ConstraintTemplate CRD Metadata.Generation and Observed Generation Constantly Incrementing

[RyPeck]

Running gatekeeper:v3.1.0-beta.6 when creating any ConstraintTemplate I immediately see the Metadata.Generation and Status.By Pod.Observed Generation value constantly increment. Observed Generation is always Metadata.Generation-1.

Logs related to this -

2020-02-10T15:07:17.470Z	INFO	controller	making sure constraint is in watcher registry	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.471Z	INFO	controller	difference in spec found, updating	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.485Z	INFO	controller	template was updated	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "event_type": "template_updated", "template_name": "k8sallowedrepos"}
2020-02-10T15:07:17.485Z	DEBUG	controller-runtime.controller	Successfully Reconciled	{"controller": "constrainttemplate-controller", "request": "/k8sallowedrepos"}
2020-02-10T15:07:17.502Z	INFO	controller	loading constraint code into OPA	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.502Z	INFO	controller	making sure constraint is in watcher registry	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.503Z	INFO	controller	difference in spec found, updating	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.513Z	ERROR	controller	update error	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh", "error": "Operation cannot be fulfilled on constrainttemplates.templates.gatekeeper.sh \"k8sallowedrepos\": the object has been modified; please apply your changes to the latest version and try again"}
github.com/go-logr/zapr.(*zapLogger).Error
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/github.com/go-logr/zapr/zapr.go:128
github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate.(*ReconcileConstraintTemplate).handleUpdate
	/go/src/github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate/constrainttemplate_controller.go:368
github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate.(*ReconcileConstraintTemplate).Reconcile
	/go/src/github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate/constrainttemplate_controller.go:221
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:256
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:232
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:211
k8s.io/apimachinery/pkg/util/wait.JitterUntil.func1
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152
k8s.io/apimachinery/pkg/util/wait.JitterUntil
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:153
k8s.io/apimachinery/pkg/util/wait.Until
	/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88
2020-02-10T15:07:17.523Z	INFO	controller	loading constraint code into OPA	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.523Z	INFO	controller	making sure constraint is in watcher registry	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.524Z	INFO	controller	difference in spec found, updating	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "name": "k8sallowedrepos", "crdName": "k8sallowedrepos.constraints.gatekeeper.sh"}
2020-02-10T15:07:17.541Z	INFO	controller	template was updated	{"kind": "ConstraintTemplate", "process": "constraint_template_controller", "event_type": "template_updated", "template_name": "k8sallowedrepos"}
2020-02-10T15:07:17.541Z	DEBUG	controller-runtime.controller	Successfully Reconciled	{"controller": "constrainttemplate-controller", "request": "/k8sallowedrepos"}

[ritazh]

This should be addressed in #455

[RyPeck]

@ritazh I did a build off of the branch for #455 and created a new Constraint Template. I am still seeing the Generation integer incrementing constantly and the same error message.

[ekitson]

This should actually be addressed by #458 (although #455 is also important).

[RyPeck]

@ekitson using code from #458 fixed the constant incrementing.

[ritazh]

awesome thank you for confirming! sorry I got my numbers mixed up.

[ritazh]

Closed via #458

[RyPeck]

I would argue fixing this issue is worth a new beta release - .6 is not something I want to run given the constant logging.

[ritazh]

v3.1.0-beta.7 is out now! 🎉