Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-11811

PolicyGenerator does not order Placement Label Selectors consistently

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • ACM 2.9.4
    • ACM 2.9.3
    • GRC
    • None
    • 1
    • False
    • None
    • False
    • GRC Sprint 2024-11
    • Moderate
    • No
    • Red Hat Advanced Cluster Management for Kubernetes

      Description of problem:

      Customer is using RHACM and is managing Policies using OpenShift GitOps. Customer is creating a "PolicyGenerator" object which in turn generates "Placement" objects. These "Placement" objects have multiple label selectors (".spec.predicates[].requiredClusterSelector.labelSelector.matchExpressions[]" field).

      The expectation would be that the order of these label selectors stays the same every time PolicyGenerator creates the Placements. However when these Placements are managed via GitOps, Argo CD shows a difference due to the different ordering: ArgoCD-Placements-Diff.png

      PolicyGenerator should generate a deterministic order for these label selectors.

      Prerequisites (if any, like setup, operators/versions):

      RHACM 2.9
      Red Hat OpenShift GitOps 1.12.2

      Steps to Reproduce

      1. Create a PolicyGenerator that has multiple label selectors (3 in this case):
      apiVersion: policy.open-cluster-management.io/v1
kind: PolicyGenerator
metadata:
  name: cluster-application-policies
placementBindingDefaults:
  name: binding-policy
policyDefaults:
  namespace: policies-ca
  remediationAction: inform
  consolidateManifests: false
  copyPolicyMetadata: false
  placement: 
    labelSelector:
      environment: none
#########
policySets:
  - name: nonprod-example-onprem
    placement:
      labelSelector:
        name: "test-example-onprem-nonprod"
        purpose: "example"
        cloud: "VSphere"
      1. This will result in the following Placement to be created:
      apiVersion: cluster.open-cluster-management.io/v1beta1
kind: Placement
metadata:
[..]
spec:
  predicates:
    - requiredClusterSelector:
        labelSelector:
          matchExpressions:
            - key: cloud
              operator: In
              values:
                - VSphere
            - key: name
              operator: In
              values:
                - test-example-onprem-nonprod
            - key: purpose
              operator: In
              values:
                - example

      Actual results:

      Every time `kustomize` with the PolicyGenerator YAML runs, the order of the label selectors in the generated "Placements" is different. This results in a diff in Argo CD.

      Expected results:

      PolicyGenerator always generates the Placements with a deterministic order of label selectors. As a result, Argo CD does not have a diff for the order of the label selectors.

      Reproducibility (Always/Intermittent/Only Once):

      Always on customer side

      Additional info (Such as Logs, Screenshots, etc):

      • Screenshot showing the issue: ArgoCD-Placements-Diff.png
      • Full YAMLs of customers files `kustomize.yaml`, PolicyGenerator, Placement (desired and actual) are available in Support Case 03813170

              yikim@redhat.com Yi Rae Kim
              rhn-support-skrenger Simon Krenger
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: