Patch status errors on conflict logged too highly

[shawkins]

Bug Report

We are seeing frequent error logs such as:

2025-10-01 14:57:19,052 ERROR [io.jav.ope.pro.eve.ReconciliationDispatcher] (ReconcilerExecutor-keycloakcontroller-62) updateErrorStatus failed for resource: a86407e2-7e87-43a7-9465-52104c92c8ba with version: 22934977 for error Failure executing: PATCH at: https://10.96.0.1:443/apis/k8s.keycloak.org/v2alpha1/namespaces/auth/keycloaks/keycloak/status?fieldManager=keycloakcontroller&force=true. Message: Operation cannot be fulfilled on keycloaks.k8s.keycloak.org "keycloak": the object has been modified; please apply your changes to the latest version and try again. Received status: Status(apiVersion=v1, code=409, details=StatusDetails(causes=[], group=k8s.keycloak.org, kind=keycloaks, name=keycloak, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=Operation cannot be fulfilled on keycloaks.k8s.keycloak.org "keycloak": the object has been modified; please apply your changes to the latest version and try again, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Conflict, status=Failure, additionalProperties={}).: io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: PATCH at: https://10.96.0.1:443/apis/k8s.keycloak.org/v2alpha1/namespaces/auth/keycloaks/keycloak/status?fieldManager=keycloakcontroller&force=true. Message: Operation cannot be fulfilled on keycloaks.k8s.keycloak.org "keycloak": the object has been modified; please apply your changes to the latest version and try again. Received status: Status(apiVersion=v1, code=409, details=StatusDetails(causes=[], group=k8s.keycloak.org, kind=keycloaks, name=keycloak, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=Operation cannot be fulfilled on keycloaks.k8s.keycloak.org "keycloak": the object has been modified; please apply your changes to the latest version and try again, metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Conflict, status=Failure, additionalProperties={}).
	at io.fabric8.kubernetes.client.KubernetesClientException.copyAsCause(KubernetesClientException.java:205)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.waitForResult(OperationSupport.java:507)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handleResponse(OperationSupport.java:524)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handlePatch(OperationSupport.java:419)
	at io.fabric8.kubernetes.client.dsl.internal.OperationSupport.handlePatch(OperationSupport.java:397)
	at io.fabric8.kubernetes.client.dsl.internal.BaseOperation.handlePatch(BaseOperation.java:764)
	at io.fabric8.kubernetes.client.dsl.internal.HasMetadataOperation.lambda$patch$2(HasMetadataOperation.java:231)
	at io.fabric8.kubernetes.client.dsl.internal.HasMetadataOperation.patch(HasMetadataOperation.java:236)
	at io.fabric8.kubernetes.client.dsl.internal.HasMetadataOperation.patch(HasMetadataOperation.java:251)
	at io.fabric8.kubernetes.client.dsl.internal.HasMetadataOperation.patch(HasMetadataOperation.java:44)
	at io.javaoperatorsdk.operator.processing.event.ReconciliationDispatcher$CustomResourceFacade.patchStatus(ReconciliationDispatcher.java:462)
	at io.javaoperatorsdk.operator.processing.event.ReconciliationDispatcher.handleErrorStatusHandler(ReconciliationDispatcher.java:215)

What did you do?

See keycloak/keycloak#43198 (comment) - quick re-reconciliation of the primary resource after a patching of the status seems to result in a conflict on the next attempt to patch the status.

What did you expect to see?

ERROR logs only when an error is non-recoverable

What did you see instead? Under which circumstances?

ERROR logs related to patching the status that are effectively recoverable because the conflict indicates another version of the primary resource will still be reconciled.

Environment

Kubernetes cluster type:

$ Mention java-operator-sdk version from pom.xml file

$ java -version

$ kubectl version

Possible Solution

One possible solution, which I can quickly open a pr for, is to log this patch status error at an ERROR level only if it's a non-conflict exception.

The other approach is to determine what code needs to be updated to make sure that the operator sdk is always working with the most up-to-date primary resource.

Additional context

[csviri]

Hi @shawkins ,

The other approach is to determine what code needs to be updated to make sure that the operator sdk is always working with the most up-to-date primary resource.

pls take a look also on this: https://javaoperatorsdk.io/blog/2025/05/22/how-to-guarantee-allocated-values-for-next-reconciliation/

It might be better to patch the resource this way, so the updated version is always present for the next reconciliation.

One possible solution, which I can quickly open a pr for, is to log this patch status error at an ERROR level only if it's a non-conflict exception.

Yep this might be also nice to have, maybe we could consider a separate logger? so user can decide on this one specially