fix: remove reconcile checksum rate limmiter, add reconciler timeout (#…

…212)
DoodleScheduling · Apr 25, 2024 · 77f5d19 · 77f5d19
1 parent 9b9df47
commit 77f5d19
Show file tree

Hide file tree

Showing 10 changed files with 199 additions and 51 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -19,13 +19,6 @@ jobs:
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: 1.20.x
-      - name: Restore Go cache
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
       - name: Tests
         run: make test
       - name: Send go coverage report

diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml
@@ -55,13 +55,6 @@ jobs:
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: 1.20.x
-      - name: Restore Go cache
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
       - name: fmt
         run: make fmt
       - name: vet
@@ -96,13 +89,6 @@ jobs:
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: 1.20.x
-      - name: Restore Go cache
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
       - name: run test
         run: make test ENVTEST_K8S_VERSION=${{ matrix.kubernetes-version }}
 
@@ -121,13 +107,6 @@ jobs:
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version: 1.20.x
-      - name: Restore Go cache
-        uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
       - name: build
         run: make build
       - name: Check if working tree is dirty
@@ -242,4 +221,4 @@ jobs:
           docker image ls -a
           
       - name: Run chart-testing (install)
-        run: ct install --target-branch=master --chart-dirs chart
+        run: ct install --target-branch=master --chart-dirs chart
diff --git a/Makefile b/Makefile
@@ -65,7 +65,7 @@ lint: golangci-lint ## Run golangci-lint against code
 	$(GOLANGCI_LINT) run --timeout=2m ./...
 
 .PHONY: test
-test: manifests generate fmt vet tidy envtest ## Run tests.
+test: envtest manifests generate fmt vet tidy ## Run tests.
 	KUBEBUILDER_ASSETS="$(shell $(ENVTEST) use $(ENVTEST_K8S_VERSION) -p path)" go test ./... -v -coverprofile coverage.out -race
 
 ##@ Build
@@ -153,9 +153,9 @@ kustomize: ## Download kustomize locally if necessary.
 ENVTEST = $(GOBIN)/setup-envtest
 .PHONY: envtest
 envtest: ## Download envtest-setup locally if necessary.
-	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@latest)
+	$(call go-install-tool,$(ENVTEST),sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.17)
 
-# go-install-tool will 'go install' any package $2 and install it to $1
+# go-install-tool will 'go install' any package $2 and install it to $1.
 define go-install-tool
 @[ -f $(1) ] || { \
 set -e ;\
@@ -166,4 +166,4 @@ echo "Downloading $(2)" ;\
 env -i bash -c "GOBIN=$(GOBIN) PATH=$(PATH) GOPATH=$(shell go env GOPATH) GOCACHE=$(shell go env GOCACHE) go install $(2)" ;\
 rm -rf $$TMP_DIR ;\
 }
-endef
+endef
diff --git a/README.md b/README.md
@@ -45,7 +45,8 @@ spec:
   address: http://keycloak-http.keycloak/auth
   authSecret:
     name: keycloak-admin
-  interval: 10m
+  interval: 1h
+  timeout: 5m0s
   realm:
     accessCodeLifespan: 60
     accessCodeLifespanLogin: 1800
@@ -168,7 +169,8 @@ spec:
     name: keycloak-admin
     passwordField: password
     userField: username
-  interval: 10m
+  interval: 1h
+  timeout: 5m0s
   suspend: false
   realm:
     accessCodeLifespan: 60
@@ -212,7 +214,8 @@ spec:
   address: http://keycloak-http.keycloak/auth
   authSecret:
     name: keycloak-admin
-  interval: 10m
+  interval: 1h
+  timeout: 5m0s
   realm:
     accessCodeLifespan: 60
     accessCodeLifespanLogin: 1800
@@ -268,7 +271,8 @@ spec:
   address: http://keycloak-http.keycloak/auth
   authSecret:
     name: keycloak-admin
-  interval: 10m
+  interval: 1h
+  timeout: 5m0s
   realm:
     accessCodeLifespan: 60
     accessCodeLifespanLogin: 1800

diff --git a/api/v1beta1/keycloakrealm_types.go b/api/v1beta1/keycloakrealm_types.go
@@ -62,6 +62,10 @@ type KeycloakRealmSpec struct {
 	// +optional
 	Interval *metav1.Duration `json:"interval,omitempty"`
 
+	// Timeout
+	// +optional
+	Timeout *metav1.Duration `json:"timeout,omitempty"`
+
 	// Suspend reconciliation
 	// +optional
 	Suspend bool `json:"suspend,omitempty"`

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml b/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml
@@ -9096,6 +9096,9 @@ spec:
               suspend:
                 description: Suspend reconciliation
                 type: boolean
+              timeout:
+                description: Timeout
+                type: string
               version:
                 description: Version is the keycloak version
                 type: string

diff --git a/config/base/crd/bases/keycloak.infra.doodle.com_keycloakrealms.yaml b/config/base/crd/bases/keycloak.infra.doodle.com_keycloakrealms.yaml
@@ -9096,6 +9096,9 @@ spec:
               suspend:
                 description: Suspend reconciliation
                 type: boolean
+              timeout:
+                description: Timeout
+                type: string
               version:
                 description: Version is the keycloak version
                 type: string

diff --git a/internal/controllers/keycloakrealm_controller.go b/internal/controllers/keycloakrealm_controller.go
@@ -331,30 +331,29 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav
 			return realm, ctrl.Result{Requeue: true}, nil
 		case containerStatus.State.Waiting != nil:
 			realm = infrav1beta1.KeycloakRealmReady(realm, metav1.ConditionFalse, "ReconciliationFailed", containerStatus.State.Waiting.Message)
-			return realm, ctrl.Result{}, nil
 		case containerStatus.State.Terminated != nil && containerStatus.State.Terminated.ExitCode == 0:
 			r.Log.Info("reconciler pod succeeded")
 			if err := cleanup(); err != nil {
 				return realm, ctrl.Result{}, err
 			}
 
-			result := ctrl.Result{}
-			if realm.Spec.Interval != nil {
-				result.RequeueAfter = realm.Spec.Interval.Duration
-			}
-
 			realm = infrav1beta1.KeycloakRealmReady(realm, metav1.ConditionTrue, "ReconciliationSucceeded", "")
 			conditions.Delete(&realm, infrav1beta1.ConditionReconciling)
 			realm.Status.Reconciler = ""
 			realm.Status.LastFailedRequests = nil
 
 			msg := "Realm successfully reconciled"
 			r.Recorder.Event(&realm, "Normal", "info", msg)
-
-			return realm, result, nil
 		case containerStatus.State.Terminated != nil:
-			realm = infrav1beta1.KeycloakRealmReady(realm, metav1.ConditionFalse, "ReconciliationFailed", fmt.Sprintf("reconciled exit with code %d", containerStatus.State.Terminated.ExitCode))
-			return realm, ctrl.Result{}, nil
+			realm = infrav1beta1.KeycloakRealmReady(realm, metav1.ConditionFalse, "ReconciliationFailed", fmt.Sprintf("reconciler exit with code %d", containerStatus.State.Terminated.ExitCode))
+		case containerStatus.State.Running != nil && realm.Spec.Timeout != nil && time.Since(containerStatus.State.Running.StartedAt.Time) >= realm.Spec.Timeout.Duration:
+			if err := cleanup(); err != nil {
+				return realm, ctrl.Result{}, err
+			}
+
+			conditions.Delete(&realm, infrav1beta1.ConditionReconciling)
+			realm.Status.Reconciler = ""
+			return realm, reconcile.Result{}, errors.New("reconciler timeout reached")
 		}
 
 		result := ctrl.Result{}
@@ -366,9 +365,16 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav
 	}
 
 	ready := conditions.Get(&realm, infrav1beta1.ConditionReady)
-	if ready != nil && ready.Status == metav1.ConditionTrue && (realm.Spec.Interval == nil || time.Since(ready.LastTransitionTime.Time) < realm.Spec.Interval.Duration) && checksum == realm.Status.ObservedSHA256 && realm.Generation == ready.ObservedGeneration {
+	if ready != nil && ready.Status == metav1.ConditionTrue && (realm.Spec.Interval == nil || time.Since(ready.LastTransitionTime.Time) < realm.Spec.Interval.Duration) && realm.Generation == ready.ObservedGeneration {
 		logger.V(1).Info("skip reconcilation, last transition time too recent")
-		return realm, ctrl.Result{}, nil
+
+		if realm.Spec.Interval != nil {
+			return realm, ctrl.Result{
+				RequeueAfter: realm.Spec.Interval.Duration,
+			}, nil
+		} else {
+			return realm, ctrl.Result{}, nil
+		}
 	}
 
 	r.Recorder.Event(&realm, "Normal", "info", "reconcile realm progressing")
@@ -378,7 +384,12 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav
 	controllerOwner := true
 	secret = &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      fmt.Sprintf("keycloakrealm-%s-%s", realm.Name, rand.String(5)),
+			Name: fmt.Sprintf("keycloakrealm-%s-%s", realm.Name, rand.String(5)),
+			Labels: map[string]string{
+				"app.kubernetes.io/instance": "realm-reconciler",
+				"app.kubernetes.io/name":     "keycloak-controller",
+				"keycloak-controller/realm":  realm.Name,
+			},
 			Namespace: realm.Namespace,
 			OwnerReferences: []metav1.OwnerReference{
 				{
@@ -409,6 +420,14 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav
 	template.ResourceVersion = ""
 	template.UID = ""
 
+	if template.ObjectMeta.Labels == nil {
+		template.ObjectMeta.Labels = make(map[string]string)
+	}
+
+	template.ObjectMeta.Labels["app.kubernetes.io/instance"] = "realm-reconciler"
+	template.ObjectMeta.Labels["app.kubernetes.io/name"] = "keycloak-controller"
+	template.ObjectMeta.Labels["keycloak-controller/realm"] = realm.Name
+
 	r.Log.Info("reconciler", "template", template.Labels)
 
 	if template.Annotations == nil {
@@ -534,6 +553,12 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav
 		return realm, ctrl.Result{}, err
 	}
 
+	if realm.Spec.Timeout != nil {
+		return realm, ctrl.Result{
+			RequeueAfter: realm.Spec.Timeout.Duration,
+		}, nil
+	}
+
 	return realm, ctrl.Result{}, err
 }