Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-6759

[cherry-pick]- Redis HA Server StatefulSet SecurityContext Not Updated During Upgrade

XMLWordPrintable

    • 3
    • GitOps Crimson Sprint 14

      Description of Problem

      After upgrading from GitOps 1.15 to 1.16 the new configuration of the StatefulSet is not applied correctly. The redis-ha-server StatefulSet pods will not be updated with the new settings, causing them to retain old configurations.

      Additional Info

      • <Any additional info such as logs, must-gather outputs, etc.>

      Problem Reproduction

      • Upgrade from 1.15.0 to 1.16.0

      Reproducibility

      • Always

      Prerequisites/Environment

      • OCP

      Steps to Reproduce

      • Upgrade the operator from 1.15.0 to 1.16.0 by enabling HA

      Expected Results

      • HA server pods should be up

      Actual Results

      • HA pods have AUTH error in the events
      • The redis-ha-server StatefulSet pods will not be updated with the new settings, causing them to retain old configurations.

      Problem Analysis

      • After upgrading from GitOps 1.15 to 1.16, the redis service account in GitOps 1.16 is assigned lower SecurityContextConstraints (SCC) and the operator fails to update the securityContext of the redis-ha-server StatefulSet. As a result, the container's user is hardcoded instead of being randomly assigned as required by the restricted-v2 SCC. This prevents the new configuration of the StatefulSet from being applied correctly.

      Root Cause

      • No update logic for updating the SCC

      Workaround (If Possible)

      •  Manually delete the redis-ha-server StatefulSet to trigger a re-creation of the pods with the updated settings.

      Fix Approaches

      • <If we decide to fix this bug, how will we do it?>

      Acceptance Criteria

      • Expected result is met

      Definition of Done

      • Code Complete:
        • All code has been written, reviewed, and approved.
      • Tested:
        • Unit tests have been written and passed.
        • Ensure code coverage is not reduced with the changes.
        • Integration tests have been automated.
        • System tests have been conducted, and all critical bugs have been fixed.
        • Tested and merged on OpenShift either upstream or downstream on a local build.
      • Documentation:
        • User documentation or release notes have been written (if applicable).
      • Build:
        • Code has been successfully built and integrated into the main repository / project.
        • Midstream changes (if applicable) are done, reviewed, approved and merged.
      • Review:
        • Code has been peer-reviewed and meets coding standards.
        • All acceptance criteria defined in the user story have been met.
        • Tested by reviewer on OpenShift.
      • Deployment:
        • The feature has been deployed on OpenShift cluster for testing.

              rhn-support-alkumari Alka Kumari
              rhn-support-vab Varsha B
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: