Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-3960

OADP fails when its namespace name is longer than 37 characters

XMLWordPrintable

    • 4
    • False
    • Hide

      None

      Show
      None
    • False
    • oadp-operator-bundle-container-1.4.1-3
    • ToDo
    • Important
    • 8
    • 2.000
    • Very Likely
    • 0
    • Customer Escalated, Customer Facing
    • None
    • Unset
    • Unknown
    • No

      Description of problem:

      When installing the OADP Operator in a namespace with more than 37 characters and when creating a new DPA, labeling the "cloud-credentials" Secret fails and the DPA reports the following:

      status:
  conditions:
    - lastTransitionTime: '2024-05-01T11:57:38Z'
      message: 'Secret "cloud-credentials" is invalid: metadata.labels: Invalid value: "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication": name part must be no more than 63 characters'
      reason: Error
      status: 'False'
      type: Reconciled

      OADP wants to create the "<namespace>.dataprotectionapplication: <name>" label: https://github.com/openshift/oadp-operator/blob/master/docs/design/watches.md

      The generated label name is too long:

      $ str="bak-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication"
$ echo ${#str}
66

      The Controller reports this as well:

      1.7145646587150848e+09 ERROR Reconciler error {"controller": "dataprotectionapplication", "controllerGroup": "oadp.openshift.io", "controllerKind": "DataProtectionApplication", "dataProtectionApplication": {"name":"example-dpa","namespace":"backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df"}, "namespace": "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df", "name": "example-dpa", "reconcileID": "7c288371-f356-46c3-8cae-556e18f20988", "error": "Secret \"cloud-credentials\" is invalid: metadata.labels: Invalid value: \"backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication\": name part must be no more than 63 characters"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:273
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:234

      This limitation should either be documented or the label should be named differently (for example hash the namespace name). Either OADP uses compressed version of the namespace name (e.g. hashed) OR it must not use the namespace name at all as part of the key.

      A workaround is to install the OADP Operator and DPA in a namespace with less than 34 characters.

      Version-Release number of selected component (if applicable):

      OADP Operator 1.3.1 (oadp-operator.v1.3.1)

      How reproducible:

      Always

      Steps to Reproduce:

      1. Create a namespace with more than 37 characters (example uses "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df")
      2. Install the OADP Operator in this namespace
      3. Create the necessary "cloud-credentials" Secret: `oc create secret generic cloud-credentials -n backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df --from-file cloud=credentials-velero`
      4. Create the DPA:
      apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
  name: example-dpa
  namespace: backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df
spec:
  configuration:
    velero:
      defaultPlugins:
        - openshift
        - aws
      resourceTimeout: 10m
    nodeAgent:
      enable: true
      uploaderType: kopia
  backupLocations:
    - name: default
      velero:
        provider: aws
        default: true
        objectStorage:
          bucket: skrenger-oadp-example
          prefix: skrenger-bak
        config:
          region: eu-central-1
        credential:
          key: cloud
          name: cloud-credentials
  snapshotLocations:
    - velero:
        provider: aws
        config:
          region: eu-central-1

      Actual results:

      The Operator fails to label the Secret with the above error messages. The DPA fails with:

      status:
  conditions:
    - lastTransitionTime: '2024-05-01T11:57:38Z'
      message: 'Secret "cloud-credentials" is invalid: metadata.labels: Invalid value: "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication": name part must be no more than 63 characters'
      reason: Error
      status: 'False'
      type: Reconciled

      Expected results:

      Deploying a DPA does not fail in namespaces with more than 34 character in the name.

      Additional info:

      • Reproduced on 4.14.15

          1.
          		 [RedHat QE] Verify Bug OADP-3960 - OADP fails when its namespace name is longer than 37 characters Sub-task Closed Undefined Prasad Joshi
          2.
          		 [IBM QE-P] Verify Bug OADP-3960 - OADP fails when its namespace name is longer than 37 characters Sub-task Closed Undefined Aniruddha Nayek
          3.
          		 [IBM QE-Z] Verify Bug OADP-3960 - OADP fails when its namespace name is longer than 37 characters Sub-task Closed Undefined Ukthi Prasad

              wnstb Wes Hayutin
              rhn-support-skrenger Simon Krenger
              Prasad Joshi Prasad Joshi
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: