Secret Sync Operator fails if target namespace doesn't exist
Bourne-ID opened this issue · 1 comments
Bourne-ID commented
The Secret Sync Operator will fail-fast if a target namespace doesn't exist with the following error:
{"level":"error","ts":1572685378.8804283,"logger":"kubebuilder.controller","msg":"Reconciler error","controller":"secretsync-controller","request":"kube-system/testreplication","error":"namespaces \"doesnotexist\" not found","stacktrace":"github.com/ibm/secret-sync-operator/vendor/github.com/go-logr/zapr.(*zapLogger).Error\n\t/go/src/github.com/ibm/secret-sync-operator/vendor/github.com/go-logr/zapr/zapr.go:128\ngithub.com/ibm/secret-sync-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/src/github.com/ibm/secret-sync-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:217\ngithub.com/ibm/secret-sync-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func1\n\t/go/src/github.com/ibm/secret-sync-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:158\ngithub.com/ibm/secret-sync-operator/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/go/src/github.com/ibm/secret-sync-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\ngithub.com/ibm/secret-sync-operator/vendor/k8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/src/github.com/ibm/secret-sync-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:134\ngithub.com/ibm/secret-sync-operator/vendor/k8s.io/apimachinery/pkg/util/wait.Until\n\t/go/src/github.com/ibm/secret-sync-operator/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88"}
This causes the operator to go into a loop until the namespace is created and could prevent some secrets being synchronised.
The PR attached amends the logic by checking if the namespace exists first, bypassing any missing namespaces and creates all secrets where the namespace exists. The reconcile will requeue after 5 minutes if a missing namespace is detected as there is no namespace watch in this sample project and the secret may not be edited to retrigger the watch.
Bourne-ID commented
Enhancement complete, just forgot to close the issue. Closing, and thanks for the approve/merge!