Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Image Automation Controller only triggers on manual reconciliation. #5036

Open
1 task done
emanuele-leopardi opened this issue Oct 17, 2024 · 1 comment
Open
1 task done

Image Automation Controller only triggers on manual reconciliation. #5036

emanuele-leopardi opened this issue Oct 17, 2024 · 1 comment

Comments

@emanuele-leopardi
Copy link

emanuele-leopardi commented Oct 17, 2024
edited
Loading

Describe the bug

I am experiencing an odd behavior of IAC.
I expected IAC to be triggered by an update from an ImageRepository object, and to commit to my repository the updated tag.
This only works if I manually trigger a reconciliation.

Steps to reproduce

  1. Install flux with image automation controller and image reflector controller
flux bootstrap github \
  --token-auth \
  --owner=me \
  --repository=your-repo \
  --path=clusters/test \
  --components-extra=image-reflector-controller,image-automation-controller \
  --personal \
  --private \
  --branch flux
  1. Create the following
apiVersion: source.toolkit.fluxcd.io/v1
kind: HelmRepository
metadata:
  name: httpbin
  namespace: httpbin
spec:
  interval: 1m0s
  url: https://matheusfm.dev/charts
---
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: httpbin
  namespace: httpbin
spec:
  chart:
    spec:
      chart: httpbin
      reconcileStrategy: ChartVersion
      sourceRef:
        kind: HelmRepository
        name: httpbin
        namespace: httpbin
  interval: 1m0s
  install:
    remediation:
      remediateLastFailure: true
      retries: 1
  upgrade:
    cleanupOnFail: true
    remediation:
      remediateLastFailure: true
      retries: -1
  maxHistory: 100
  values:
    image:
      repository: my-repo/httpbin # {"$imagepolicy": "httpbin:httpbin:name"}
      tag: test # {"$imagepolicy": "httpbin:httpbin:tag"}
      pullPolicy: Always
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageRepository
metadata:
  name: httpbin
  namespace: httpbin
spec:
  image: my-repo/httpbin
  interval: 1m
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImagePolicy
metadata:
  name: httpbin
  namespace: httpbin
spec:
  imageRepositoryRef:
    name: httpbin
  filterTags:
    pattern: ''
  policy:
    alphabetical:
      order: asc
---
apiVersion: image.toolkit.fluxcd.io/v1beta2
kind: ImageUpdateAutomation
metadata:
  name: httpbin
  namespace: httpbin
spec:
  interval: 1m
  sourceRef:
    kind: GitRepository
    name: flux-system
    namespace: flux-system
  git:
    checkout:
      ref:
        branch: flux
    commit:
      author:
        email: [email protected]
        name: FluxBot
  update:
    path: ./clusters/test/apps/httpbin
  policySelector:
    matchLabels:
      app.kubernetes.io/instance: httpbin
      app.kubernetes.io/name: httpbin
---
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: flux-system
  namespace: flux-system
spec:
  interval: 1m0s
  ref:
    branch: flux
  secretRef:
    name: flux-system
  url: your-repo.git

The GitRepository above is the same repo used to bootstrap flux in the cluster.
The cluster uses k3s on a 3 master + workers configuration.
To test the behavior I chose policy.alphabetical.order: asc then I tagged the httpbin image as atest, btest, ctest etc.
flux version is v.2.3.0

What happens is that ImageRepository correctly gets latest tags

  conditions:
    - lastTransitionTime: 2024-10-17T14:01:21Z
      message: "successful scan: found 5 tags"
      observedGeneration: 1
      reason: Succeeded
      status: "True"
      type: Ready
  lastHandledReconcileAt: 2024-10-15T15:25:09.946216846Z
  lastScanResult:
    latestTags:
      - ztest
      - vtest
      - utest
      - test
      - latest
    scanTime: 2024-10-17T16:32:46Z
    tagCount: 5

ImagePolicy matches the latest tag

status:
  conditions:
    - lastTransitionTime: 2024-10-17T14:01:21Z
      message: Latest image tag for 'my-repo/httpbin' updated
        from vtest to ztest
      observedGeneration: 2
      reason: Succeeded
      status: "True"
      type: Ready
  latestImage: my-repo/httpbin:ztest
  observedGeneration: 2
  observedPreviousImage: my-repo/httpbin:vtest

ImageUpdateAutomation says the repository is up to date but it doesn't push any update to the git repository

status:
  conditions:
    - lastTransitionTime: 2024-10-17T03:36:58Z
      message: repository up-to-date
      observedGeneration: 11
      reason: Succeeded
      status: "True"
      type: Ready
  lastAutomationRunTime: 2024-10-17T16:35:15Z
  lastHandledReconcileAt: 2024-10-17T14:14:27.636419221Z
  lastPushCommit: f850e802023aa075bae295a1d2e637f06d9e0b7b
  lastPushTime: 2024-10-17T14:14:29Z
  observedGeneration: 11

If I then run flux reconcile against ImageUpdateAutomation , then boom: image automation controller pushes the commit toward the repository
image

I am probably missing something and I am hopeful that @stefanprodan will be able to give me the correct nudge to get this sorted

Expected behavior

I was expecting IAC to automatically push the commit to the repo without manual reconciliation

Screenshots and recordings

No response

OS / Distro

N/A

Flux version

flux: v2.3.0

Flux check

► checking prerequisites
✗ flux 2.3.0 <2.4.0 (new CLI version is available, please upgrade)
✗ Kubernetes version v1.24.17+k3s1 does not match >=1.28.0-0
► checking version in cluster
✔ distribution: flux-v2.3.0
✔ bootstrapped: true
► checking controllers
✔ helm-controller: deployment ready
► ghcr.io/fluxcd/helm-controller:v1.0.1
✔ image-automation-controller: deployment ready
► ghcr.io/fluxcd/image-automation-controller:v0.38.0
✔ image-reflector-controller: deployment ready
► ghcr.io/fluxcd/image-reflector-controller:v0.32.0
✔ kustomize-controller: deployment ready
► ghcr.io/fluxcd/kustomize-controller:v1.3.0
✔ notification-controller: deployment ready
► ghcr.io/fluxcd/notification-controller:v1.3.0
✔ source-controller: deployment ready
► ghcr.io/fluxcd/source-controller:v1.3.0
► checking crds
✔ alerts.notification.toolkit.fluxcd.io/v1beta3
✔ buckets.source.toolkit.fluxcd.io/v1beta2
✔ gitrepositories.source.toolkit.fluxcd.io/v1
✔ helmcharts.source.toolkit.fluxcd.io/v1
✔ helmreleases.helm.toolkit.fluxcd.io/v2
✔ helmrepositories.source.toolkit.fluxcd.io/v1
✔ imagepolicies.image.toolkit.fluxcd.io/v1beta2
✔ imagerepositories.image.toolkit.fluxcd.io/v1beta2
✔ imageupdateautomations.image.toolkit.fluxcd.io/v1beta2
✔ kustomizations.kustomize.toolkit.fluxcd.io/v1
✔ ocirepositories.source.toolkit.fluxcd.io/v1beta2
✔ providers.notification.toolkit.fluxcd.io/v1beta3
✔ receivers.notification.toolkit.fluxcd.io/v1
✗ check failed

Git provider

GitHub

Container Registry provider

quay.io

Additional context

No response

Code of Conduct

  • I agree to follow this project's Code of Conduct
@stefanprodan
Copy link
Member

stefanprodan commented Oct 17, 2024
edited
Loading

The ImagePolicy is missing the labels you've set in the ImageUpdateAutomation, so I'm very surprised it works when you run reconcile, it should never update the repo.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stefanprodan @emanuele-leopardi