reconcile for externally managed secret is not trigerred for update event #3144
-
I am trying to watch an externally managed secret which has a spec field in the CR. Every CRUD on the CR triggers a reconcile to validate the fields in the CR and also validates the content of the secret. The secret is not owned by the CR. It is externally created and managed. For every CRUD on the secret , would like check in which CR the secret name is reference and trigger reconcile on that CR for the validations to through. Below is the details : operator-sdk version: "v1.25.2", commit: "b63b921837de8dd6ce480033e427ecfc5e34abcc", kubernetes version: "1.25.0", go version: "go1.19.2", GOOS: "linux", GOARCH: "amd64" This is almost the same use case which is shown in the below document, https://book.kubebuilder.io/reference/watching-resources/externally-managed.html I have implemented exactly same as shown in the above document. The document is based on the confimap but my use case is for secret watch. On a CR CRUD event the reconcile triggers and work perfectly fine. But ,
Am I missing something ? Below is the implementation
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
From the information provided, you're leveraging the capability to watch externally managed resources, especially focusing on Let's break down your current situation and address the concerns:
Key Points to Consider:
Recommendation: For the issue with the You can also try
Here's a modified SetupWithManager method after removing the mentioned predicate:
Try this modification, then update a Secret and see if it triggers reconciliation of the corresponding CR. If removing the predicate solves your issue, then it confirms that the ResourceVersionChangedPredicate was indeed filtering out the updates that you wanted to act upon. If you still face the issue, there might be some other factors at play and would require further investigation. Closing this one as sorted out |
Beta Was this translation helpful? Give feedback.
From the information provided, you're leveraging the capability to watch externally managed resources, especially focusing on
Secret
objects. This methodology is consistent with Kubebuilder's recommendations, as seen in their documentation. Please check this one.Let's break down your current situation and address the concerns:
CRUD operations on the CR: Every CRUD operation on the CR successfully triggers the reconcile function. This is as expected.
Reference to a missing Secret: When the CR references a
Secret
that doesn't exist, it's logical that your reconcile function throws an error and updates the CR status to "ERROR". This behavior correctly signifies an unresolved reference. …