Cannot lock multiple resources in ResourceLocker if only some of them are available

[morningspace]

It looks the current behavior of resource locker operator is to get all patches defined in ResourceLocker, then update the corresponding resources by applying these patches. This won't work if some target resources are not available yet, even that others have been there and ready for patching.

Ideally, I could patch those resources are able to patch, while keep trying others till they are ready, which is what the reconciliation is supposed to do. Does it make sense?

@raffaelespazzoli

[raffaelespazzoli]

what you say in the suggested behavior should be the actual behavior. Let me know if you find it to be different. Plus you can always create a patch per target object. The reason why one can define multiple patches is that it is more efficient to pack the together.

[morningspace]

@raffaelespazzoli

Plus you can always create a patch per target object.

Indeed, this is actually what I was doing to mitigate the issue.

Interestingly, I did some quick simple test which was not able to reproduce the issue. For example:

apiVersion: redhatcop.redhat.io/v1alpha1
kind: ResourceLocker
metadata:
  name: test-patches
  namespace: resource-locker-operator
spec:
  serviceAccountRef:
    name: resource-locker-operator-controller-manager
  patches:
  - targetObjectRef:
      apiVersion: charts.helm.k8s.io/v1alpha1
      kind: Kong
      name: never-exists
      namespace: default
    patchTemplate: |
      spec:
        replicaCount: 0
    patchType: application/merge-patch+json
    id: kong-patch1 
  - targetObjectRef:
      apiVersion: charts.helm.k8s.io/v1alpha1
      kind: Kong
      name: gateway
      namespace: foo
    patchTemplate: |
      spec:
        replicaCount: 2
    patchType: application/merge-patch+json
    id: kong-patch2

Suppose the first Kong instance never exists, which will break the second Kong instance to be patched. However, I see the second Kong instance was patched successfully. Not sure why I see it differently in some complicated situation where I cannot see the resources are patched, and usually I will see below events when describing ResourceLocker.

Events:
  Type     Reason           Age                     From                       Message
  ----     ------           ----                    ----                       -------
  Warning  ProcessingError  5h28m (x14 over 5h29m)  ResourceLocker_controller  2 errors occurred:
           * the server could not find the requested resource
           * the server could not find the requested resource
  Warning  ProcessingError  5h7m (x5 over 5h27m)  ResourceLocker_controller  1 error occurred:
           * the server could not find the requested resource

Is it due to the reconciliation time taking longer when the requested resource keeps not found?