Description of problem:
When a hub template fails to resolve, the dynamic watcher does not clean up its query batch correctly.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
- ...
Actual results:
E0402 13:22:46.356244 13297 templates.go:600] error resolving the template {"apiVersion":"policy.open-cluster-management.io/v1","kind":"ConfigurationPolicy","metadata":{"name":"case9-test-configpolicy"},"spec":{"namespaceSelector":{"exclude":["kube-*"],"include":["default"]},"object-templates":[{"complianceType":"musthave","objectDefinition":{"apiVersion":"v1","data":{"namespace-phase":"{{hub (lookup \"v1\" \"Namespace\" \"\" \"case9-test\").status.phase hub}}\n"},"kind":"ConfigMap","metadata":{"name":"case9-test-configmap","namespace":"test"}}}],"remediationAction":"inform"}},
template str apiVersion: policy.open-cluster-management.io/v1
kind: ConfigurationPolicy
metadata:
name: case9-test-configpolicy
spec:
namespaceSelector:
exclude:
- kube-*
include:
- default
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: v1
data:
namespace-phase: |
{{hub (lookup "v1" "Namespace" "" "case9-test").status.phase hub}}
kind: ConfigMap
metadata:
name: case9-test-configmap
namespace: test
remediationAction: inform
,
error: template: tmpl:17:19: executing "tmpl" at <lookup "v1" "Namespace" "" "case9-test">: error calling lookup: lookup of cluster-scoped resource 'Namespace/case9-test' is not allowed
2024-04-02T13:22:46.356Z error policy-propagator propagator/propagation.go:343 Failed to resolve templates {"policyName": "case9-test-policy-cslookup", "policyNamespace": "policy-propagator-test", "cluster": "managed1", "error": "failed to resolve the template {\"apiVersion\":\"policy.open-cluster-management.io/v1\",\"kind\":\"ConfigurationPolicy\",\"metadata\":{\"name\":\"case9-test-configpolicy\"},\"spec\":{\"namespaceSelector\":{\"exclude\":[\"kube-*\"],\"include\":[\"default\"]},\"object-templates\":[{\"complianceType\":\"musthave\",\"objectDefinition\":{\"apiVersion\":\"v1\",\"data\":{\"namespace-phase\":\"{{hub (lookup \\\"v1\\\" \\\"Namespace\\\" \\\"\\\" \\\"case9-test\\\").status.phase hub}}\\n\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"case9-test-configmap\",\"namespace\":\"test\"}}}],\"remediationAction\":\"inform\"}}: template: tmpl:17:19: executing \"tmpl\" at <lookup \"v1\" \"Namespace\" \"\" \"case9-test\">: error calling lookup: lookup of cluster-scoped resource 'Namespace/case9-test' is not allowed"}
open-cluster-management.io/governance-policy-propagator/controllers/propagator.(*ReplicatedPolicyReconciler).processTemplates
/home/runner/work/governance-policy-propagator/governance-policy-propagator/controllers/propagator/propagation.go:343
open-cluster-management.io/governance-policy-propagator/controllers/propagator.(*ReplicatedPolicyReconciler).Reconcile
/home/runner/work/governance-policy-propagator/governance-policy-propagator/controllers/propagator/replicatedpolicy_controller.go:252
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:118
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:314
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:265
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:226
2024-04-02T13:22:46.359Z info policy-metrics policymetrics/policymetrics_controller.go:54 Reconciling metric for the policy {"Request.Namespace": "policy-propagator-test", "Request.Name": "case9-test-policy-cslookup"}
2024-04-02T13:22:46.360Z info common common/common_status_update.go:197 No placement decisions to process for this policy from this non-restricted binding {"policyName": "case9-test-policy-cslookup", "policyNamespace": "policy-propagator-test", "policyName": "case9-test-policy-cslookup", "bindingName": "policy-one-pb"}
2024-04-02T13:22:46.360Z info common common/common_status_update.go:197 No placement decisions to process for this policy from this non-restricted binding {"policyName": "case9-test-policy-cslookup", "policyNamespace": "policy-propagator-test", "policyName": "case9-test-policy-cslookup", "bindingName": "policy-two-pb"}
2024-04-02T13:22:46.363Z info policy-propagator propagator/replicatedpolicy_controller.go:300 Created replicated policy {"Request.Namespace": "managed1", "Request.Name": "policy-propagator-test.case9-test-policy-cslookup"}
2024-04-02T13:22:46.363Z info policy-metrics policymetrics/policymetrics_controller.go:54 Reconciling metric for the policy {"Request.Namespace": "managed1", "Request.Name": "policy-propagator-test.case9-test-policy-cslookup"}
STEP: Verifying the replicated policy was created with the correct error annotation in the template @ 04/02/24 13:22:46.551
2024-04-02T13:22:46.599Z info policy-propagator propagator/rootpolicy_controller.go:42 Reconciling the policy {"Request.Namespace": "policy-propagator-test", "Request.Name": "case9-test-policy-cslookup"}
2024-04-02T13:22:46.599Z info policy-metrics policymetrics/policymetrics_controller.go:54 Reconciling metric for the policy {"Request.Namespace": "policy-propagator-test", "Request.Name": "case9-test-policy-cslookup"}
2024-04-02T13:22:46.599Z info policy-propagator propagator/rootpolicy_controller.go:57 Replicated policies sent for deletion {"Request.Namespace": "policy-propagator-test", "Request.Name": "case9-test-policy-cslookup", "count": 1}
2024-04-02T13:22:46.599Z info policy-metrics policymetrics/policymetrics_controller.go:100 Policy not found. It must have been deleted. {"Request.Namespace": "policy-propagator-test", "Request.Name": "case9-test-policy-cslookup", "status-gauge-deleted": true}
2024-04-02T13:22:46.599Z info policy-propagator propagator/replicatedpolicy_controller.go:45 Reconciling the replicated policy {"Request.Namespace": "managed1", "Request.Name": "policy-propagator-test.case9-test-policy-cslookup"}
2024-04-02T13:22:46.603Z error policy-propagator propagator/replicatedpolicy_controller.go:129 Failed to delete the orphaned replicated policy, requeueing {"Request.Namespace": "managed1", "Request.Name": "policy-propagator-test.case9-test-policy-cslookup", "error": "cannot perform this action; the query batch for this object ID is in progress"}
open-cluster-management.io/governance-policy-propagator/controllers/propagator.(*ReplicatedPolicyReconciler).Reconcile
/home/runner/work/governance-policy-propagator/governance-policy-propagator/controllers/propagator/replicatedpolicy_controller.go:129
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:118
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:314
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:265
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.15.2/pkg/internal/controller/controller.go:226
Expected results:
Additional info:
- clones
-
ACM-10832 Hub templates resolve failure not cleaning up watches correctly
-
- Closed
-