Zen reconciles multiple times during PostgreSQL database migration
The Zen reconciles multiple times to complete PostgreSQL database migration when you upgrade from foundational services version 3.x to 4.6. You need to update the network policy of ibm-iam-operator
to enable the traffic to mongodb
service.
Symptoms
The following errors might be displayed in the ibm-zen-operator
pod logs:
stderr: 'W0425 07:10:15.993498 6885 reflector.go:456] k8s.io/client-go/tools/watch/informerwatcher.go:146: watch of *unstructured.Unstructured ended with: an error on the server ("unable to decode an event from the watch stream: no kind \"Pod\" is registered for version \"v1\" in scheme \"k8s.io/client-go/dynamic/scheme.go:29\"") has prevented the request from succeeding'^[[0m^M
stderr: 'error: no matching resources found'^[[0m^M
The following error might be displayed in the ibm-iam-operator
logs:
{"level":"error","ts":"2024-05-28T06:41:18Z","logger":"controller_authentication","msg":"Encountered an error while performing the current migration","Request.Namespace":"cp4ba","Request.Name":"example-authentication","subreconciler":"handleMigrations","error":"failure occurred during MongoToV1: server selection error: server selection timeout, current topology: { Type: ReplicaSetNoPrimary, Servers: [{ Addr: mongodb.ibm-common-services.svc.cluster.local:27017, Type: Unknown, Last error: dial tcp 172.30.246.180:27017: i/o timeout }, ] }","stacktrace":"github.com/IBM/ibm-iam-operator/controllers/operator.(*AuthenticationReconciler).handleMigrations\n\t/home/prow/go/src/github.com/IBM/ibm-iam-operator/controllers/operator/authentication_controller.go:432\ngithub.com/IBM/ibm-iam-operator/controllers/operator.(*AuthenticationReconciler).Reconcile\n\t/home/prow/go/src/github.com/IBM/ibm-iam-operator/controllers/operator/authentication_controller.go:850\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Co...
Resolving the problem
To resolve the issue, add the MongoDB parameters in the spec.egress
section in the network policy of ibm-iam-operator
in the namespace where you deployed the foundational services:
- to:
- podSelector:
matchLabels:
app: icp-mongodb
namespaceSelector: {}
The following is the sample network policy of ibm-iam-operator
:
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: egress-ibm-iam-operator
spec:
podSelector:
matchLabels:
name: ibm-iam-operator
egress:
- to:
...
- to:
- podSelector:
matchLabels:
app: icp-mongodb
namespaceSelector: {}
policyTypes:
- Egress
{: codeblock}