Introduce RetryOnFailure lifecycle management strategy
#1281
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
matheuscscp
added
enhancement
matheuscscp
force-pushed
the
upgrade-retry-on-failure
branch
4 times, most recently
from
ab07aa4 to
3496a8c
Compare
stefanprodan
reviewed
Aug 9, 2025
matheuscscp
force-pushed
the
upgrade-retry-on-failure
branch
2 times, most recently
from
c8eea39 to
fa2498f
Compare
matheuscscp
changed the title
RetryOnFailure lifecycle management strategy
matheuscscp
force-pushed
the
upgrade-retry-on-failure
branch
from
fa2498f to
d7540ec
Compare
matheuscscp
commented
Aug 9, 2025
| remediation := req.Object.GetActiveRemediation() | ||
| if remediation == nil || !remediation.RetriesExhausted(req.Object) { | ||
| conditions.MarkReconciling(req.Object, meta.ProgressingWithRetryReason, "%s", conditions.GetMessage(req.Object, meta.ReadyCondition)) | ||
| return ErrMustRequeue | ||
| } | ||
| // Check if retries have exhausted after remediation for early | ||
| // stall condition detection. | ||
| if remediation != nil && remediation.RetriesExhausted(req.Object) { |
There was a problem hiding this comment.
This check is a tautology, it's basically the negation of the check right above. I removed it in this separate commit: 079ae1b
Signed-off-by: Matheus Pimenta <[email protected]>
matheuscscp
force-pushed
the
upgrade-retry-on-failure
branch
6 times, most recently
from
b6d1e3c to
2bb4699
Compare
matheuscscp
commented
Aug 20, 2025
| @@ -266,6 +278,14 @@ func (r *AtomicRelease) Reconcile(ctx context.Context, req *Request) error { | |||
| // Run the action sub-reconciler. | |||
| log.Info(fmt.Sprintf("running '%s' action with timeout of %s", next.Name(), timeoutForAction(next, req.Object).String())) | |||
| if err = next.Reconcile(ctx, req); err != nil { | |||
| if retry := req.Object.GetActiveRetry(); retry != nil { | |||
| log.Error(err, fmt.Sprintf("failed to run '%s' action", next.Name())) | |||
There was a problem hiding this comment.
Here, this error was already recorded in a condition and was sent in Kubernetes and notification-controller events. But no logs show up because we are handling it here and returning a different error, so I'm logging it here
|
I tested this PR in the following scenarios:
In all the cases above, after fixing the issue in scenario 1, the controller behavior matches the expectations:
|
matheuscscp
force-pushed
the
upgrade-retry-on-failure
branch
from
2bb4699 to
0fd558a
Compare
Signed-off-by: Matheus Pimenta <[email protected]>
matheuscscp
force-pushed
the
upgrade-retry-on-failure
branch
from
0fd558a to
c053726
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #1278
TODO:
This PR implements the API enhancements described in #1278.
I tested this thoroughly, including in the scenario of pods in
ImagePullBackOffdue to unexisting image tags. When the tags are pushed, the HelmRelease object eventually converges without manual intervention.The behavior of the CLI commands
flux reconcile hrandflux reconcile hr --forceis the same for a HelmRelease in thefailedstate: a release action is attempted. If the HelmRelease is Ready, i.e. in thedeployedstate, the behaviors of these two commands are not the same, but they match the behaviors for a HelmRelease object that is not using this feature. In this case, the behavior is no-op forflux reconcile hr, and perform a release action forflux reconcile hr --force.Because the retry strategies cause a time-based requeue (and do not end in a terminal state), running the
flux reconcile hrcommand when the release isfailed, with or without--force, results in an immediate release action, and does not remove any in-flightRequeueAfteroperations. In particular, if an in-flightRequeueAftercompletes during a reconciliation, another reconciliation will run immediately after. I observed this many times due to using a very short.retryIntervalfor speeding up my tests.Another common behavior that I noticed while testing the install strategy is that, when the source object (e.g. OCIRepository) is created together with the HelmRelease, two reconciliations are processed: the one produced by "requeue dependency" and the watch event from the source object becoming Ready. This results in the first retry happening immediately after the first attempt, i.e. in two consecutive failed installs.
It's also important to note that using the install strategy causes the transition of
.status.lastAttemptedReleaseActionfrominstalltoupgrade. So if this upgrade fails, the upgrade strategy configuration will now be the one driving the behavior, the install strategy configuration will no longer be at play. Therefore, to successfully achieve a HelmRelease that is automatically retried without any remediations, the spec must look like this: