Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-6428

Namespace Selector based policies should detect immediately to avoid missed events

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • ACM 2.9.0
    • None
    • GRC
    • None
    • 3
    • False
    • None
    • False
    • GRC Sprint 2023-13, GRC Sprint 2023-14
    • Moderate
    • No

      Description of problem:

      In SD, we have policies that are placed on Management Clusters, but actually target the hostedcluster namespaces that occur on the Management Cluster. Since the placement does not change, the policy noncompliance does not immediately trigger when a new management cluster change occurs.

      But, the new managed cluster event causes a change to the list of namespaces, and the namespace selector should be aware of those changes and may need to change the policy state to `noncompliant` and start a reconcile loop.

      It is an open question on if we should support the legacy "include" and "exclude" namespace selectors or just ones that allow server-side filtering.

      Implementation Details:

      • Update the watch library to be able to watch resources with a label selector and without a name.
      • The config-policy-controller should create watches on the namespace selectors of policies.
      • An update to the namespace selector results should make the "shouldEvaluatePolicy" function return true.

      Goals

      This Section: Namespace Selector based polices should be reactive as normal managed cluster placement based policies, and reconcile when there is addition or deletion of the namespace list.

      • ...

        Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      Expected results:

      Additional info:

              jkulikau@redhat.com Justin Kulikauskas
              cdoan@redhat.com Christopher Doan
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: