fix: make the statefulset reconciliation wait for secret creation#31646
Merged
vmuzikar merged 1 commit intokeycloak:mainfrom Jul 29, 2024
Merged
fix: make the statefulset reconciliation wait for secret creation#31646vmuzikar merged 1 commit intokeycloak:mainfrom
vmuzikar merged 1 commit intokeycloak:mainfrom
Conversation
Member
1454ddc to
1981e47
Compare
Contributor
Author
Ok, this has been updated to switch from using depends on to manual invocation of the statefulset dependent. cc @vmuzikar |
switching to manual invocation of statefulset reconciliation closes: keycloak#30004 Signed-off-by: Steve Hawkins <[email protected]> * Update docs/guides/operator/advanced-configuration.adoc Co-authored-by: Václav Muzikář <[email protected]> Signed-off-by: Steven Hawkins <[email protected]> * enhance: add bootstrap admin handling to the operator closes: keycloak#30004 Signed-off-by: Steve Hawkins <[email protected]> --------- Signed-off-by: Steve Hawkins <[email protected]> Signed-off-by: Steven Hawkins <[email protected]> Co-authored-by: Václav Muzikář <[email protected]>
Contributor
Author
Had to switch to manual creation of the statefulset dependent as well. Using Application or Depedent scope doesn't work with this version of the operator sdk because the re-initialization of the depedent is inconplete and it ends up with a reference to the old Kubernetes client. I believe this was addressed in later versions of the operator sdk. |
vmuzikar
approved these changes
Jul 26, 2024
Contributor
Author
Member
Contributor
Author
|
@ahus1 yes, we should be able to merge this |
Contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
closes: #30004
@ahus1 @vmuzikar the issue here is that adding the KeycloakAdminSecretDependentResource EnabledCondition is causing the KeycloakAdminSecretDependentResource to be run more routinely after the KeycloakDeploymentDependentResource. When that happens it's creating another revision of the StatefulSet because the initial one is marked as having a missing secret. I'm not sure why yet, but that StatefulSet revision is not rolled out to the Pods in the test case with a non-existent image. So the Pods are staying at the initial revision, which causes the logic that scrapes the Pod status for the Keycloak status error message to not work.
In general it would be good to avoid creating these short lived versions of the StatefulSet, so I added a depends on dependency between the two dependents.
Another solution / refinement, that is more involved, would be to only use the missing annotations for optional Secrets / ConfigMaps - or to simply let the optional case be handled by the general poll interval.