just update spec.security.endpointSecretName field
• use secret name generating logic from the internal code lines https://github.com/infinispan/infinispan-operator/blob/a68e32a48150212ade0599dd9111237592387795/pkg/apis/infinispan/v1/types_util.go#L172-L178

[ricardozanini]

Thanks @dmvolod that will work! I'll open a follow up JIRA and update our code base accordingly. We can close this one. ;)

EDIT: JIRA opened https://issues.redhat.com/browse/KOGITO-4245

[dmvolod]

You are welcome, @ricardozanini We will try to remember this case for further updates related fields in the future

[ricardozanini]

By the way, @rigazilla @ryanemerson and me will have a meeting next week about this integration. You're invited if you want. :)

[dmvolod]

I would like to participate, @ricardozanini Please invite me if possible

[ricardozanini]

@dmvolod, just a heads up. The 2.0.x version is failing to deploy the Minimal example:

{"level":"error","ts":1611755120.337774,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"infinispan-controller","request":"kogito-4245/example-infinispan","error":"Infinispan.infinispan.org \"example-infinispan\" is invalid: [status.conditions.message: Required value, status.security: Required value]","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:258\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.4.0/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/go/pkg/mod/k8s.io/apimachinery@v0.0.0-20191004115801-a2eda9f80ab8/pkg/util/wait/wait.go:88"}

Is this known? Tested on minikube, using the same steps provided by @r00ta in the issue description and this CR: https://raw.githubusercontent.com/infinispan/infinispan-operator/master/deploy/cr/minimal/cr_minimal.yaml

[dmvolod]

@ricardozanini could you please confirm, that you are applying latest Infinispan CRD. Status.Security and Status.Conditions.Message are optional fields

[ricardozanini]

@dmvolod, you're right. I've applied the latest from the 2.0.x branch, and now it's working: https://raw.githubusercontent.com/infinispan/infinispan-operator/2.0.x/deploy/crds/infinispan.org_infinispans_crd.yaml