context.getSecondaryResource not containing some generated resources

[fhalde]

Bug Report

What did you do?

I have a simple Managed dependent reconciler with the following configuration

@ControllerConfiguration(
        name = "workload-reconciler",
        dependents = {
                @Dependent(name = "namespace", type = NamespaceDependentResource.class),
                @Dependent(name = "role", type = RoleDependentResource.class, dependsOn = {"namespace"}),
                @Dependent(name = "role-binding", type = RoleBindingDependentResource.class, dependsOn = {"namespace", "role"})
        })

i.e. the dependency chain is – role depends on namespace & role-binding depends on role & namespace. All dependends extend the CRUDKubernetesDependentResource

What did you expect to see?

Inside the RoleBindingDependentResource, I have implemented the desired method that calls context.getSecondaryResource to get the role & namespace.

What did you see instead? Under which circumstances?

Weirdly, context.getSecondaryResource is only able to return the Namespace but not the role

System.out.println(context.getSecondaryResource(Namespace.class).orElse(null)); // Namespace object
System.out.println(context.getSecondaryResource(Role.class).orElse(null)); // prints null

Environment

Kubernetes cluster type:

kind ( local )

$ Mention java-operator-sdk version from pom.xml file

4.8.1

$ java -version

openjdk version "21.0.2" 2024-01-16 LTS
OpenJDK Runtime Environment Corretto-21.0.2.13.1 (build 21.0.2+13-LTS)
OpenJDK 64-Bit Server VM Corretto-21.0.2.13.1 (build 21.0.2+13-LTS, mixed mode, sharing)

$ kubectl version

Client Version: v1.29.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.29.2

Possible Solution

Additional context

I probably don't consider this as a bug and could be a genuine misunderstanding of the dependsOn and context.getSecondaryResource

[csviri]

Hi, is your project open source? Would be great in that case if you could provide a link, if not than provide a reproducer please. Would be much easier to figure it out. Thx!!

[fhalde]

yes https://github.com/fhalde/operator-pg

[fhalde]

while i would like to know why this happens, for my purpose, i could get away by not using secondaryResource. however i keep getting the following error on controller restart or CR updates

Caused by: io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: PATCH at: https://10.96.0.1:443/apis/rbac.authorization.k8s.io/v1/namespaces/helloworld/roles/helloworld:admin?fieldManager=workload-reconciler&force=true. Message: Operation cannot be fulfilled on roles.rbac.authorization.k8s.io "helloworld:admin": the object has been modified; please apply your changes to the latest version and try again. Received status: Status(apiVersion=v1, code=409, details=StatusDetails(causes=[], group=rbac.authorization.k8s.io, kind=roles, name=helloworld:admin, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=Operation cannot be fulfilled on roles.rbac.authorization.k8s.io "helloworld:admin": the object has been modified; please apply your changes to the latest version and try again, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Conflict, status=Failure, additionalProperties={}).

I tried disabling useSSA, but then i get error on POST

[fhalde]

Just to maybe give you a heads up, my use case involves creating a new namespace whenever my CR ( cluster scoped ) is created.

My operator starts with watching all namespaces, but since I create new namespaces, will the josdk track events from them? That could explain why the operator never finds out about the resources created inside this namespace @csviri

[fhalde]

when i try to update a custom resource

2024-03-25 09:53:42,153 i.f.k.c.i.i.c.Reflector        [DEBUG] Event received MODIFIED Workload resourceVersion v41231 for hello.world/v1alpha1/workloads
2024-03-25 09:53:42,153 i.j.o.p.e.s.c.ControllerResourceEventSource [DEBUG] Event received for resource: ResourceID{name='hi', namespace='null'} version: 41231 uuid: 3cbe46d0-2c35-4548-b95d-1a4bf3c1f900 action: UPDATED
2024-03-25 09:53:42,153 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Received event: ResourceEvent{action=UPDATED, associated resource id=ResourceID{name='hi', namespace='null'}}
2024-03-25 09:53:42,153 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Marking event received for: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,153 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,154 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Resource found in cache: true for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,154 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Executing events for custom resource. Scope: ExecutionScope{resource: null}
2024-03-25 09:53:42,155 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,155 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource found in cache: true for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,156 i.j.o.p.e.ReconciliationDispatcher [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Handling dispatch for resource hi
2024-03-25 09:53:42,156 i.j.o.p.e.ReconciliationDispatcher [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Reconciling resource hi with version: 41231 with execution scope: ExecutionScope{ resource id: ResourceID{name='hi', namespace='null'}, version: 41231}
2024-03-25 09:53:42,156 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Submitting for reconcile: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,156 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Submitted to reconcile: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,156 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Reconciling for primary: ResourceID{name='hi', namespace='null'} node: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99}
2024-03-25 09:53:42,156 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Using PrimaryToSecondaryIndex to find secondary resources for primary: ResourceID{name='hi', namespace='null'}. Found secondary ids: [ResourceID{name='hi', namespace='null'}]
2024-03-25 09:53:42,156 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,158 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource found in cache: true for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,158 o.e.NamespaceDependentResource [INFO] Reconciling ns...
2024-03-25 09:53:42,160 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Setting already reconciled for: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,160 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Handle reconcile for dependent: DependentResourceNode{org.example.RoleDependentResource@121e4442} of parent:DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,160 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Submitting for reconcile: DependentResourceNode{org.example.RoleDependentResource@121e4442} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,160 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Submitted to reconcile: DependentResourceNode{org.example.RoleDependentResource@121e4442} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,160 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Reconciling for primary: ResourceID{name='hi', namespace='null'} node: DependentResourceNode{org.example.RoleDependentResource@121e4442}
2024-03-25 09:53:42,160 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Using PrimaryToSecondaryIndex to find secondary resources for primary: ResourceID{name='hi', namespace='null'}. Found secondary ids: []
2024-03-25 09:53:42,160 o.e.RoleDependentResource      [INFO] Reconciling role...
2024-03-25 09:53:42,161 i.j.o.p.d.AbstractDependentResource [DEBUG] Creating 'hi:admin' Role for primary ResourceID{name='hi', namespace='null'}
2024-03-25 09:53:42,161 i.j.o.p.d.k.KubernetesDependentResource [DEBUG] Creating target resource with type: class io.fabric8.kubernetes.api.model.rbac.Role, with id: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:53:42,161 i.f.k.c.Config                 [DEBUG] Trying to configure client from Kubernetes config...
2024-03-25 09:53:42,161 i.f.k.c.Config                 [DEBUG] Found for Kubernetes config at: [/Users/faiz.halde/.kube/config].
2024-03-25 09:53:42,185 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Event processing finished. Scope: ExecutionScope{ resource id: ResourceID{name='hi', namespace='null'}, version: 41231}, PostExecutionControl: PostExecutionControl{onlyFinalizerHandled=false, updatedCustomResource=null, runtimeException=io.javaoperatorsdk.operator.AggregatedOperatorException: Exception(s) during workflow execution. Details:
 - org.example.RoleDependentResource -> io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: POST at: https://127.0.0.1:59812/apis/rbac.authorization.k8s.io/v1/namespaces/hi/roles. Message: roles.rbac.authorization.k8s.io "hi:admin" already exists. Received status: Status(apiVersion=v1, code=409, details=StatusDetails(causes=[], group=rbac.authorization.k8s.io, kind=roles, name=hi:admin, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=roles.rbac.authorization.k8s.io "hi:admin" already exists, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=AlreadyExists, status=Failure, additionalProperties={}).
	at io.fabric8.kubernetes.client.KubernetesClientException.copyAsCause(KubernetesClientException.java:238)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.waitForResult(OperationSupport.java:507)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleResponse(OperationSupport.java:524)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleCreate(OperationSupport.java:340)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.handleCreate(BaseOperation.java:753)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.handleCreate(BaseOperation.java:97)
	at io.fabric8.kubernetes.client.dsl.internal.CreateOnlyResourceOperation.create(CreateOnlyResourceOperation.java:42)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.create(BaseOperation.java:1148)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.create(BaseOperation.java:97)
	at io.fabric8.kubernetes.client.extension.ResourceAdapter.create(ResourceAdapter.java:115)
	at io.javaoperatorsdk.operator.processing.dependent.kubernetes.KubernetesDependentResource.create(KubernetesDependentResource.java:126)
	at io.javaoperatorsdk.operator.processing.dependent.kubernetes.CRUDKubernetesDependentResource.create(CRUDKubernetesDependentResource.java:16)
	at io.javaoperatorsdk.operator.processing.dependent.AbstractDependentResource.handleCreate(AbstractDependentResource.java:112)
	at io.javaoperatorsdk.operator.processing.dependent.AbstractDependentResource.reconcile(AbstractDependentResource.java:62)
	at io.javaoperatorsdk.operator.processing.dependent.SingleDependentResourceReconciler.reconcile(SingleDependentResourceReconciler.java:19)
	at io.javaoperatorsdk.operator.processing.dependent.AbstractDependentResource.reconcile(AbstractDependentResource.java:52)
	at io.javaoperatorsdk.operator.processing.dependent.workflow.WorkflowReconcileExecutor$NodeReconcileExecutor.doRun(WorkflowReconcileExecutor.java:123)
	at io.javaoperatorsdk.operator.processing.dependent.workflow.NodeExecutor.run(NodeExecutor.java:22)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:840)

upon creating the workload

2024-03-25 09:52:46,500 i.f.k.c.i.i.c.Reflector        [DEBUG] Event received ADDED Workload resourceVersion v41152 for hello.world/v1alpha1/workloads
2024-03-25 09:52:46,501 i.j.o.p.e.s.c.ControllerResourceEventSource [DEBUG] Event received for resource: ResourceID{name='hi', namespace='null'} version: 41152 uuid: 3cbe46d0-2c35-4548-b95d-1a4bf3c1f900 action: ADDED
2024-03-25 09:52:46,502 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Received event: ResourceEvent{action=ADDED, associated resource id=ResourceID{name='hi', namespace='null'}}
2024-03-25 09:52:46,502 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Marking event received for: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,502 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,506 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Resource found in cache: true for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,506 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 ns=no namespace name=hi Executing events for custom resource. Scope: ExecutionScope{resource: null}
2024-03-25 09:52:46,506 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,507 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource found in cache: true for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,508 i.j.o.p.e.ReconciliationDispatcher [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Handling dispatch for resource hi
2024-03-25 09:52:46,509 i.j.o.p.e.ReconciliationDispatcher [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Reconciling resource hi with version: 41152 with execution scope: ExecutionScope{ resource id: ResourceID{name='hi', namespace='null'}, version: 41152}
2024-03-25 09:52:46,510 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Submitting for reconcile: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,511 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Submitted to reconcile: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,511 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Reconciling for primary: ResourceID{name='hi', namespace='null'} node: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99}
2024-03-25 09:52:46,511 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Using PrimaryToSecondaryIndex to find secondary resources for primary: ResourceID{name='hi', namespace='null'}. Found secondary ids: []
2024-03-25 09:52:46,511 o.e.NamespaceDependentResource [INFO] Reconciling ns...
2024-03-25 09:52:46,513 i.j.o.p.d.AbstractDependentResource [DEBUG] Creating 'hi' Namespace for primary ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,514 i.j.o.p.d.k.KubernetesDependentResource [DEBUG] Creating target resource with type: class io.fabric8.kubernetes.api.model.Namespace, with id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,552 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,552 i.f.k.c.i.i.c.Reflector        [DEBUG] Event received ADDED Namespace resourceVersion v41153 for v1/namespaces
2024-03-25 09:52:46,552 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource found in cache: false for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,552 i.j.o.p.e.s.i.TemporaryResourceCache [DEBUG] Temporarily moving ahead to target version 41153 for resource id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,552 i.j.o.p.e.s.i.InformerEventSource [DEBUG] On add event received for resource id: ResourceID{name='hi', namespace='null'} type: Namespace version: 41153
2024-03-25 09:52:46,552 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Resource found in temporal cache for id: ResourceID{name='hi', namespace='null'} resource versions equal: true
2024-03-25 09:52:46,553 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Skipping event propagation for ADD, since was a result of a reconcile action. Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,553 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Setting already reconciled for: DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,553 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Handle reconcile for dependent: DependentResourceNode{org.example.RoleDependentResource@121e4442} of parent:DependentResourceNode{org.example.NamespaceDependentResource@14da1e99} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,553 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Submitting for reconcile: DependentResourceNode{org.example.RoleDependentResource@121e4442} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,554 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Submitted to reconcile: DependentResourceNode{org.example.RoleDependentResource@121e4442} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,554 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Reconciling for primary: ResourceID{name='hi', namespace='null'} node: DependentResourceNode{org.example.RoleDependentResource@121e4442}
2024-03-25 09:52:46,554 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Using PrimaryToSecondaryIndex to find secondary resources for primary: ResourceID{name='hi', namespace='null'}. Found secondary ids: []
2024-03-25 09:52:46,554 o.e.RoleDependentResource      [INFO] Reconciling role...
2024-03-25 09:52:46,555 i.j.o.p.d.AbstractDependentResource [DEBUG] Creating 'hi:admin' Role for primary ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,555 i.j.o.p.d.k.KubernetesDependentResource [DEBUG] Creating target resource with type: class io.fabric8.kubernetes.api.model.rbac.Role, with id: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,562 i.f.k.c.i.i.c.Reflector        [DEBUG] Event received ADDED Role resourceVersion v41156 for rbac.authorization.k8s.io/v1/roles
2024-03-25 09:52:46,562 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,563 i.j.o.p.e.s.i.InformerEventSource [DEBUG] On add event received for resource id: ResourceID{name='hi:admin', namespace='hi'} type: Role version: 41156
2024-03-25 09:52:46,563 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource found in cache: true for id: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,563 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Setting already reconciled for: DependentResourceNode{org.example.RoleDependentResource@121e4442} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,563 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Skipping event propagation for ADD, since was a result of a reconcile action. Resource ID: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,563 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Handle reconcile for dependent: DependentResourceNode{org.example.RoleBindingDependentResource@3b318ccb} of parent:DependentResourceNode{org.example.RoleDependentResource@121e4442} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,563 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Submitting for reconcile: DependentResourceNode{org.example.RoleBindingDependentResource@3b318ccb} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,563 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Submitted to reconcile: DependentResourceNode{org.example.RoleBindingDependentResource@3b318ccb} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,563 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Reconciling for primary: ResourceID{name='hi', namespace='null'} node: DependentResourceNode{org.example.RoleBindingDependentResource@3b318ccb}
2024-03-25 09:52:46,564 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Using PrimaryToSecondaryIndex to find secondary resources for primary: ResourceID{name='hi', namespace='null'}. Found secondary ids: []
2024-03-25 09:52:46,564 o.e.RoleBindingDependentResource [INFO] Reconciling rolebinding...
2024-03-25 09:52:46,565 i.j.o.p.d.AbstractDependentResource [DEBUG] Creating 'hi:admin' RoleBinding for primary ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,565 i.j.o.p.d.k.KubernetesDependentResource [DEBUG] Creating target resource with type: class io.fabric8.kubernetes.api.model.rbac.RoleBinding, with id: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,573 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,573 i.f.k.c.i.i.c.Reflector        [DEBUG] Event received ADDED RoleBinding resourceVersion v41157 for rbac.authorization.k8s.io/v1/rolebindings
2024-03-25 09:52:46,573 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] Resource found in cache: false for id: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,573 i.j.o.p.e.s.i.TemporaryResourceCache [DEBUG] Temporarily moving ahead to target version 41157 for resource id: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,573 i.j.o.p.d.w.WorkflowReconcileExecutor [DEBUG] Setting already reconciled for: DependentResourceNode{org.example.RoleBindingDependentResource@3b318ccb} primaryID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,573 i.j.o.p.e.s.i.InformerEventSource [DEBUG] On add event received for resource id: ResourceID{name='hi:admin', namespace='hi'} type: RoleBinding version: 41157
2024-03-25 09:52:46,573 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Resource found in temporal cache for id: ResourceID{name='hi:admin', namespace='hi'} resource versions equal: true
2024-03-25 09:52:46,573 i.j.o.p.e.s.i.InformerEventSource [DEBUG] Skipping event propagation for ADD, since was a result of a reconcile action. Resource ID: ResourceID{name='hi:admin', namespace='hi'}
2024-03-25 09:52:46,574 o.e.WorkloadReconcilerV2       [INFO] kind=Workload version=hello.world/v1alpha1 name=hi Reconciling workload...
2024-03-25 09:52:46,584 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Event processing finished. Scope: ExecutionScope{ resource id: ResourceID{name='hi', namespace='null'}, version: 41152}, PostExecutionControl: PostExecutionControl{onlyFinalizerHandled=false, updatedCustomResource=CustomResource{kind='Workload', apiVersion='hello.world/v1alpha1', metadata=ObjectMeta(annotations={kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"hello.world/v1alpha1","kind":"Workload","metadata":{"annotations":{},"labels":{"managed":"true"},"name":"hi"},"spec":{"users":["user-33","user-3"]}}
}, creationTimestamp=2024-03-25T08:52:46Z, deletionGracePeriodSeconds=null, deletionTimestamp=null, finalizers=[], generateName=null, generation=1, labels={managed=true}, managedFields=[ManagedFieldsEntry(apiVersion=hello.world/v1alpha1, fieldsType=FieldsV1, fieldsV1=FieldsV1(additionalProperties={f:metadata={f:annotations={.={}, f:kubectl.kubernetes.io/last-applied-configuration={}}, f:labels={.={}, f:managed={}}}, f:spec={.={}, f:users={}}}), manager=kubectl-client-side-apply, operation=Update, subresource=null, time=2024-03-25T08:52:46Z, additionalProperties={})], name=hi, namespace=null, ownerReferences=[], resourceVersion=41152, selfLink=null, uid=3cbe46d0-2c35-4548-b95d-1a4bf3c1f900, additionalProperties={}), spec=WorkloadSpec[users=[user-33, user-3]], status=null}, runtimeException=null}
2024-03-25 09:52:46,584 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Cleanup for successful execution for resource: hi
2024-03-25 09:52:46,586 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Resource not found in temporary cache reading it from informer cache, for Resource ID: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,587 i.j.o.p.e.s.i.ManagedInformerEventSource [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Resource found in cache: true for id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,587 i.j.o.p.e.s.i.TemporaryResourceCache [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Temporarily moving ahead to target version 41152 for resource id: ResourceID{name='hi', namespace='null'}
2024-03-25 09:52:46,587 i.j.o.p.e.EventProcessor       [DEBUG] kind=Workload version=hello.world/v1alpha1 name=hi Rescheduling event for max reconciliation interval for resource: ResourceID{name='hi', namespace='null'} : with delay: 36000000

[csviri]

@fhalde The reason is not working because the SecondaryToPrimaryMapper by default is configured to handle namespace scoped primary resources in dependent resources. What you have to do is this (for all dependent resources - especially for namespace scoped dependents):

public class RoleDependentResource extends CRUDKubernetesDependentResource<Role, Workload> implements SecondaryToPrimaryMapper<Role> {

// omitted code


@Override
  public Set<ResourceID> toPrimaryResourceIDs(Role role) {
    return Mappers.fromOwnerReferences(true).toPrimaryResourceIDs(role);
  }

}

In this part:

  return Mappers.fromOwnerReferences(true).toPrimaryResourceIDs(role);

A cluster scope aware SecondaryToPrimaryMapper will be created. (Note the true flag)

Will document this. And for v5 we will take a look how to handle this automatically.

The original mapper is created here:

java-operator-sdk/operator-framework-core/src/main/java/io/javaoperatorsdk/operator/processing/dependent/kubernetes/KubernetesDependentResource.java

Line 90 in 0b17878

return Mappers.fromOwnerReferences(false);

Note the false flag.

[fhalde]

ah @csviri thanks a lot ! let me test it out :)

[fhalde]

@csviri if our CR was namespaced, do we need to make the above changes?

e.g. we can have a "public" namespace where our CR gets created. Then our reconciler creates a separate namespace,role e.t.c

[csviri]

e.g. we can have a "public" namespace where our CR gets created. Then our reconciler creates a separate namespace,role e.t.c

In that case you don't have to do this change.

[csviri]

related improvement issue: #2311

[fhalde]

this worked 🙇 closing it