Ansible operator keeps running playbooks

[Marcin Dylewski]

Hello everyone,

I've created a relatively simple operator that is responsible from downloading certs from external place and stores them in secrets. The custom resource for it is called Keystore.

I encounter some weird behaviour when the Keystore resource exists and operator is started. Then it keeps running underlying playbooks over and over even though playbook finished successfully. When Keystore resource is created after operator had been started, then everythgin works as expected - playbook is run only once and all underlying secrets are created and no further invocation of playbook is done. 

I am unable to see any suspected error message in any log. Any tips how to debug this further? I am using 1.17 sdk version on top of openshift 4.9 (kubernetes version 1.22.3).

Best Regards,

Marcin

[Marcin Dylewski]

That's probably because of updated resourceVersion field whcih is managed by openshift automatically. Adding watchDependentResources: False to watches.yaml will not trigger the loop, but it will also prevents secrets from being recreated if someone deletes them by mistake, so it's a rather weak workaround.

I've also tried with various merge and apply settings in community.kubernetes.k8s module within playbook but nothing helped.

[Marcin Dylewski]

OK, I realized that when keystores are generated, even though passwords are the same, salt is not so eventually secrets created are binary different, thus they are always updated. I have to leave with watchDependentResources: False.