Skip to content

Reciliation storm when using listType=set #803

New issue
New issue
Open
#802
Open
Reciliation storm when using listType=set#803
#802
Labels
bugSomething isn't working
@guilhem

Description

@guilhem
guilhem
opened on Jan 15, 2025

What happened?

When using Firewall from Linode provider. We get a reconciliation loop on the resource.

start watching the diff of firewalls on f-agent @Now=2025-01-14 16:05:02.770090568 +0100 CET m=+1.977327563
# Resource: kubectl get firewalls -oyaml f-agent @ 2025-01-14 16:05:14.996056599 +0100 CET m=+14.203293609
--- old/firewalls/f-agent.yaml
+++ new/firewalls/f-agent.yaml
@@ -12,7 +12,7 @@
     creationTimestamp: "2025-01-07T10:16:42Z"
     finalizers:
     - finalizer.managedresource.crossplane.io
-    generation: 479260
+    generation: 479261
     labels:
@@ -30,7 +30,7 @@
             f:linodesRefs: {}
       manager: managed.crossplane.io/api-simple-reference-resolver
       operation: Apply
-      time: "2025-01-14T15:04:52Z"
+      time: "2025-01-14T15:05:14Z"
     - apiVersion: firewall.linode.upbound.io/v1alpha1
       fieldsType: FieldsV1
       fieldsV1:
@@ -146,7 +146,7 @@
       operation: Update
       time: "2025-01-14T11:26:31Z"
     name: f-agent
-    resourceVersion: "8968519"
+    resourceVersion: "8968817"
     uid: 3cd8a430-1eef-40a5-af88-f523418ed1ec
   spec:
     deletionPolicy: Delete
@@ -640,13 +640,13 @@
       inboundPolicy: DROP
       label: f-agent
       linodes:
+      - 2
       - 4
       - 6
-      - 2
       linodesRefs:
+      - name: f-default-2
       - name: f-default-0
       - name: f-default-1
-      - name: f-default-2
       linodesSelector:
         matchLabels:
           label: label
# Resource: kubectl get firewalls -oyaml f-agent @ 2025-01-14 16:05:15.931564636 +0100 CET m=+15.138801639
--- old/firewalls/f-agent.yaml
+++ new/firewalls/f-agent.yaml
@@ -12,7 +12,7 @@
     creationTimestamp: "2025-01-07T10:16:42Z"
     finalizers:
     - finalizer.managedresource.crossplane.io
-    generation: 479261
+    generation: 479262
     labels:
@@ -30,7 +30,7 @@
             f:linodesRefs: {}
       manager: managed.crossplane.io/api-simple-reference-resolver
       operation: Apply
-      time: "2025-01-14T15:05:14Z"
+      time: "2025-01-14T15:05:15Z"
     - apiVersion: firewall.linode.upbound.io/v1alpha1
       fieldsType: FieldsV1
       fieldsV1:
@@ -146,7 +146,7 @@
       operation: Update
       time: "2025-01-14T11:26:31Z"
     name: f-agent
-    resourceVersion: "8968817"
+    resourceVersion: "8968838"
     uid: 3cd8a430-1eef-40a5-af88-f523418ed1ec
   spec:
     deletionPolicy: Delete
@@ -640,13 +640,13 @@
       inboundPolicy: DROP
       label: f-agent
       linodes:
-      - 2
       - 4
       - 6
+      - 2
       linodesRefs:
-      - name: f-default-2
       - name: f-default-0
       - name: f-default-1
+      - name: f-default-2
       linodesSelector:
         matchLabels:
           label: label
# Resource: kubectl get firewalls -oyaml f-agent @ 2025-01-14 16:05:18.839003021 +0100 CET m=+18.046240040
--- old/firewalls/f-agent.yaml
+++ new/firewalls/f-agent.yaml
@@ -12,7 +12,7 @@
     creationTimestamp: "2025-01-07T10:16:42Z"
     finalizers:
     - finalizer.managedresource.crossplane.io
-    generation: 479262
+    generation: 479263
     labels:
@@ -30,7 +30,7 @@
             f:linodesRefs: {}
       manager: managed.crossplane.io/api-simple-reference-resolver
       operation: Apply
-      time: "2025-01-14T15:05:15Z"
+      time: "2025-01-14T15:05:18Z"
     - apiVersion: firewall.linode.upbound.io/v1alpha1
       fieldsType: FieldsV1
       fieldsV1:
@@ -146,7 +146,7 @@
       operation: Update
       time: "2025-01-14T11:26:31Z"
     name: f-agent
-    resourceVersion: "8968838"
+    resourceVersion: "8968861"
     uid: 3cd8a430-1eef-40a5-af88-f523418ed1ec
   spec:
     deletionPolicy: Delete
@@ -640,13 +640,13 @@
       inboundPolicy: DROP
       linodes:
+      - 2
       - 4
       - 6
-      - 2
       linodesRefs:
+      - name: f-default-2
       - name: f-default-0
       - name: f-default-1
-      - name: f-default-2
       linodesSelector:
         matchLabels:
           cluster: demo-cluster
# Resource: kubectl get firewalls -oyaml f-agent @ 2025-01-14 16:05:19.328442838 +0100 CET m=+18.535679850
--- old/firewalls/f-agent.yaml
+++ new/firewalls/f-agent.yaml
@@ -12,7 +12,7 @@
     creationTimestamp: "2025-01-07T10:16:42Z"
     finalizers:
     - finalizer.managedresource.crossplane.io
-    generation: 479263
+    generation: 479264
     labels:
@@ -30,7 +30,7 @@
             f:linodesRefs: {}
       manager: managed.crossplane.io/api-simple-reference-resolver
       operation: Apply
-      time: "2025-01-14T15:05:18Z"
+      time: "2025-01-14T15:05:19Z"
     - apiVersion: firewall.linode.upbound.io/v1alpha1
       fieldsType: FieldsV1
       fieldsV1:
@@ -146,7 +146,7 @@
       operation: Update
       time: "2025-01-14T11:26:31Z"
     name: f-agent
-    resourceVersion: "8968861"
+    resourceVersion: "8968869"
     uid: 3cd8a430-1eef-40a5-af88-f523418ed1ec
   spec:
     deletionPolicy: Delete
@@ -640,13 +640,13 @@
       inboundPolicy: DROP
       linodes:
-      - 2
       - 4
       - 6
+      - 2
       linodesRefs:
-      - name: f-default-2
       - name: f-default-0
       - name: f-default-1
+      - name: f-default-2
       linodesSelector:
         matchLabels:
           label: label

How can we reproduce it?

Create a firewall with a linodesSelector.
Use kubectl-watch to see loop on linodes and linodesRefs.

What environment did it happen in?

Crossplane version: 1.16.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions