Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DBInstance (and other resources) do not re-reconcile when a spec defined Secret is missing #1318

Closed
Samze opened this issue Jun 3, 2022 · 0 comments · Fixed by aws-controllers-k8s/code-generator#349
Closed

DBInstance (and other resources) do not re-reconcile when a spec defined Secret is missing #1318

Samze opened this issue Jun 3, 2022 · 0 comments · Fixed by aws-controllers-k8s/code-generator#349
Assignees
@RedbackThomson
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@Samze
Copy link

Samze commented Jun 3, 2022
edited
Loading

Describe the bug

Follow up from #1139 (comment), it appears as though Secrets referenced in spec that do not exist are being treated as a dbinstance terminal error and therefore the ACK controller is not re-reconciling.

Steps to reproduce

  1. Create DBInstance with reference to non-existing secret.
  2. Check status, it shows.
  conditions:
  - message: kubernetes secret not found
    status: "True"
    type: ACK.Terminal
  - lastTransitionTime: "2022-06-03T18:25:10Z"
    message: Resource synced successfully
    reason: resource is in terminal condition
    status: "True"
    type: ACK.ResourceSynced
  1. Apply secret
  2. Wait for changes. Nothing changes

Expected outcome
I expected a the controller to re-reconcile and pick up the secret.

Environment
EKS using 0.0.24 of ACK RDS Operator

  • Kubernetes version: v1.21.12-eks-a64ea69
  • Using EKS: Yes (eks.7)
  • AWS service targeted (S3, RDS, etc.) RDS
@Samze Samze added the kind/bug Categorizes issue or PR as related to a bug. label Jun 3, 2022
@Samze Samze mentioned this issue Jun 3, 2022
Closed
@Samze Samze changed the title DBInstance (and other resources) do not retry when a spec defined Secret is missing. DBInstance (and other resources) do not re-reconcile when a spec defined Secret is missing. Jun 3, 2022
@Samze Samze changed the title DBInstance (and other resources) do not re-reconcile when a spec defined Secret is missing. DBInstance (and other resources) do not re-reconcile when a spec defined Secret is missing Jun 3, 2022
@RedbackThomson RedbackThomson self-assigned this Jun 3, 2022
@RedbackThomson RedbackThomson moved this to Todo in ACK Core Team Jun 3, 2022
@RedbackThomson RedbackThomson mentioned this issue Jun 24, 2022
Merged
@RedbackThomson RedbackThomson moved this from Todo to In Progress in ACK Core Team Jun 24, 2022
ack-bot pushed a commit to aws-controllers-k8s/code-generator that referenced this issue Jun 29, 2022
@RedbackThomson
Ensure failed secret dereferencing is recoverable (#349)
b80a751 
Fixes aws-controllers-k8s/community#1318

Description of changes:
If an ACK resource is evaluated before a secret becomes available, the controller should attempt to retry (with exponential backoff) until the secret exists. This pull request ensures that any error returned by `SecretValueFromReference` is retried by the controller.

Note: I chose not to update the error values in `SecretValueFromReference` because I thought it was more appropriate that the SDK logic chose the requeue action, not the secret fetching method.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
Repository owner moved this from In Progress to Done in ACK Core Team Jun 29, 2022
@matteo-magni matteo-magni mentioned this issue Oct 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RedbackThomson RedbackThomson

Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
No open projects
ACK Core Team
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ensure failed secret dereferencing is recoverable RedbackThomson/ack-code-generator
2 participants
@Samze @RedbackThomson