search

redhat-cop / namespace-configuration-operator

The namespace-configuration-operator helps keeping configurations related to Users, Groups and Namespaces aligned with one of more policies specified as a CRs
Apache License 2.0
204 stars 55 forks source link

[BUG] Unable to update CR, lockedResourceStatuses #55

Closed saberkan closed 4 years ago

saberkan commented 4 years ago

Issue: When creating namespace config CR, resources are successfully created but operator show log error. When updating CR, created resources are not updated. operator doesn't show any error.

How to reproduce: 1 - Install v0.2.0 or latest 2 - apply namespace config:

$ oc new-project myproject
$ oc label namespace myproject overcommit=limited
$ oc apply -f examples/namespace-config/overcommit-limitrange.yaml 
namespaceconfig.redhatcop.redhat.io/overcommit-limitrange created

3 - Check resource created, but log error in operator

$ oc get limits -n myproject --no-headers
overcommit-limits   2020-06-26T13:13:17Z
$ oc logs namespace-configuration-operator-9d9c95ddd-6kldm
{"level":"error","ts":1593177197.7926617,"logger":"lockedresourcecontroller","msg":"unable to update status for","object":{"kind":"NamespaceConfig","apiVersion":"redhatcop.redhat.io/v1alpha1","metadata":{"name":"overcommit-limitrange","selfLink":"/apis/redhatcop.redhat.io/v1alpha1/namespaceconfigs/overcommit-limitrange","uid":"3d400773-0025-4e01-a66f-30de57803151","resourceVersion":"242591","generation":2,"creationTimestamp":"2020-06-26T13:13:13Z","annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"redhatcop.redhat.io/v1alpha1\",\"kind\":\"NamespaceConfig\",\"metadata\":{\"annotations\":{},\"name\":\"overcommit-limitrange\"},\"spec\":{\"selector\":{\"matchLabels\":{\"overcommit\":\"limited\"}},\"templates\":[{\"objectTemplate\":\"apiVersion: \\\"v1\\\"\\nkind: \\\"LimitRange\\\"\\nmetadata:\\n  name: \\\"overcommit-limits\\\"\\n  namespace: {{ .Name }}\\nspec:\\n  limits:\\n    - type: \\\"Container\\\" \\n      maxLimitRequestRatio:\\n        cpu: 100\\n        memory: 1\\n\"}]}}\n"},"finalizers":["namespace-config-operator"]},"spec":{"labelSelector":{},"annotationSelector":{},"templates":[{"objectTemplate":"apiVersion: \"v1\"\nkind: \"LimitRange\"\nmetadata:\n  name: \"overcommit-limits\"\n  namespace: {{ .Name }}\nspec:\n  limits:\n    - type: \"Container\" \n      maxLimitRequestRatio:\n        cpu: 100\n        memory: 1\n","excludedPaths":[".status",".spec.replicas",".metadata"]}]},"status":{"conditions":[{"type":"ReconcileSuccess","status":"True","reason":"Successful","message":"Awaiting next reconciliation","lastTransitionTime":"2020-06-26T13:13:17Z"}],"lockedResourceStatuses":{"v1/LimitRange/namespace-configuration-operator/overcommit-limits":null,"v1/LimitRange/myproject/overcommit-limits":null}}},"error":"NamespaceConfig.redhatcop.redhat.io \"overcommit-limitrange\" is invalid: [status.lockedResourceStatuses.v1/LimitRange/myproject/overcommit-limits: Invalid value: \"null\": status.lockedResourceStatuses.v1/LimitRange/myproject/overcommit-limits in body must be of type array: \"null\", status.lockedResourceStatuses.v1/LimitRange/namespace-configuration-operator/overcommit-limits: Invalid value: \"null\": status.lockedResourceStatuses.v1/LimitRange/namespace-configuration-operator/overcommit-limits in body must be of type array: \"null\"]","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/home/travis/gopath/pkg/mod/github.com/go-logr/zapr@v0.1.1/zapr.go:128\ngithub.com/redhat-cop/operator-utils/pkg/util/lockedresourcecontroller.(*EnforcingReconciler).ManageSuccess\n\t/home/travis/gopath/pkg/mod/github.com/redhat-cop/operator-utils@v0.2.4/pkg/util/lockedresourcecontroller/enforcing-reconciler.go:136\ngithub.com/redhat-cop/namespace-configuration-operator/pkg/controller/namespaceconfig.(*ReconcileNamespaceConfig).Reconcile\n\t/home/travis/gopath/src/github.com/redhat-cop/namespace-configuration-operator/pkg/controller/namespaceconfig/namespaceconfig_controller.go:194\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:256\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:232\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/home/travis/gopath/pkg/mod/sigs.k8s.io/controller-runtime@v0.5.2/pkg/internal/controller/controller.go:211\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/home/travis/gopath/pkg/mod/k8s.io/apimachinery@v0.17.4/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/home/travis/gopath/pkg/mod/k8s.io/apimachinery@v0.17.4/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/home/travis/gopath/pkg/mod/k8s.io/apimachinery@v0.17.4/pkg/util/wait/wait.go:88"}

4 - Update namespaceconfig overcommit-limitrange, limitrange not updated (no error logs in operator)

Expected:

raffaelespazzoli commented 4 years ago

54 should fix this issue.

saberkan commented 4 years ago

I rebuild the operator from master and last commit (afed330d97a1444c39af245c763c31baaad9c06a).There is no more error message, but editing namespaceconfig doesn't work.

Create namespaceconfig

$ oc apply -f examples/namespace-config/overcommit-limitrange.yaml
$ oc get limits overcommit-limits -n myproject --no-headers
overcommit-limits   2020-07-02T15:02:41Z
$ oc describe limits overcommit-limits -n myproject | grep memory
Container   memory    -    -    -                -              1

Operator logs:

{"level":"info","ts":1593702155.956579,"logger":"namespace-config-operator","msg":"Reconciling NamespaceConfig","Request.Namespace":"","Request.Name":"overcommit-limitrange"}
{"level":"info","ts":1593702155.988832,"logger":"namespace-config-operator","msg":"Reconciling NamespaceConfig","Request.Namespace":"","Request.Name":"overcommit-limitrange"}
I0702 17:02:37.094965   59860 request.go:621] Throttling request took 1.049920039s, request: GET:https://api.cluster-c232.c232.sandbox1906.opentlc.com:6443/apis/certificates.k8s.io/v1beta1?timeout=32s
{"level":"info","ts":1593702161.024927,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"controller_locked_object_v1/LimitRange/myproject/overcommit-limits","source":"kind source: /v1, Kind=LimitRange"}
{"level":"info","ts":1593702161.1262898,"logger":"controller-runtime.controller","msg":"Starting EventSource","controller":"controller_locked_object_v1/LimitRange/myproject/overcommit-limits","source":"channel source: 0xc002738a00"}
{"level":"info","ts":1593702161.126522,"logger":"controller-runtime.controller","msg":"Starting Controller","controller":"controller_locked_object_v1/LimitRange/myproject/overcommit-limits"}
{"level":"info","ts":1593702161.126583,"logger":"controller-runtime.controller","msg":"Starting workers","controller":"controller_locked_object_v1/LimitRange/myproject/overcommit-limits","worker count":1}
{"level":"info","ts":1593702161.126712,"logger":"lockedresourcecontroller","msg":"reconcile called for","object":"v1/LimitRange/myproject/overcommit-limits","request":"myproject/overcommit-limits"}
{"level":"info","ts":1593702161.209971,"logger":"namespace-config-operator","msg":"Reconciling NamespaceConfig","Request.Namespace":"","Request.Name":"overcommit-limitrange"}

Edit examples/namespace-config/overcommit-limitrange.yaml, and set memory at 2

$ oc describe namespaceconfig overcommit-limitrange | grep memory
        memory: 2
$ oc describe limits overcommit-limits -n myproject | grep memory
Container   memory    -    -    -                -              1

You can see that memory is still 1

Operator logs:

{"level":"info","ts":1593702212.6162949,"logger":"namespace-config-operator","msg":"Reconciling NamespaceConfig","Request.Namespace":"","Request.Name":"overcommit-limitrange"}