Operator SDK FAQ

How can I have separate logic for Create, Update, and Delete events? When reconciling an object can I access its previous state?

You should not have separate logic. Instead design your reconciler to be idempotent. See the for more details.

I keep seeing the following intermittent warning in my Operator’s logs: `The resourceVersion for the provided watch is too old.` What’s wrong?

This is completely normal and expected behavior.

The kube-apiserver watch request handler is designed to periodically close a watch to spread out load among controller node instances. Once disconnected, your Operator’s informer will automatically reconnect and re-establish the watch. If an event is missed during re-establishment, the watch will fail with the above warning message. The Operator’s informer then does a list request and uses the new resourceVersion from that list to restablish the watch and replace the cache with the latest objects.

Never seeing this warning may suggest that your watch or cache is not healthy. If the message is repeating every few seconds, this may signal a network connection problem or issue with etcd.

For more information on kube-apiserver request timeout options, see the Kubernetes API Server Command Line Tool Reference

Unfortunately, adding the entire dependency tree for all Ansible modules would be excessive. Fortunately, you can add it easily. Simply edit your build/Dockerfile. You’ll want to change to root for the install command, just be sure to swap back using a series of commands like the following right after the line.

If you aren’t sure what dependencies are required, start up a container using the image in the FROM line as root. That will look something like this. docker run -u 0 -it --rm --entrypoint /bin/bash quay.io/operator-framework/ansible-operator:<sdk-tag-version>

I keep seeing errors like “Failed to watch”, how do I fix this?

Using controller-runtime’s split client means that read operations (gets and lists) are read from a cache, and write operations are written directly to the API server. To populate the cache for reads, controller-runtime initiates a list and then a watch even when your operator is only attempting to a single resource. The above scenario occurs when the operator does not have an (RBAC)rbac permission to watch the resource. The solution is to grant permission in the config/rbac/role.yaml file.

In rare cases, it also could be that the particular resource does not implement the watch verb. In this case, it is necessary to use the instead of the default split client. The manager’s GetAPIReader() function can be used to get this reader.

Example

Here is an example that demonstrates how to use a when a resource does not implement the watch verb:

FAQ

Operator SDK FAQ

How can I have separate logic for Create, Update, and Delete events? When reconciling an object can I access its previous state?

I keep seeing the following intermittent warning in my Operator’s logs: The resourceVersion for the provided watch is too old. What’s wrong?

I keep seeing errors like “Failed to watch”, how do I fix this?

I keep seeing the following intermittent warning in my Operator’s logs: `The resourceVersion for the provided watch is too old.` What’s wrong?