From 69fdfc969b293c3932c6050176b8a08810e69f4c Mon Sep 17 00:00:00 2001 From: Jacob Baungard Hansen Date: Thu, 14 Nov 2024 12:51:00 +0100 Subject: [PATCH] Render: fail if no oauth image is found For some unknown reason, during upgrades from ACM 2.11, the template image is briefly used, instead of the image from the openshift imagestream. The template image is not available in disconnected environments, and as a result causes the pods be unable to come up. This is a problem especially for alertmanager. Because of it being a statefulset when it gets into the bad state, with the wrong image, it doesn't automatically recover on the next reconcile. This requires manual intervention to fix. Instead with this PR, we make the reconcile fail if we do not find the oauth image. This will make it retry later, when the imagestream is able to be found. Signed-off-by: Jacob Baungard Hansen --- .../pkg/rendering/renderer_alertmanager.go | 2 ++ .../pkg/rendering/renderer_grafana.go | 3 +++ .../multiclusterobservability/pkg/rendering/renderer_proxy.go | 3 +++ 3 files changed, 8 insertions(+) diff --git a/operators/multiclusterobservability/pkg/rendering/renderer_alertmanager.go b/operators/multiclusterobservability/pkg/rendering/renderer_alertmanager.go index da951cb7c..978feb25a 100644 --- a/operators/multiclusterobservability/pkg/rendering/renderer_alertmanager.go +++ b/operators/multiclusterobservability/pkg/rendering/renderer_alertmanager.go @@ -126,6 +126,8 @@ func (r *MCORenderer) renderAlertManagerStatefulSet(res *resource.Resource, name found, image = mcoconfig.GetOauthProxyImage(r.imageClient) if found { oauthProxyContainer.Image = image + } else { + return nil, fmt.Errorf("failed to get OAuth image for alertmanager") } oauthProxyContainer.ImagePullPolicy = imagePullPolicy diff --git a/operators/multiclusterobservability/pkg/rendering/renderer_grafana.go b/operators/multiclusterobservability/pkg/rendering/renderer_grafana.go index d60e8af23..44f3db43e 100644 --- a/operators/multiclusterobservability/pkg/rendering/renderer_grafana.go +++ b/operators/multiclusterobservability/pkg/rendering/renderer_grafana.go @@ -5,6 +5,7 @@ package rendering import ( + "fmt" v1 "k8s.io/api/apps/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -71,6 +72,8 @@ func (r *MCORenderer) renderGrafanaDeployments(res *resource.Resource, found, image = config.GetOauthProxyImage(r.imageClient) if found { spec.Containers[2].Image = image + } else { + return nil, fmt.Errorf("failed to get OAuth image for Grafana") } spec.Containers[2].ImagePullPolicy = imagePullPolicy diff --git a/operators/multiclusterobservability/pkg/rendering/renderer_proxy.go b/operators/multiclusterobservability/pkg/rendering/renderer_proxy.go index 4c9ddf3e5..d0cff6f17 100644 --- a/operators/multiclusterobservability/pkg/rendering/renderer_proxy.go +++ b/operators/multiclusterobservability/pkg/rendering/renderer_proxy.go @@ -5,6 +5,7 @@ package rendering import ( + "fmt" "strings" v1 "k8s.io/api/apps/v1" @@ -96,6 +97,8 @@ func (r *MCORenderer) renderProxyDeployment(res *resource.Resource, found, image = mcoconfig.GetOauthProxyImage(r.imageClient) if found { spec.Containers[1].Image = image + } else { + return nil, fmt.Errorf("failed to get OAuth image for rbacqueryproxy") } for idx := range spec.Volumes {