Merge pull request #397 from containeroo/fix/retry

rxbn · web-flow · commit bf34cfed0fec · 2025-05-01T14:25:19.000+02:00
fix: retry failures
diff --git a/cmd/main.go b/cmd/main.go
@@ -150,6 +150,7 @@ func main() {
 		Client:                   mgr.GetClient(),
 		Scheme:                   mgr.GetScheme(),
 		HTTPClientTimeout:        ipReconcilerHTTPClientTimeout,
+		RetryInterval:            retryInterval,
 		DefaultReconcileInterval: defaultReconcileInterval,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "IP")
diff --git a/internal/controller/account_controller.go b/internal/controller/account_controller.go
@@ -51,6 +51,8 @@ type AccountReconciler struct {
 	CloudflareAPI *cloudflare.API
 }
 
+var errWaitForAccount = errors.New("must wait for account")
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *AccountReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).
@@ -98,35 +100,42 @@ func (r *AccountReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	return r.reconcileAccount(ctx, account), nil
+	return r.reconcileAccount(ctx, account)
 }
 
 // reconcileAccount reconciles the account
-func (r *AccountReconciler) reconcileAccount(ctx context.Context, account *cloudflareoperatoriov1.Account) ctrl.Result {
+func (r *AccountReconciler) reconcileAccount(ctx context.Context, account *cloudflareoperatoriov1.Account) (ctrl.Result, error) {
 	secret := &corev1.Secret{}
-	if err := r.Get(ctx, client.ObjectKey{Namespace: account.Spec.ApiToken.SecretRef.Namespace, Name: account.Spec.ApiToken.SecretRef.Name}, secret); err != nil {
+	if err := r.Get(ctx, client.ObjectKey{
+		Namespace: account.Spec.ApiToken.SecretRef.Namespace,
+		Name:      account.Spec.ApiToken.SecretRef.Name,
+	}, secret); err != nil {
 		intconditions.MarkFalse(account, err)
-		return ctrl.Result{RequeueAfter: r.RetryInterval}
+		if apierrors.IsNotFound(err) {
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
+		}
+		return ctrl.Result{}, err
 	}
 
 	cloudflareAPIToken := string(secret.Data["apiToken"])
 	if cloudflareAPIToken == "" {
 		intconditions.MarkFalse(account, errors.New("secret has no key named \"apiToken\""))
-		return ctrl.Result{RequeueAfter: r.RetryInterval}
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 	}
 
 	if r.CloudflareAPI.APIToken != cloudflareAPIToken {
 		cloudflareAPI, err := cloudflare.NewWithAPIToken(cloudflareAPIToken)
 		if err != nil {
 			intconditions.MarkFalse(account, err)
-			return ctrl.Result{RequeueAfter: time.Second * 30}
+			return ctrl.Result{}, err
 		}
+
 		*r.CloudflareAPI = *cloudflareAPI
 	}
 
 	intconditions.MarkTrue(account, "Account is ready")
 
-	return ctrl.Result{RequeueAfter: account.Spec.Interval.Duration}
+	return ctrl.Result{RequeueAfter: account.Spec.Interval.Duration}, nil
 }
 
 // reconcileDelete reconciles the deletion of the account
diff --git a/internal/controller/account_controller_test.go b/internal/controller/account_controller_test.go
@@ -82,7 +82,8 @@ func TestAccountReconciler_reconcileAccount(t *testing.T) {
 			CloudflareAPI: &cloudflareAPI,
 		}
 
-		_ = r.reconcileAccount(context.TODO(), account)
+		_, err := r.reconcileAccount(context.TODO(), account)
+		g.Expect(err).ToNot(HaveOccurred())
 
 		g.Expect(account.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
 			*conditions.TrueCondition(cloudflareoperatoriov1.ConditionTypeReady, cloudflareoperatoriov1.ConditionReasonReady, "Account is ready"),
@@ -116,7 +117,8 @@ func TestAccountReconciler_reconcileAccount(t *testing.T) {
 			CloudflareAPI: &cloudflareAPI,
 		}
 
-		_ = r.reconcileAccount(context.TODO(), account)
+		_, err := r.reconcileAccount(context.TODO(), account)
+		g.Expect(err).ToNot(HaveOccurred())
 
 		g.Expect(account.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
 			*conditions.FalseCondition(cloudflareoperatoriov1.ConditionTypeReady, cloudflareoperatoriov1.ConditionReasonFailed, "secrets \"secret\" not found"),
@@ -158,7 +160,8 @@ func TestAccountReconciler_reconcileAccount(t *testing.T) {
 			CloudflareAPI: &cloudflareAPI,
 		}
 
-		_ = r.reconcileAccount(context.TODO(), account)
+		_, err := r.reconcileAccount(context.TODO(), account)
+		g.Expect(err).ToNot(HaveOccurred())
 
 		g.Expect(account.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
 			*conditions.FalseCondition(cloudflareoperatoriov1.ConditionTypeReady, cloudflareoperatoriov1.ConditionReasonFailed, "secret has no key named \"apiToken\""),
diff --git a/internal/controller/dnsrecord_controller.go b/internal/controller/dnsrecord_controller.go
@@ -42,6 +42,7 @@ import (
 	"github.com/cloudflare/cloudflare-go"
 	cloudflareoperatoriov1 "github.com/containeroo/cloudflare-operator/api/v1"
 	intconditions "github.com/containeroo/cloudflare-operator/internal/conditions"
+	interrors "github.com/containeroo/cloudflare-operator/internal/errors"
 	"github.com/containeroo/cloudflare-operator/internal/metrics"
 	intpredicates "github.com/containeroo/cloudflare-operator/internal/predicates"
 )
@@ -112,6 +113,13 @@ func (r *DNSRecordReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 			patchOpts = append(patchOpts, patch.WithStatusObservedGeneration{})
 		}
 
+		// We do not want to return these errors, but rather wait for the
+		// designated RequeueAfter to expire and try again.
+		// However, not returning an error will cause the patch helper to
+		// patch the observed generation, which we do not want. So we ignore
+		// these errors here after patching.
+		retErr = interrors.Ignore(retErr, errWaitForAccount, errWaitForZone)
+
 		if err := patchHelper.Patch(ctx, dnsrecord, patchOpts...); err != nil {
 			if !dnsrecord.DeletionTimestamp.IsZero() {
 				err = apierrutil.FilterOut(err, func(e error) bool { return apierrors.IsNotFound(e) })
@@ -130,7 +138,7 @@ func (r *DNSRecordReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 	if len(zones.Items) == 0 {
 		intconditions.MarkFalse(dnsrecord, fmt.Errorf("zone %q not found", zoneName))
-		return ctrl.Result{}, nil
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 	}
 
 	zone := &zones.Items[0]
@@ -148,19 +156,19 @@ func (r *DNSRecordReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	return r.reconcileDNSRecord(ctx, dnsrecord, zone), nil
+	return r.reconcileDNSRecord(ctx, dnsrecord, zone)
 }
 
 // reconcileDNSRecord reconciles the dnsrecord
-func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord *cloudflareoperatoriov1.DNSRecord, zone *cloudflareoperatoriov1.Zone) ctrl.Result {
+func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord *cloudflareoperatoriov1.DNSRecord, zone *cloudflareoperatoriov1.Zone) (ctrl.Result, error) {
 	if r.CloudflareAPI.APIToken == "" {
 		intconditions.MarkUnknown(dnsrecord, "Cloudflare account is not ready")
-		return ctrl.Result{RequeueAfter: r.RetryInterval}
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, errWaitForAccount
 	}
 
 	if !conditions.IsTrue(zone, cloudflareoperatoriov1.ConditionTypeReady) {
 		intconditions.MarkUnknown(dnsrecord, "Zone is not ready")
-		return ctrl.Result{RequeueAfter: r.RetryInterval}
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, errWaitForZone
 	}
 
 	var existingRecord cloudflare.DNSRecord
@@ -169,7 +177,7 @@ func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord
 		existingRecord, err = r.CloudflareAPI.GetDNSRecord(ctx, cloudflare.ZoneIdentifier(zone.Status.ID), dnsrecord.Status.RecordID)
 		if err != nil {
 			intconditions.MarkFalse(dnsrecord, err)
-			return ctrl.Result{}
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 		}
 	} else {
 		cloudflareExistingRecord, _, err := r.CloudflareAPI.ListDNSRecords(ctx, cloudflare.ZoneIdentifier(zone.Status.ID), cloudflare.ListDNSRecordsParams{
@@ -179,7 +187,7 @@ func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord
 		})
 		if err != nil {
 			intconditions.MarkFalse(dnsrecord, err)
-			return ctrl.Result{}
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 		}
 		if len(cloudflareExistingRecord) > 0 {
 			existingRecord = cloudflareExistingRecord[0]
@@ -191,14 +199,14 @@ func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord
 		ip := &cloudflareoperatoriov1.IP{}
 		if err := r.Get(ctx, client.ObjectKey{Name: dnsrecord.Spec.IPRef.Name}, ip); err != nil {
 			intconditions.MarkFalse(dnsrecord, err)
-			return ctrl.Result{RequeueAfter: r.RetryInterval}
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 		}
 		dnsrecord.Spec.Content = ip.Spec.Address
 	}
 
 	if *dnsrecord.Spec.Proxied && dnsrecord.Spec.TTL != 1 {
 		intconditions.MarkFalse(dnsrecord, errors.New("TTL must be 1 when proxied"))
-		return ctrl.Result{}
+		return ctrl.Result{}, nil
 	}
 
 	if existingRecord.ID == "" {
@@ -213,7 +221,7 @@ func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord
 		})
 		if err != nil {
 			intconditions.MarkFalse(dnsrecord, err)
-			return ctrl.Result{RequeueAfter: r.RetryInterval}
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 		}
 		dnsrecord.Status.RecordID = newDNSRecord.ID
 	} else if !r.compareDNSRecord(dnsrecord.Spec, existingRecord) {
@@ -228,13 +236,13 @@ func (r *DNSRecordReconciler) reconcileDNSRecord(ctx context.Context, dnsrecord
 			Data:     dnsrecord.Spec.Data,
 		}); err != nil {
 			intconditions.MarkFalse(dnsrecord, err)
-			return ctrl.Result{RequeueAfter: r.RetryInterval}
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 		}
 	}
 
 	intconditions.MarkTrue(dnsrecord, "DNS record synced")
 
-	return ctrl.Result{RequeueAfter: dnsrecord.Spec.Interval.Duration}
+	return ctrl.Result{RequeueAfter: dnsrecord.Spec.Interval.Duration}, nil
 }
 
 // compareDNSRecord compares the DNS record to the DNSRecord object
diff --git a/internal/controller/dnsrecord_controller_test.go b/internal/controller/dnsrecord_controller_test.go
@@ -85,7 +85,8 @@ func TestDNSRecordReconciler_reconcileDNSRecord(t *testing.T) {
 			Proxied: new(bool),
 		}
 
-		_ = r.reconcileDNSRecord(context.TODO(), dnsRecord, zone)
+		_, err := r.reconcileDNSRecord(context.TODO(), dnsRecord, zone)
+		g.Expect(err).ToNot(HaveOccurred())
 
 		g.Expect(dnsRecord.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
 			*conditions.TrueCondition(cloudflareoperatoriov1.ConditionTypeReady, cloudflareoperatoriov1.ConditionReasonReady, "DNS record synced"),
@@ -113,7 +114,8 @@ func TestDNSRecordReconciler_reconcileDNSRecord(t *testing.T) {
 			},
 		}
 
-		_ = r.reconcileDNSRecord(context.TODO(), dnsRecord, zone)
+		_, err := r.reconcileDNSRecord(context.TODO(), dnsRecord, zone)
+		g.Expect(err).ToNot(HaveOccurred())
 
 		g.Expect(dnsRecord.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
 			*conditions.TrueCondition(cloudflareoperatoriov1.ConditionTypeReady, cloudflareoperatoriov1.ConditionReasonReady, "DNS record synced"),
@@ -148,7 +150,8 @@ func TestDNSRecordReconciler_reconcileDNSRecord(t *testing.T) {
 			Proxied: cloudflareDNSRecord.Proxied,
 		}
 
-		_ = r.reconcileDNSRecord(context.TODO(), dnsRecord, zone)
+		_, err = r.reconcileDNSRecord(context.TODO(), dnsRecord, zone)
+		g.Expect(err).ToNot(HaveOccurred())
 
 		g.Expect(dnsRecord.Status.Conditions).To(conditions.MatchConditions([]metav1.Condition{
 			*conditions.TrueCondition(cloudflareoperatoriov1.ConditionTypeReady, cloudflareoperatoriov1.ConditionReasonReady, "DNS record synced"),
diff --git a/internal/controller/ingress_controller.go b/internal/controller/ingress_controller.go
@@ -99,7 +99,7 @@ func (r *IngressReconciler) reconcileIngress(ctx context.Context, ingress *netwo
 
 	if err := r.reconcileDNSRecords(ctx, ingress, dnsRecordSpec, existingRecords, ingressHosts); err != nil {
 		log.Error(err, "Failed to reconcile DNS records")
-		return ctrl.Result{}, err
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 	}
 
 	return ctrl.Result{}, nil
diff --git a/internal/controller/ip_controller.go b/internal/controller/ip_controller.go
@@ -57,6 +57,8 @@ type IPReconciler struct {
 
 	HTTPClientTimeout        time.Duration
 	DefaultReconcileInterval time.Duration
+
+	RetryInterval time.Duration
 }
 
 // SetupWithManager sets up the controller with the Manager.
@@ -120,7 +122,7 @@ func (r *IPReconciler) reconcileIP(ctx context.Context, ip *cloudflareoperatorio
 	case "dynamic":
 		if err := r.handleDynamic(ctx, ip); err != nil {
 			intconditions.MarkFalse(ip, err)
-			return ctrl.Result{}
+			return ctrl.Result{RequeueAfter: r.RetryInterval}
 		}
 	}
 
diff --git a/internal/controller/zone_controller.go b/internal/controller/zone_controller.go
@@ -19,6 +19,7 @@ package controller
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"
 	"time"
 
@@ -36,6 +37,7 @@ import (
 
 	cloudflareoperatoriov1 "github.com/containeroo/cloudflare-operator/api/v1"
 	intconditions "github.com/containeroo/cloudflare-operator/internal/conditions"
+	interrors "github.com/containeroo/cloudflare-operator/internal/errors"
 	"github.com/containeroo/cloudflare-operator/internal/metrics"
 	"github.com/fluxcd/pkg/runtime/patch"
 )
@@ -60,6 +62,8 @@ type ZoneReconciler struct {
 	CloudflareAPI *cloudflare.API
 }
 
+var errWaitForZone = errors.New("must wait for zone")
+
 // SetupWithManager sets up the controller with the Manager.
 func (r *ZoneReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error {
 	if err := mgr.GetFieldIndexer().IndexField(ctx, &cloudflareoperatoriov1.Zone{}, cloudflareoperatoriov1.ZoneNameIndexKey,
@@ -96,6 +100,13 @@ func (r *ZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (resul
 			patchOpts = append(patchOpts, patch.WithStatusObservedGeneration{})
 		}
 
+		// We do not want to return these errors, but rather wait for the
+		// designated RequeueAfter to expire and try again.
+		// However, not returning an error will cause the patch helper to
+		// patch the observed generation, which we do not want. So we ignore
+		// these errors here after patching.
+		retErr = interrors.Ignore(retErr, errWaitForAccount, errWaitForZone)
+
 		if err := patchHelper.Patch(ctx, zone, patchOpts...); err != nil {
 			if !zone.DeletionTimestamp.IsZero() {
 				err = apierrutil.FilterOut(err, func(e error) bool { return apierrors.IsNotFound(e) })
@@ -114,34 +125,34 @@ func (r *ZoneReconciler) Reconcile(ctx context.Context, req ctrl.Request) (resul
 		return ctrl.Result{Requeue: true}, nil
 	}
 
-	return r.reconcileZone(ctx, zone), nil
+	return r.reconcileZone(ctx, zone)
 }
 
 // reconcileZone reconciles the zone
-func (r *ZoneReconciler) reconcileZone(ctx context.Context, zone *cloudflareoperatoriov1.Zone) ctrl.Result {
+func (r *ZoneReconciler) reconcileZone(ctx context.Context, zone *cloudflareoperatoriov1.Zone) (ctrl.Result, error) {
 	if r.CloudflareAPI.APIToken == "" {
 		intconditions.MarkUnknown(zone, "Cloudflare account is not ready")
-		return ctrl.Result{RequeueAfter: r.RetryInterval}
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, errWaitForAccount
 	}
 
 	zoneID, err := r.CloudflareAPI.ZoneIDByName(zone.Spec.Name)
 	if err != nil {
 		intconditions.MarkFalse(zone, err)
-		return ctrl.Result{}
+		return ctrl.Result{RequeueAfter: r.RetryInterval}, errWaitForZone
 	}
 
 	zone.Status.ID = zoneID
 
 	if zone.Spec.Prune {
 		if err := r.handlePrune(ctx, zone); err != nil {
-			intconditions.MarkFalse(zone, err)
-			return ctrl.Result{RequeueAfter: r.RetryInterval}
+			intconditions.MarkFalse(zone, fmt.Errorf("failed to prune DNS records: %v", err))
+			return ctrl.Result{RequeueAfter: r.RetryInterval}, nil
 		}
 	}
 
 	intconditions.MarkTrue(zone, "Zone is ready")
 
-	return ctrl.Result{RequeueAfter: zone.Spec.Interval.Duration}
+	return ctrl.Result{RequeueAfter: zone.Spec.Interval.Duration}, nil
 }
 
 // handlePrune deletes DNS records that are not managed by the operator if enabled
@@ -151,7 +162,7 @@ func (r *ZoneReconciler) handlePrune(ctx context.Context, zone *cloudflareoperat
 	dnsRecords := &cloudflareoperatoriov1.DNSRecordList{}
 	if err := r.List(ctx, dnsRecords); err != nil {
 		log.Error(err, "Failed to list DNSRecords")
-		return err
+		return client.IgnoreNotFound(err)
 	}
 
 	cloudflareDNSRecords, _, err := r.CloudflareAPI.ListDNSRecords(ctx, cloudflare.ZoneIdentifier(zone.Status.ID), cloudflare.ListDNSRecordsParams{})
diff --git a/internal/controller/zone_controller_test.go b/internal/controller/zone_controller_test.go
diff --git a/internal/errors/ignore.go b/internal/errors/ignore.go
diff --git a/internal/errors/is.go b/internal/errors/is.go

Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ func (r IngressReconciler) reconcileIngress(ctx context.Context, ingress netwo`
`99`	`99`
`100`	`100`	`if err := r.reconcileDNSRecords(ctx, ingress, dnsRecordSpec, existingRecords, ingressHosts); err != nil {`
`101`	`101`	`log.Error(err, "Failed to reconcile DNS records")`
`102`		`- return ctrl.Result{}, err`
	`102`	`+ return ctrl.Result{RequeueAfter: r.RetryInterval}, nil`
`103`	`103`	`}`
`104`	`104`
`105`	`105`	`return ctrl.Result{}, nil`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,8 @@ type IPReconciler struct {`
`57`	`57`
`58`	`58`	`HTTPClientTimeout time.Duration`
`59`	`59`	`DefaultReconcileInterval time.Duration`
	`60`	`+`
	`61`	`+ RetryInterval time.Duration`
`60`	`62`	`}`
`61`	`63`
`62`	`64`	`// SetupWithManager sets up the controller with the Manager.`
`@@ -120,7 +122,7 @@ func (r IPReconciler) reconcileIP(ctx context.Context, ip cloudflareoperatorio`
`120`	`122`	`case "dynamic":`
`121`	`123`	`if err := r.handleDynamic(ctx, ip); err != nil {`
`122`	`124`	`intconditions.MarkFalse(ip, err)`
`123`		`- return ctrl.Result{}`
	`125`	`+ return ctrl.Result{RequeueAfter: r.RetryInterval}`
`124`	`126`	`}`
`125`	`127`	`}`
`126`	`128`