report pod errors on the spicedbcluster status

Author: ecordell

e2e/cluster_test.go

@@ -51,6 +51,7 @@ var _ = Describe("SpiceDBClusters", func() {
 		mapper        meta.RESTMapper
 		testNamespace string
 		image         string
+		config        map[string]any
 		secret        *corev1.Secret
 		cluster       *v1alpha1.SpiceDBCluster
 
@@ -100,15 +101,14 @@ var _ = Describe("SpiceDBClusters", func() {
 			},
 		}
 
-		config := map[string]any{
+		config = map[string]any{
 			"envPrefix":         spicedbEnvPrefix,
 			"image":             image,
 			"cmd":               spicedbCmd,
 			"skipReleaseCheck":  "true",
 			"telemetryEndpoint": "",
 		}
-		jsonConfig, err := json.Marshal(config)
-		Expect(err).To(Succeed())
+
 		cluster = &v1alpha1.SpiceDBCluster{
 			TypeMeta: metav1.TypeMeta{
 				Kind:       v1alpha1.SpiceDBClusterKind,
@@ -119,7 +119,6 @@ var _ = Describe("SpiceDBClusters", func() {
 				Namespace: testNamespace,
 			},
 			Spec: v1alpha1.ClusterSpec{
-				Config:    jsonConfig,
 				SecretRef: "spicedb",
 			},
 		}
@@ -136,6 +135,10 @@ var _ = Describe("SpiceDBClusters", func() {
 		// be modified by nested BeforeEach blocks.
 		_, err := kclient.CoreV1().Secrets(testNamespace).Create(ctx, secret, metav1.CreateOptions{})
 		Expect(err).To(Succeed())
+
+		jsonConfig, err := json.Marshal(config)
+		Expect(err).To(Succeed())
+		cluster.Spec.Config = jsonConfig
 		u, err := runtime.DefaultUnstructuredConverter.ToUnstructured(cluster)
 		Expect(err).To(Succeed())
 		_, err = client.Resource(v1alpha1ClusterGVR).Namespace(cluster.Namespace).Create(ctx, &unstructured.Unstructured{Object: u}, metav1.CreateOptions{})
@@ -233,7 +236,7 @@ var _ = Describe("SpiceDBClusters", func() {
 						"migration_secrets": "kaitain-bootstrap-token=testtesttesttest,sharewith-bootstrap-token=testtesttesttest,thumper-bootstrap-token=testtesttesttest,metrics-proxy-token=testtesttesttest",
 					}
 
-					config := map[string]any{
+					config = map[string]any{
 						"skipReleaseCheck":              "true",
 						"telemetryEndpoint":             "",
 						"datastoreEngine":               db.Engine,
@@ -246,10 +249,6 @@ var _ = Describe("SpiceDBClusters", func() {
 					for k, v := range db.ExtraConfig {
 						config[k] = v
 					}
-					jsonConfig, err := json.Marshal(config)
-					Expect(err).To(Succeed())
-
-					cluster.Spec.Config = jsonConfig
 				})
 
 				JustBeforeEach(func() {
@@ -271,7 +270,7 @@ var _ = Describe("SpiceDBClusters", func() {
 					BeforeEach(func() {
 						// this installs from the head of the current channel, skip validating image
 						image = ""
-						config := map[string]any{
+						config = map[string]any{
 							"skipReleaseCheck":               true,
 							"telemetryEndpoint":              "",
 							"datastoreEngine":                db.Engine,
@@ -287,9 +286,6 @@ var _ = Describe("SpiceDBClusters", func() {
 						for k, v := range db.ExtraConfig {
 							config[k] = v
 						}
-						jsonConfig, err := json.Marshal(config)
-						Expect(err).To(BeNil())
-						cluster.Spec.Config = jsonConfig
 						cluster.Spec.Patches = []v1alpha1.Patch{{
 							Kind: "Deployment",
 							Patch: json.RawMessage(`{
@@ -305,7 +301,7 @@ var _ = Describe("SpiceDBClusters", func() {
 							ktypes.NamespacedName{Name: cluster.Name, Namespace: cluster.Namespace},
 							ktypes.NamespacedName{Name: "spicedb-grpc-tls", Namespace: cluster.Namespace},
 						)
-						_, err = kclient.CoreV1().Secrets(cluster.Namespace).Create(ctx, tlsSecret, metav1.CreateOptions{})
+						_, err := kclient.CoreV1().Secrets(cluster.Namespace).Create(ctx, tlsSecret, metav1.CreateOptions{})
 						Expect(err).To(Succeed())
 						DeferCleanup(kclient.CoreV1().Secrets(cluster.Namespace).Delete, ctx, tlsSecret.Name, metav1.DeleteOptions{})
 					})
@@ -329,6 +325,59 @@ var _ = Describe("SpiceDBClusters", func() {
 				})
 			})
 
+			When("a valid spicedb cluster with a pod error", func() {
+				BeforeEach(func() {
+					secret.StringData = map[string]string{
+						"datastore_uri":     db.DatastoreURI,
+						"preshared_key":     "testtesttesttest",
+						"migration_secrets": "kaitain-bootstrap-token=testtesttesttest,sharewith-bootstrap-token=testtesttesttest,thumper-bootstrap-token=testtesttesttest,metrics-proxy-token=testtesttesttest",
+					}
+					config = map[string]any{
+						"skipMigrations":                true,
+						"datastoreEngine":               db.Engine,
+						"image":                         image,
+						"envPrefix":                     spicedbEnvPrefix,
+						"cmd":                           "badcmd",
+						"datastoreConnpoolReadMinOpen":  "1",
+						"datastoreConnpoolWriteMinOpen": "1",
+					}
+					for k, v := range db.ExtraConfig {
+						config[k] = v
+					}
+				})
+
+				It("reports un-recovered pod errors on the status", func() {
+					var lastCluster *v1alpha1.SpiceDBCluster
+					var condition *metav1.Condition
+					Watch(ctx, client, v1alpha1ClusterGVR, ktypes.NamespacedName{Name: cluster.Name, Namespace: testNamespace}, "0", func(c *v1alpha1.SpiceDBCluster) bool {
+						condition = c.FindStatusCondition(v1alpha1.ConditionTypeRolloutError)
+						logr.FromContextOrDiscard(ctx).Info("watch event", "status", c.Status)
+						lastCluster = c
+						return condition == nil
+					})
+					Expect(condition).To(EqualCondition(v1alpha1.NewPodErrorCondition(`failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "badcmd": executable file not found in $PATH: unknown`)))
+
+					By("fixing the config problem")
+					config["cmd"] = spicedbCmd
+					config["skipMigrations"] = "false"
+					jsonConfig, err := json.Marshal(config)
+					Expect(err).To(Succeed())
+					lastCluster.Spec.Config = jsonConfig
+					u, err := runtime.DefaultUnstructuredConverter.ToUnstructured(lastCluster)
+					Expect(err).To(Succeed())
+					_, err = client.Resource(v1alpha1ClusterGVR).Namespace(cluster.Namespace).Update(ctx, &unstructured.Unstructured{Object: u}, metav1.UpdateOptions{})
+					Expect(err).To(Succeed())
+
+					By("the condition should be removed")
+					Watch(ctx, client, v1alpha1ClusterGVR, ktypes.NamespacedName{Name: cluster.Name, Namespace: testNamespace}, "0", func(c *v1alpha1.SpiceDBCluster) bool {
+						condition = c.FindStatusCondition(v1alpha1.ConditionTypeRolloutError)
+						logr.FromContextOrDiscard(ctx).Info("watch event", "status", c.Status)
+						return condition != nil
+					})
+					Expect(condition).To(BeNil())
+				})
+			})
+
 			When("a valid SpiceDBCluster and skipped migrations", func() {
 				BeforeEach(func() {
 					secret.StringData = map[string]string{
@@ -337,17 +386,15 @@ var _ = Describe("SpiceDBClusters", func() {
 						"preshared_key":     "testtesttesttest",
 						"migration_secrets": "kaitain-bootstrap-token=testtesttesttest,sharewith-bootstrap-token=testtesttesttest,thumper-bootstrap-token=testtesttesttest,metrics-proxy-token=testtesttesttest",
 					}
-					config, err := json.Marshal(map[string]any{
+					config = map[string]any{
 						"skipMigrations":                true,
 						"datastoreEngine":               db.Engine,
 						"image":                         image,
 						"envPrefix":                     spicedbEnvPrefix,
 						"cmd":                           spicedbCmd,
-						"datastoreConnpoolReadMinOpen":  1,
-						"datastoreConnpoolWriteMinOpen": 1,
-					})
-					Expect(err).To(Succeed())
-					cluster.Spec.Config = config
+						"datastoreConnpoolReadMinOpen":  "1",
+						"datastoreConnpoolWriteMinOpen": "1",
+					}
 				})
 
 				It("Starts SpiceDB without migrating", func() {
@@ -381,7 +428,7 @@ var _ = Describe("SpiceDBClusters", func() {
 						"migration_secrets": "kaitain-bootstrap-token=testtesttesttest,sharewith-bootstrap-token=testtesttesttest,thumper-bootstrap-token=testtesttesttest,metrics-proxy-token=testtesttesttest",
 					}
 
-					config := map[string]any{
+					config = map[string]any{
 						"skipReleaseCheck":              "true",
 						"telemetryEndpoint":             "",
 						"datastoreEngine":               engine,
@@ -400,10 +447,6 @@ var _ = Describe("SpiceDBClusters", func() {
 						}
 						config[k] = v
 					}
-					jsonConfig, err := json.Marshal(config)
-					Expect(err).To(Succeed())
-
-					cluster.Spec.Config = jsonConfig
 					cluster.Spec.Channel = channel
 					cluster.Spec.Version = from
 				})
@@ -527,18 +570,15 @@ var _ = Describe("SpiceDBClusters", func() {
 
 			Describe("there is a series of required migrations", Label("published"), func() {
 				BeforeEach(func() {
-					classConfig := map[string]any{
+					config = map[string]any{
 						"skipReleaseCheck":             "true",
 						"telemetryEndpoint":            "",
 						"logLevel":                     "debug",
 						"datastoreEngine":              "postgres",
 						"tlsSecretName":                "spicedb-grpc-tls",
 						"dispatchUpstreamCASecretName": "spicedb-grpc-tls",
 					}
-					jsonConfig, err := json.Marshal(classConfig)
-					Expect(err).To(BeNil())
 					cluster.Spec.Version = "v1.13.0"
-					cluster.Spec.Config = jsonConfig
 
 					secret.StringData = map[string]string{
 						"datastore_uri":     db.DatastoreURI,
@@ -550,7 +590,7 @@ var _ = Describe("SpiceDBClusters", func() {
 						ktypes.NamespacedName{Name: cluster.Name, Namespace: cluster.Namespace},
 						ktypes.NamespacedName{Name: "spicedb-grpc-tls", Namespace: cluster.Namespace},
 					)
-					_, err = kclient.CoreV1().Secrets(cluster.Namespace).Create(ctx, tlsSecret, metav1.CreateOptions{})
+					_, err := kclient.CoreV1().Secrets(cluster.Namespace).Create(ctx, tlsSecret, metav1.CreateOptions{})
 					Expect(err).To(Succeed())
 					DeferCleanup(kclient.CoreV1().Secrets(cluster.Namespace).Delete, ctx, tlsSecret.Name, metav1.DeleteOptions{})
 				})

e2e/e2e_test.go

@@ -190,7 +190,7 @@ func StartOperator(rc *rest.Config) {
 	go func() {
 		defer GinkgoRecover()
 		options := run.RecommendedOptions()
-		options.DebugAddress = ":"
+		options.DebugAddress = "localhost:"
 		options.BootstrapCRDs = true
 		options.OperatorConfigPath = WriteConfig(GetConfig(ProposedGraphFile))
 		_ = options.Run(ctx, cmdutil.NewFactory(ClientGetter{config: rc}))

go.mod

@@ -6,7 +6,7 @@ require (
 	cloud.google.com/go/spanner v1.39.0
 	github.com/authzed/controller-idioms v0.7.0
 	github.com/cespare/xxhash/v2 v2.1.2
-	github.com/evanphx/json-patch v4.12.0+incompatible
+	github.com/evanphx/json-patch v5.6.0+incompatible
 	github.com/fatih/camelcase v1.0.0
 	github.com/fluxcd/pkg/ssa v0.23.0
 	github.com/go-logr/logr v1.2.3
@@ -29,17 +29,17 @@ require (
 	google.golang.org/genproto v0.0.0-20220916134934-764224ccc2d1
 	google.golang.org/grpc v1.49.0
 	k8s.io/api v0.26.3
-	k8s.io/apiextensions-apiserver v0.26.0
+	k8s.io/apiextensions-apiserver v0.26.2
 	k8s.io/apimachinery v0.26.3
-	k8s.io/apiserver v0.26.0
+	k8s.io/apiserver v0.26.2
 	k8s.io/cli-runtime v0.26.3
 	k8s.io/client-go v0.26.3
-	k8s.io/code-generator v0.26.0
+	k8s.io/code-generator v0.26.2
 	k8s.io/component-base v0.26.3
 	k8s.io/controller-manager v0.26.0
-	k8s.io/klog/v2 v2.80.1
+	k8s.io/klog/v2 v2.90.1
 	k8s.io/kubectl v0.26.3
-	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
+	k8s.io/utils v0.0.0-20230313181309-38a27ef9d749
 	mvdan.cc/gofumpt v0.4.0
 	sigs.k8s.io/cli-utils v0.34.0
 	sigs.k8s.io/controller-runtime v0.14.1
@@ -54,7 +54,7 @@ require (
 	cloud.google.com/go v0.102.1 // indirect
 	cloud.google.com/go/compute v1.7.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
-	github.com/BurntSushi/toml v1.0.0 // indirect
+	github.com/BurntSushi/toml v1.2.1 // indirect
 	github.com/MakeNowJust/heredoc v1.0.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
@@ -70,7 +70,7 @@ require (
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
-	github.com/fatih/color v1.12.0 // indirect
+	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/fvbommel/sortorder v1.0.1 // indirect
@@ -85,7 +85,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/cel-go v0.12.5 // indirect
+	github.com/google/cel-go v0.12.6 // indirect
 	github.com/google/gnostic v0.5.7-v3refs // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
@@ -98,20 +98,20 @@ require (
 	github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect
 	github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/imdario/mergo v0.3.14 // indirect
 	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect
+	github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
@@ -125,6 +125,7 @@ require (
 	github.com/prometheus/common v0.37.0 // indirect
 	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/sirupsen/logrus v1.9.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/xlab/treeprint v1.1.0 // indirect
@@ -144,25 +145,25 @@ require (
 	go.opentelemetry.io/proto/otlp v0.19.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
-	golang.org/x/crypto v0.1.0 // indirect
-	golang.org/x/mod v0.7.0 // indirect
-	golang.org/x/net v0.7.0 // indirect
+	golang.org/x/crypto v0.5.0 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
 	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1 // indirect
 	golang.org/x/sync v0.1.0 // indirect
-	golang.org/x/sys v0.5.0 // indirect
-	golang.org/x/term v0.5.0 // indirect
-	golang.org/x/text v0.7.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.5.0 // indirect
+	golang.org/x/tools v0.6.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect
 	k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect
-	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.33 // indirect
-	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.35 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.12.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect