From 6dabe741fe1148068be49e8fc3c9db6d601778a8 Mon Sep 17 00:00:00 2001 From: Dahlia Bock Date: Mon, 7 Dec 2020 12:53:43 -0600 Subject: [PATCH] Add additional error messaging if we fail to update the CustomResource status due to a lack of permissions --- .../com/instana/operator/AgentDeployer.java | 3 +- .../instana/operator/CustomResourceState.java | 32 +++++++++++++------ 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/src/main/java/com/instana/operator/AgentDeployer.java b/src/main/java/com/instana/operator/AgentDeployer.java index adfe910a..d67d7221 100644 --- a/src/main/java/com/instana/operator/AgentDeployer.java +++ b/src/main/java/com/instana/operator/AgentDeployer.java @@ -70,6 +70,7 @@ import static com.instana.operator.util.StringUtils.isBlank; import static io.fabric8.kubernetes.client.Watcher.Action.ADDED; import static io.fabric8.kubernetes.client.Watcher.Action.DELETED; +import static java.net.HttpURLConnection.HTTP_CONFLICT; @ApplicationScoped public class AgentDeployer { @@ -204,7 +205,7 @@ void createResource(int nRetries, MixedOperation op, Factory 1) { + if (e.getCode() == HTTP_CONFLICT && nRetries > 1) { // Another resource of the same name exists in the same namespace. // Maybe it's currently being removed, try again in a few seconds. executor.schedule(() -> createResource(nRetries - 1, op, factory), 10, TimeUnit.SECONDS); diff --git a/src/main/java/com/instana/operator/CustomResourceState.java b/src/main/java/com/instana/operator/CustomResourceState.java index db542785..4a61ea87 100644 --- a/src/main/java/com/instana/operator/CustomResourceState.java +++ b/src/main/java/com/instana/operator/CustomResourceState.java @@ -1,23 +1,28 @@ package com.instana.operator; +import static com.instana.operator.client.KubernetesClientProducer.CRD_NAME; +import static com.instana.operator.util.ResourceUtils.name; +import static java.net.HttpURLConnection.HTTP_FORBIDDEN; + +import java.util.Optional; + +import javax.enterprise.context.ApplicationScoped; +import javax.inject.Inject; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import com.instana.operator.customresource.DoneableInstanaAgent; import com.instana.operator.customresource.InstanaAgent; import com.instana.operator.customresource.InstanaAgentList; import com.instana.operator.customresource.InstanaAgentStatus; import com.instana.operator.customresource.ResourceInfo; + import io.fabric8.kubernetes.api.model.HasMetadata; import io.fabric8.kubernetes.api.model.Pod; +import io.fabric8.kubernetes.client.KubernetesClientException; import io.fabric8.kubernetes.client.dsl.MixedOperation; import io.fabric8.kubernetes.client.dsl.Resource; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.enterprise.context.ApplicationScoped; -import javax.inject.Inject; -import java.util.Optional; - -import static com.instana.operator.client.KubernetesClientProducer.CRD_NAME; -import static com.instana.operator.util.ResourceUtils.name; @ApplicationScoped public class CustomResourceState { @@ -127,7 +132,14 @@ private void update() { try { client.inNamespace(customResource.getMetadata().getNamespace()).createOrReplace(customResource); } catch (Exception e) { - LOGGER.warn("Failed to update " + CRD_NAME + " " + name(customResource) + ": " + e.getMessage()); + StringBuilder errorMessage = new StringBuilder(); + errorMessage.append("Failed to update Custom Resource").append(CRD_NAME).append(name(customResource)); + if (e instanceof KubernetesClientException) { + if (((KubernetesClientException)e).getCode() == HTTP_FORBIDDEN) { + errorMessage.append(". Please ensure that the operator has the appropriate cluster role permissions."); + } + } + LOGGER.warn(errorMessage.toString() + ": " + e.getMessage()); // No need to System.exit() if we cannot update the status. Ignore this and carry on. } }