DBInstance does not retry Create for invalid spec values
#1139
Comments
|
From our Slack conversation regarding this issue:
|
|
Issues go stale after 90d of inactivity. |
ack-bot
added
the
lifecycle/stale
|
/lifecycle frozen |
ack-bot
added
lifecycle/frozen
|
I also bumped into this. This is especially problematic when applying the DBInstance & Secret at the same time, it introduces a race condition. If the Secret is created first the DBInstance will succeed, if the DBInstance is created first then it will fail and never reconcile. Ideally it would periodically re-reconcile on an exponential backoff. |
|
@Samze I see that in our logic for retrieving fields from Secret, we will throw an error if the Secret is not found - https://github.com/aws-controllers-k8s/runtime/blob/main/pkg/runtime/reconciler.go#L121 . This should cause the reconciler to requeue (without any backoff) until it succeeds. Is this the scenario you've been facing? Or have you been supplying an empty or invalid value inside the Secret, which is what's being used to create the instance? |
|
@RedbackThomson thanks for your response. I'm pointing DBInstance to a non-existing secret. Interesting, I'm not seeing any requeue and I see DBInstance get a " terminal condition" condition, which I assume means it won't retry. This is what I'm doing:
conditions:
- message: kubernetes secret not found
status: "True"
type: ACK.Terminal
- lastTransitionTime: "2022-06-03T18:25:10Z"
message: Resource synced successfully
reason: resource is in terminal condition
status: "True"
type: ACK.ResourceSynced
For reference I'm using 0.0.24 of the ACK RDS Operator. Also didn't mean to hijack this thread, happy to make another issue if needed. |
|
Oh yeah this should not be a terminal condition. We definitely want to retry when we see that. If you could please put this into a separate issue, this is no longer just an RDS bug - it's a bug with the general way we handle secrets (and errors). I see the problem in the code, though! |
|
Thanks, created #1318 |
jkatz
removed
RDS
lifecycle/frozen
|
issue-1318 is closed, we can close this one too. |
|
/close |
|
@brucegucode: You can't close an active issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/close |
|
@jkatz: You can't close an active issue/PR unless you authored it or you are a collaborator. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Describe the bug
If a password is not specified when first creating an RDS
DBInstanceCR, theCreate*call fails and sets the CR into a terminal condition. If you update the password field after this, the call is not re-attempted and the instance is forever stuck in a terminal state.Steps to reproduce
DBInstancewith an invalidmasterUserPasswordvalueDBInstanceto become terminalmasterUserPasswordvalue to be validDBInstancenever changesExpected outcome
The
DBInstanceshould be created with the newmasterUserPasswordif the initialCreatefailed.Environment
The text was updated successfully, but these errors were encountered: