Uploaded image for project: 'FlightPath'
  1. FlightPath
  2. FLPATH-3186

patch-k8s-resource workflow ConfigMap uses incorrect property names for multi-cluster support

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False

      The patch-k8s-resource workflow's ConfigMap manifest template (01-configmap_patch-k8s-resource-props.yaml) uses property names that do not match what the workflow image expects, causing HTTP 403 Forbidden errors when the workflow tries to patch Kubernetes resources.

      Expected property names (what the image expects)

      The workflow image is built with application.properties that use a cluster-name suffix pattern for multi-cluster support:

      quarkus.rest-client."patch_k8s_resource_yaml.mycluster".url=${MYCLUSTER_URL}
quarkus.openapi-generator.patch_k8s_resource_yaml.mycluster.auth.BearerToken.bearer-token=${MYCLUSTER_TOKEN}

      At runtime, the workflow resolves the cluster-specific REST client based on the clusterName parameter passed in the request payload. For example, if clusterName is ocp-edge73-0-p5kkl, the workflow looks for:

      quarkus.rest-client."patch_k8s_resource_yaml.ocp-edge73-0-p5kkl".url=...
quarkus.openapi-generator.patch_k8s_resource_yaml.ocp-edge73-0-p5kkl.auth.BearerToken.bearer-token=...

      Actual property names (what the manifest provides)

      The ConfigMap manifest template uses property names without the cluster-name suffix:

      quarkus.rest-client.patch_k8s_resource_yaml.url=${OCP_URL}
quarkus.openapi-generator.patch_k8s_resource_yaml.auth.BearerToken.bearer-token=${OCP_TOKEN}

      Impact

      Because the property names don't match, the workflow cannot resolve the REST client configuration for the target cluster. The bearer token is never applied to the outgoing PATCH request, resulting in an anonymous request that returns HTTP 403 Forbidden from the Kubernetes API.

      Error from workflow logs

      WorkItemExecutionError [errorCode=403]
Unable to determine the proper baseUrl/baseUri. Consider registering using @RegisterRestClient(baseUri="someuri"), 
@RegisterRestClient(configKey="orkey"), or by adding 'quarkus.rest-client."patch_k8s_resource_yaml.local".url' 
or 'quarkus.rest-client."patch_k8s_resource_yaml.local".uri' to your Quarkus configuration

      Fix

      The ConfigMap manifest should use the cluster-name suffix pattern. The clusterName value comes from the Cost Management API and must match the property suffix in the ConfigMap. The deployment script should be updated to query or configure the correct cluster name.

              ydayagi yaron dayagi
              gharden1 Gary Harden
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: