Resource conflict during Gatekeeper update #4170
Description
We were seeing following error messages in gatekeeper-controller-manager logs while running 3 replicas. Is this expected when running multiple replicas of gatekeeper-controller-manager.
{"level":"error","ts":1759186228.901711,"logger":"controller","msg":"could not update resource","metaKind":"upgrade","name":"psp-prvlg-escltn-cntnr-catalog-defaults","namespace":"","error":"Operation cannot be fulfilled on k8spspallowprivilegeescalationcontainer.constraints.gatekeeper.sh \"psp-prvlg-escltn-cntnr-x-defaults\": the object has been modified; please apply your changes to the latest version and try again","stacktrace":"github.com/open-policy-agent/gatekeeper/v3/pkg/upgrade.(*updateResourceLoop).update.func1\n\t/go/src/github.com/open-policy-agent/gatekeeper/pkg/upgrade/manager.go:192\nk8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtection\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:150\nk8s.io/apimachinery/pkg/util/wait.ExponentialBackoff\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/backoff.go:477\ngithub.com/open-policy-agent/gatekeeper/v3/pkg/upgrade.(*updateResourceLoop).update\n\t/go/src/github.com/open-policy-agent/gatekeeper/pkg/upgrade/manager.go:206"}
{"level":"error","ts":1759186229.6541824,"logger":"controller","msg":"could not update resource","metaKind":"upgrade","name":"psp-prvlg-escltn-cntnr-iam-defaults","namespace":"","error":"Operation cannot be fulfilled on k8spspallowprivilegeescalationcontainer.constraints.gatekeeper.sh \"psp-prvlg-escltn-cntnr-x-defaults\": the object has been modified; please apply your changes to the latest version and try again","stacktrace":"github.com/open-policy-agent/gatekeeper/v3/pkg/upgrade.(*updateResourceLoop).update.func1\n\t/go/src/github.com/open-policy-agent/gatekeeper/pkg/upgrade/manager.go:192\nk8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtection\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:150\nk8s.io/apimachinery/pkg/util/wait.ExponentialBackoff\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/backoff.go:477\ngithub.com/open-policy-agent/gatekeeper/v3/pkg/upgrade.(*updateResourceLoop).update\n\t/go/src/github.com/open-policy-agent/gatekeeper/pkg/upgrade/manager.go:206"}
Environment:
- Gatekeeper version: 3.20.1
- Kubernetes version: (use
kubectl version): 1.32.3