Abort plan with FATAL_ERROR if an unknown custom resource deployed (#…

…1648)

* Abort plan with FATAL_ERROR if an unknown custom resource is going to be deployed.
* Add health check for CRDs so they can deployed correctly before next step

Signed-off-by: Andreas Neumann <aneumann@mesosphere.com>

pkg/engine/health/health.go

@@ -7,6 +7,7 @@ import (
 	"log"
 	"reflect"
 
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
 	"k8s.io/client-go/discovery"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
@@ -61,6 +62,15 @@ func IsHealthy(obj runtime.Object) error {
 
 	objUnstructured := &unstructured.Unstructured{Object: unstructMap}
 	switch obj := obj.(type) {
+	case *v1beta1.CustomResourceDefinition:
+		for _, c := range obj.Status.Conditions {
+			if c.Type == v1beta1.Established && c.Status == v1beta1.ConditionTrue {
+				log.Printf("CRD %s is now healthy", obj.Name)
+				return nil
+			}
+		}
+		msg := fmt.Sprintf("CRD %s is not healthy ( Conditions: %v )", obj.Name, obj.Status.Conditions)
+		return errors.New(msg)
 	case *appsv1.StatefulSet:
 		statusViewer := &polymorphichelpers.StatefulSetStatusViewer{}
 		msg, done, err := statusViewer.Status(objUnstructured, 0)

pkg/engine/renderer/enhancer.go

@@ -51,7 +51,7 @@ func (de *DefaultEnhancer) Apply(sourceObjs []runtime.Object, metadata Metadata)
 
 		isNamespaced, err := resource.IsNamespacedObject(obj, de.Discovery)
 		if err != nil {
-			return nil, fmt.Errorf("failed to determine if object %s is namespaced: %v", obj.GetObjectKind(), err)
+			return nil, fmt.Errorf("%wfailed to determine if object %s is namespaced: %v", engine.ErrFatalExecution, obj.GetObjectKind(), err)
 		}
 
 		// Note: Cross-namespace owner references are disallowed by design. This means:

test/integration/operator-with-custom-crd/01-assert.yaml → test/integration/invalid-crd-install/00-assert.yaml

@@ -1,11 +1,11 @@
 apiVersion: kudo.dev/v1beta1
 kind: Instance
 metadata:
-  name: crd-instance
+  name: op-with-crd
 spec:
   operatorVersion:
-    name: crd-operator-0.1.0
+    name: op-with-crd-0.1.0
 status:
   planStatus:
     deploy:
-      status: COMPLETE
+      status: FATAL_ERROR

test/integration/operator-with-custom-crd/01-install.yaml → test/integration/invalid-crd-install/00-install.yaml

@@ -1,5 +1,5 @@
 apiVersion: kudo.dev/v1beta1
 kind: TestStep
 commands:
-  - command: kubectl kudo install --instance crd-instance ./operator
+  - command: kubectl kudo install --instance op-with-crd ./op-with-crd
     namespaced: true

test/integration/invalid-crd-install/op-with-crd/operator.yaml

@@ -0,0 +1,25 @@
+apiVersion: kudo.dev/v1beta1
+name: "op-with-crd"
+operatorVersion: "0.1.0"
+appVersion: "1.7.9"
+kubernetesVersion: 1.13.0
+maintainers:
+  - name: Your name
+    email: <your@email.com>
+url: https://kudo.dev
+tasks:
+  - name: app
+    kind: Apply
+    spec:
+      resources:
+        - invalid-crd.yaml
+plans:
+  deploy:
+    strategy: serial
+    phases:
+      - name: main
+        strategy: parallel
+        steps:
+          - name: everything
+            tasks:
+              - app

test/integration/invalid-crd-install/op-with-crd/params.yaml

@@ -0,0 +1,2 @@
+apiVersion: kudo.dev/v1beta1
+parameters:

test/integration/invalid-crd-install/op-with-crd/templates/invalid-crd.yaml

@@ -0,0 +1,9 @@
+apiVersion: somecrd.invalid/v1
+kind: InvalidCrdType
+metadata:
+  name: {{ .Name }}-resource
+  namespace: {{ .Namespace }}
+spec:
+  this:
+    does-not: "matter"
+    there-is-no: "such-crd"

test/integration/operator-with-custom-crd/00-assert.yaml

@@ -1,4 +1,16 @@
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
-  name: servicemonitors.monitoring.coreos.com
+  name: servicemonitors.monitoring.coreos.com
+---
+apiVersion: kudo.dev/v1beta1
+kind: Instance
+metadata:
+  name: crd-instance
+spec:
+  operatorVersion:
+    name: crd-operator-0.1.0
+status:
+  planStatus:
+    deploy:
+      status: COMPLETE