Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-21801

[2.13] ACM policy controller doesn't discover CR difference

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • ACM 2.13.4
    • ACM 2.12.2
    • GRC
    • Product / Portfolio Work
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • GRC Sprint 2025-16
    • Important
    • ?
    • None

      Description of problem:

      Version-Release number of selected component (if applicable): ACM 2.12; may exist on all version as well

      How reproducible: Always (on 4.18 spoke cluster)

      Steps to Reproduce:

      1. Deploy a 4.18 SNO with the vDU profile applied with ZTP
      2. In the vDU profile there is a desired ref config: https://github.com/openshift-kni/cnf-features-deploy/blob/release-4.18/ztp/source-crs/SriovOperatorConfigForSNO.yaml 
      3. Check the policy status after the spoke cluster is deployed and marked as 'ztp-done'
      4. Check the CR on the spoke cluster: oc get SriovOperatorConfig -n openshift-sriov-network-operator default -oyaml 

      Actual results:

      1. The policies are 'compliant'
      2. But the SriovOperatorConfig CR on the spoke cluster is actually different with one defined in the policy:

      Disired one:

              object-templates:
        - complianceType: musthave
          objectDefinition:
            apiVersion: sriovnetwork.openshift.io/v1
            kind: SriovOperatorConfig
            metadata:
              name: default
              namespace: openshift-sriov-network-operator
            spec:
              configDaemonNodeSelector:
                node-role.kubernetes.io/master: ""
              disableDrain: true
              enableInjector: false
              enableOperatorWebhook: false
              logLevel: 0

      Actual SriovOperatorConfig CR below, missing enableInjector: false; enableOperatorWebhook: false and logLevel: 0 

      apiVersion: sriovnetwork.openshift.io/v1
kind: SriovOperatorConfig
metadata:
  creationTimestamp: "2025-03-21T19:03:41Z"
  finalizers:
  - operatorconfig.finalizers.sriovnetwork.openshift.io
  generation: 2
  name: default
  namespace: openshift-sriov-network-operator
  resourceVersion: "17541"
  uid: c449716d-3172-4e66-a92b-3a111e2ab17f
spec:
  configDaemonNodeSelector:
    node-role.kubernetes.io/master: ""
  disableDrain: true

      Expected results:

      1. The policies should be 'non-compliant'

      Additional info:

      A SRIOV operator bug has been created: https://issues.redhat.com/browse/OCPBUGS-53346 in support case: 04085932 
      But ACM may also hide a potential issue, if it marks the policy as 'non-compliant', the bug OCPBUGS-53346 could have been found in Red Hat internal instead of exposing to partner. 

              jkulikau@redhat.com Justin Kulikauskas
              bzhai@redhat.com XIAOBO ZHAI
              ManiKrishna Sai Ravi ManiKrishna Sai Ravi
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: