Skip to content

🐛 fix(registration): guard against race where addon config not yet synced#382

Draft
tesshuflower wants to merge 1 commit into
open-cluster-management-io:mainfrom
tesshuflower:alternate-fix-ocm1465-registration-controller-config-check
Draft

🐛 fix(registration): guard against race where addon config not yet synced#382
tesshuflower wants to merge 1 commit into
open-cluster-management-io:mainfrom
tesshuflower:alternate-fix-ocm1465-registration-controller-config-check

Conversation

@tesshuflower

@tesshuflower tesshuflower commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Add ConfigCheckEnabled + Configured condition check to registration controller to prevent setting Status.Namespace before addon config is ready.

When ConfigCheckEnabled is true, registration controller now waits for the Configured condition (set by OCM's addonconfiguration controller) before proceeding with registration. This prevents a race where the namespace from AddOnDeploymentConfig hasn't been synced to ManagedClusterAddOn status yet.

The Configured condition and Status.ConfigReferences are set atomically by OCM's addonconfiguration controller, so Configured=True guarantees that ConfigReferences is populated.

Re-reconcile is guaranteed by the informer pattern - when OCM sets Configured=True, the status update triggers an event and re-enqueues the addon.

Updated both helloworld examples to use WithConfigCheckEnabledOption() to enable the full protection chain:

  • Registration controller: Configured check (new)
  • Deploy/hook syncers: ConfigCheckEnabled guard (existing)
  • Health checks: ManifestApplied guard (existing)

Added documentation comments in health check code explaining the indirect protection via ManifestApplied condition dependency.

Added test cases for:

  • ConfigCheckEnabled=true + Configured=False -> skips registration
  • ConfigCheckEnabled=true + Configured=True -> proceeds normally
  • ConfigCheckEnabled=false -> proceeds normally (backward compat)

Summary

This is currently a draft to investigate an alternative fix for the race condition.

The downside is this only protects when users enable the ConfigCheckEnabled AgentAddOnOption.

Related issue(s)

Fixes #open-cluster-management-io/ocm#1465

@tesshuflower @claude
fix(registration): guard against race where addon config not yet synced
cf0bbe1 
Add ConfigCheckEnabled + Configured condition check to registration controller
to prevent setting Status.Namespace before addon config is ready.

When ConfigCheckEnabled is true, registration controller now waits for the
Configured condition (set by OCM's addonconfiguration controller) before
proceeding with registration. This prevents a race where the namespace from
AddOnDeploymentConfig hasn't been synced to ManagedClusterAddOn status yet.

The Configured condition and Status.ConfigReferences are set atomically by
OCM's addonconfiguration controller, so Configured=True guarantees that
ConfigReferences is populated.

Re-reconcile is guaranteed by the informer pattern - when OCM sets
Configured=True, the status update triggers an event and re-enqueues the addon.

Updated both helloworld examples to use WithConfigCheckEnabledOption() to
enable the full protection chain:
- Registration controller: Configured check (new)
- Deploy/hook syncers: ConfigCheckEnabled guard (existing)
- Health checks: ManifestApplied guard (existing)

Added documentation comments in health check code explaining the indirect
protection via ManifestApplied condition dependency.

Added test cases for:
- ConfigCheckEnabled=true + Configured=False -> skips registration
- ConfigCheckEnabled=true + Configured=True -> proceeds normally
- ConfigCheckEnabled=false -> proceeds normally (backward compat)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Signed-off-by: Tesshu Flower <tflower@redhat.com>
@coderabbitai

coderabbitai Bot commented Jun 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 65fff6ef-b111-41d8-a13e-9f1e9e280a94

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci

openshift-ci Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: tesshuflower
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tesshuflower tesshuflower mentioned this pull request Jun 8, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/work-in-progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tesshuflower