quarkus-operator-sdk
quarkus-operator-sdk copied to clipboard
quarkiverse
Setting 'all-namespaces' on a controller via an environment property gives a NullPointer
I try to configure my controller to watch the current namespace or all-namespaces.
For this I used the property quarkus.operator-sdk.controllers.
For a single namespace I specify the name of the namespace: quarkus.operator-sdk.controllers.testreconciler.namespaces=test-namespaces For 'all-namespaces' I want to leave the property blank: quarkus.operator-sdk.controllers.testreconciler.namespaces=
Leaving the property blank gives a NullPointerException like:
Caused by: java.lang.NullPointerException
at java.base/java.util.HashSet.
I added a small reproducer: reproducer.zip
Run it with mvn quarkes:dev and it will fail.
This will be addressed with the update to JOSDK 3.0.0 where the default value for namespaces (i.e. watching all namespaces) will be made explicit. See https://github.com/java-operator-sdk/java-operator-sdk/pull/1177 for more details.
@metacosm I see that https://github.com/java-operator-sdk/java-operator-sdk/pull/1177 is already released with JOSDK 3.0.0.CR2. Currently I can only find 4.0.0.Beta1 for Quarkus which is using JOSDK 3.0.0.CR1. Do you know when a new beta for Quarkus is released that contains JOSDK 3.0.0.CR2 or higher?
Hi @tonswieb, you should be able to try use a SNAPSHOT version until we release a newer version. I just merged some recent changes and the snapshot should be propagated soon if you want to give it try.
Thanks. I will give it a try.
Van: Chris Laprun @.> Verzonden: dinsdag 10 mei 2022 17:53 Aan: quarkiverse/quarkus-operator-sdk @.> CC: Ton Swieb @.>; Mention @.> Onderwerp: Re: [quarkiverse/quarkus-operator-sdk] Setting 'all-namespaces' on a controller via an environment property gives a NullPointer (Issue #324)
Hi @tonswiebhttps://github.com/tonswieb, you should be able to try use a SNAPSHOT version until we release a newer version. I just merged some recent changes and the snapshot should be propagated soon if you want to give it try.
— Reply to this email directly, view it on GitHubhttps://github.com/quarkiverse/quarkus-operator-sdk/issues/324#issuecomment-1122580221, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAGDNUOKDZX4WGEMQMRHJG3VJKBAPANCNFSM5T7YVKAQ. You are receiving this because you were mentioned.Message ID: @.***>
[http://footer.finalist.nl/Finalist_banner_2020.png]
@metacosm is there a way to force all namespaces using the environment variable: QUARKUS_OPERATOR_SDK_NAMESPACES
I am trying to use the keycloak-operator but they specified the current namespace by default.
@metacosm is there a way to force all namespaces using the environment variable: QUARKUS_OPERATOR_SDK_NAMESPACES
I was going to tell you that you need to use QUARKUS_OPERATOR_SDK_CONTROLLERS_<the Keycloak controller name>_NAMESPACES instead but this doesn't work. I've opened a PR to fix that problem: #427, would appreciate if you could give it a try and let me know if it fixes your issue.
@yelhouti according to this post, watching multiple namespaces should be possible via the QUARKUS_OPERATOR_SDK_NAMESPACES but it doesn't seem to work in version 20.0.x although it was working in version 19.0.2. see this issue. Have you found a way to get the latest version of the operator watching multiple namespaces?
@metacosm do you happen to have a clue why the keycloak-operator:20.0.2 doesn't take into account the QUARKUS_OPERATOR_SDK_NAMESPACES, although the 19.0.2 does. as far as I can see in the operator code there's no change in this regard, but the quarkus-operator-sdk version used in the former is 4.0.4 while the later uses 3.0.8
@nrobert13 QUARKUS_OPERATOR_SDK_NAMESPACES doesn't work as expected (not able to match ALL namespaces) because of an implementation issue, to make it work just add the list of namespaces to watch
@yelhouti thanks for getting back to me on this. I don't want to watch ALL namespace, I have a list and added the QUARKUS_OPERATOR_SDK_NAMESPACES but the 20.0.2 version doesn't take it into account. It still says it's reconciling from the namespace of the operator. Using the exact same manifest for the operator but changing the image tag from 20.0.2 to 19.0.2 will get the operator to work as expected watching the namespaces from the env variable. Does it work for you out of the box without any customisation of the image?
Rather confused about what's going on here… If you have an issue with the Keycloak operator, please open an issue on their issue tracker. I assume that if the issue stems from this project, eventually an issue will be created here. I don't have any idea of how the Keycloak operator works so I cannot comment on what it might or might not do.
@metacosm thanks for getting back to me on this. you are right, I'm also a bit confused about where the problems stems, I came across your comment above, mentioning the env variable, and I guess this is a feature of the quarkus framework to feed env variables into configuration, so I was thinking if the above still holds true, that the QUARKUS_OPERATOR_SDK_NAMESPACES overrides the watched namespace.
@metacosm sorry for bothering you again. I think I found the cause. The latest version of Keycloak-operator uses quarkus-operator-sdk version 4.0.4, I tried to run the keycloak-operator with the version 4.0.3 and it behaves as expected, so it broke somewhere between 4.0.3 and 4.0.4. I then looked at the diff, and came across this commit, which seems to address exactly my problem, but unfortunately I'm not able to figure out what I have to do to get it working.
QUARKUS_OPERATOR_SDK_NAMESPACES was never meant to override the namespaces specified by a given controller (an operator can have multiple controllers). Rather, it was meant to provide a "blanket" default value that would be used if controllers didn't specify their own. It might have improperly worked as an override before because there was no default value set for the controllers but more recent version of the Java Operator SDK (JOSDK) do indeed provide a default value hence rendering QUARKUS_OPERATOR_SDK_NAMESPACES value ineffective…
I will look into whether that's indeed what's currently going on and see if the previous behaviour could be restored but, as mentioned, this will only work if the Keycloack controllers have not specified a value for their watched namespaces.
That said, you should still be able to override even set values if you know the names of the controllers you want to change the namespaces for by using the QUARKUS_OPERATOR_SDK_CONTROLLERS_<name of the controller you want to change>_NAMESPACES env variable.
I will look into whether that's indeed what's currently going on and see if the previous behaviour could be restored but, as mentioned, this will only work if the Keycloack controllers have not specified a value for their watched namespaces.
if you mean this by specifying a value for their namespaces, they do.
That said, you should still be able to override even set values if you know the names of the controllers you want to change the namespaces for by using the
QUARKUS_OPERATOR_SDK_CONTROLLERS_<name of the controller you want to change>_NAMESPACESenv variable.
If I read the above referenced code correctly, there's no name given to the controller, would there still be a way to reference it?
That said, you should still be able to override even set values if you know the names of the controllers you want to change the namespaces for by using the
QUARKUS_OPERATOR_SDK_CONTROLLERS_<name of the controller you want to change>_NAMESPACESenv variable.If I read the above referenced code correctly, there's no name given to the controller, would there still be a way to reference it?
Yes. A default name is created using https://github.com/java-operator-sdk/java-operator-sdk/blob/36917750e04018dc44a823535e7273d697391bdb/operator-framework-core/src/main/java/io/javaoperatorsdk/operator/ReconcilerUtils.java#L78 so in this case, you'd use QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKCONTROLLER_NAMESPACES.
Let me know if this works, @nrobert13, please.
I tried that as well with the stock keycloak-operator version 20.0.2 (latest ), but unfortunately it doesn't work.
furthermore I built now a keycloak-operator image with quarkus-operator-sdk 4.0.3. this works with the QUARKUS_OPERATOR_SDK_NAMESPACES variable but it doesn't work with QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKCONTROLLER_NAMESPACES.
@nrobert13 see https://github.com/quarkiverse/quarkus-operator-sdk/pull/471/commits/5510a85922e76dbb7a60cbaef17595d8022954a8, this should be working (at least, as of 4.0.5).
@metacosm I built the image with version 4.0.5 but unfortunately still doesn't take into account QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKCONTROLLER_NAMESPACES
There might be something else at play here… Could you detail the steps to reproduce the issue, please?
sure, here are the steps:
# kubectl create ns keycloak-ns
# kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.2/kubernetes/keycloaks.k8s.keycloak.org-v1.yml
# kubectl apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.2/kubernetes/keycloakrealmimports.k8s.keycloak.org-v1.yml
# kubectl -n keycloak-ns apply -f https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources/20.0.2/kubernetes/kubernetes.yml
# kubectl -n keycloak-ns set env deployment/keycloak-operator QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKCONTROLLER_NAMESPACES=iam-test
# kubectl -n keycloak-ns set image deployment/keycloak-operator keycloak-operator=syseleven/keycloak-operator:20.0.2-4.0.5
It's enough to watch the logs, they look like this:
2023-01-06 20:01:08,491 INFO [io.qua.ope.run.OperatorProducer] (main) Quarkus Java Operator SDK extension 4.0.5 (commit: 1a615f0 on branch: 1a615f06ac9d7bd7c0d7607a9
8c8782b4812ad8e) built on Wed Oct 26 19:36:50 GMT 2022
2023-01-06 20:01:08,547 INFO [io.jav.ope.Operator] (main) Registered reconciler: 'keycloakrealmimportcontroller' for resource: 'class org.keycloak.operator.crds.v2al
pha1.realmimport.KeycloakRealmImport' for namespace(s): [keycloak-ns]
2023-01-06 20:01:08,552 INFO [io.jav.ope.Operator] (main) Registered reconciler: 'keycloakcontroller' for resource: 'class org.keycloak.operator.crds.v2alpha1.deploy
ment.Keycloak' for namespace(s): [keycloak-ns]
2023-01-06 20:01:08,552 INFO [io.qua.ope.run.AppEventListener] (main) Starting operator.
2023-01-06 20:01:08,553 INFO [io.jav.ope.Operator] (main) Operator SDK 3.2.4 (commit: dfae8d5) built on Fri Oct 21 08:03:55 GMT 2022 starting...
2023-01-06 20:01:08,553 INFO [io.jav.ope.Operator] (main) Client version: 5.12.4
please note the namesace the controllers are registered for is keycloak-ns instead of iam-test.
If you try the following steps, it will work:
# kubectl -n keycloak-ns set env deployment/keycloak-operator QUARKUS_OPERATOR_SDK_NAMESPACES=iam-test
# kubectl -n keycloak-ns set image deployment/keycloak-operator keycloak-operator=syseleven/keycloak-operator:20.0.2-4.0.3
and the logs:
2023-01-06 10:59:14,092 INFO [io.qua.ope.run.OperatorProducer] (main) Quarkus Java Operator SDK extension 4.0.3 (commit: d88d41d on branch: d88d41d78baf198fa4e69d120
5f9d19ee04d8c60) built on Thu Oct 06 20:26:39 GMT 2022
2023-01-06 10:59:14,151 INFO [io.jav.ope.Operator] (main) Registered reconciler: 'keycloakcontroller' for resource: 'class org.keycloak.operator.crds.v2alpha1.deploy
ment.Keycloak' for namespace(s): [iam-test]
2023-01-06 10:59:14,154 INFO [io.jav.ope.Operator] (main) Registered reconciler: 'keycloakrealmimportcontroller' for resource: 'class org.keycloak.operator.crds.v2al
pha1.realmimport.KeycloakRealmImport' for namespace(s): [iam-test]
2023-01-06 10:59:14,155 INFO [io.qua.ope.run.AppEventListener] (main) Starting operator.
2023-01-06 10:59:14,155 INFO [io.jav.ope.Operator] (main) Operator SDK 3.2.3 (commit: 9bb3f07) built on Fri Sep 30 14:18:27 GMT 2022 starting...
2023-01-06 10:59:14,155 INFO [io.jav.ope.Operator] (main) Client version: 5.12.4
@nrobert13 yes, there is indeed a problem with the current implementation. Working on a fix.
This should be addressed in 4.0.7 and 5.0.3. Please give it a try and re-open if needed.
@metacosm, works like a charm. thank you for the quick fix!
2023-01-24 21:59:33,571 INFO [io.qua.ope.run.OperatorProducer] (main) Quarkus Java Operator SDK extension 4.0.7 (commit: 476e349 on branch: 476e34936ba0620871ddedb6c
1e3ac5ad576c6ce) built on Tue Jan 24 12:06:37 GMT 2023
2023-01-24 21:59:33,636 INFO [io.jav.ope.Operator] (main) Registered reconciler: 'keycloakrealmimportcontroller' for resource: 'class org.keycloak.operator.crds.v2al
pha1.realmimport.KeycloakRealmImport' for namespace(s): [iam-extern, iam]
2023-01-24 21:59:33,646 INFO [io.jav.ope.Operator] (main) Registered reconciler: 'keycloakcontroller' for resource: 'class org.keycloak.operator.crds.v2alpha1.deploy
ment.Keycloak' for namespace(s): [iam-extern, iam]
So, a lot of work has been done, but how to watch ALL namespaces? Workflow is like this:
- ops team deploys operator
- dev teams deploy keycloak when they need it, including dynamic environment, therefore dynamic namespace names. @metacosm
@alikhanich To watch all namespaces, you'd have to have specific privileges on the target cluster. That said, you can configure operators using QUARKUS_OPERATOR_SDK_CONTROLLERS_KEYCLOAKCONTROLLER_NAMESPACES=JOSDK_ALL_NAMESPACES.