Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-29225

LVMS does not update SCCs when the SCCs already exist before reconciliation

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 2
    • Low
    • No
    • None
    • None
    • OCPEDGE Sprint 250, OCPEDGE Sprint 251, OCPEDGE Sprint 252
    • 3
    • In Progress
    • Release Note Not Required
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      When the Security Context Constraints for topolvm-node and vgmanager already exist, they are not updated but ignored. This can lead to issues if LVMS was installed in a previous namespace and not cleaned up correctly since the service account references will be related to an old namespace.

      Version-Release number of selected component (if applicable):

      4.12.z+

      How reproducible:

      100%

      Steps to Reproduce:

          1. Install LVMS in openshift-storage
    2. Create any LVMCluster
    3. Remove LVMS and force delete LVMCluster
    4. install LVMS in different namespace
    5. Create LVMCluster and observe failure due to not updated SCC

      Actual results:

      SCCs are not updated and the serviceaccount reference is invalid, leading to blocked daemonset deployment

      Expected results:

      Install should work flawlessly and SCCs should be updated automatically.

      Additional info:

      Offending Code: https://github.com/openshift/lvm-operator/blob/main/internal/controllers/lvmcluster/resource/scc.go#L61

              rh-ee-jmoller Jakob Moeller (Inactive)
              rh-ee-jmoller Jakob Moeller (Inactive)
              None
              None
              Mike Fiedler Mike Fiedler
              None
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: