Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-3189

OADP wipes out namespace labels

    XMLWordPrintable

Details

    • False
    • Hide

      None

      Show
      None
    • False
    • oadp-operator-bundle-container-1.3.1-35
    • ToDo
    • No
    • 0
    • 0
    • Very Likely
    • 0
    • Customer Escalated, Customer Facing
    • None
    • Unset
    • Unknown

    Description

      Description of problem:

      The openshift-adp-controller-manager resets the labels on the openshift-adp namespace. This is a problem for GitOps. Argo CD attaches a label "app.kubernetes.io/instance": "in-cluster-oadp-operator" to the openshift-adp namespace. This label is removed by the openshift-adp-controller-manager and as a result, the Argo CD application is out of sync.

      How reproducible:

       

      Steps to Reproduce:
      1. Attach a custom label to the openshift-adp namespace:

      $ oc label ns openshift-adp mylabel=myvalue

      2. Restart the OADP controller:

      $ oc delete po openshift-adp-controller-manager-5687dd798d-scqh4

      3. Check that the label has been removed:

      $ oc get ns openshift-adp -o yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    openshift.io/sa.scc.mcs: s0:c31,c5
    openshift.io/sa.scc.supplemental-groups: 1000940000/10000
    openshift.io/sa.scc.uid-range: 1000940000/10000
    volsync.backube/privileged-movers: "true"
  creationTimestamp: "2023-06-25T18:37:03Z"
  labels:
    kubernetes.io/metadata.name: openshift-adp
    olm.operatorgroup.uid/40214d89-c970-49b0-bc45-a0a3dc61d2cb: ""
    pod-security.kubernetes.io/audit: privileged
    pod-security.kubernetes.io/enforce: privileged
    pod-security.kubernetes.io/warn: privileged
  name: openshift-adp
  resourceVersion: "13093449"
  uid: 3172152a-eee2-4de8-b5df-66ca36227e71
spec:
  finalizers:
  - kubernetes
status:
  phase: Active

      Actual results:

      The operator removed custom label.

      Expected results:

      Custom labels should not be touched by the operator.

       

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. OADP-2148 OADP wipes out namespace labels

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • New
          relates to

          Task - Represents a small unit of work that is not end-user facing. OADP-3355 [DOC] Release Notes for OADP 1.3.1

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/oadp-operator#1274: OADP-3189: do not remove labels from OADP namespace

          GitHub openshift/oadp-operator#1339: [oadp-1.3] OADP-3189: do not remove labels from OADP namespace

          Web Link RHSA-2024:126995 OpenShift API for Data Protection (OADP) 1.3.1 security and bug fix update

          Activity

            People

              msouzaol Mateus Oliveira
              anosek@redhat.com Ales Nosek
              Prasad Joshi Prasad Joshi
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: