Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-4211 OADP fails when its namespace name is longer than 37 characters
  3. OADP-4461

[IBM QE-P] Verify Bug OADP-4211 - OADP fails when its namespace name is longer than 37 characters

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • OADP 1.3.3
    • None
    • None
    • None
    • 4
    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • 0.000
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown

      Description of problem:

      When installing the OADP Operator in a namespace with more than 37 characters and when creating a new DPA, labeling the "cloud-credentials" Secret fails and the DPA reports the following:

      status:
  conditions:
    - lastTransitionTime: '2024-05-01T11:57:38Z'
      message: 'Secret "cloud-credentials" is invalid: metadata.labels: Invalid value: "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication": name part must be no more than 63 characters'
      reason: Error
      status: 'False'
      type: Reconciled

      OADP wants to create the "<namespace>.dataprotectionapplication: <name>" label: https://github.com/openshift/oadp-operator/blob/master/docs/design/watches.md

      The generated label name is too long:

      $ str="bak-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication"
$ echo ${#str}
66

      The Controller reports this as well:

      1.7145646587150848e+09 ERROR Reconciler error {"controller": "dataprotectionapplication", "controllerGroup": "oadp.openshift.io", "controllerKind": "DataProtectionApplication", "dataProtectionApplication": {"name":"example-dpa","namespace":"backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df"}, "namespace": "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df", "name": "example-dpa", "reconcileID": "7c288371-f356-46c3-8cae-556e18f20988", "error": "Secret \"cloud-credentials\" is invalid: metadata.labels: Invalid value: \"backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication\": name part must be no more than 63 characters"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:273
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
/remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime@v0.12.2/pkg/internal/controller/controller.go:234

      This limitation should either be documented or the label should be named differently (for example hash the namespace name). Either OADP uses compressed version of the namespace name (e.g. hashed) OR it must not use the namespace name at all as part of the key.

      A workaround is to install the OADP Operator and DPA in a namespace with less than 34 characters.

      Version-Release number of selected component (if applicable):

      OADP Operator 1.3.1 (oadp-operator.v1.3.1)

      How reproducible:

      Always

      Steps to Reproduce:

      1. Create a namespace with more than 37 characters (example uses "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df")
      2. Install the OADP Operator in this namespace
      3. Create the necessary "cloud-credentials" Secret: `oc create secret generic cloud-credentials -n backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df --from-file cloud=credentials-velero`
      4. Create the DPA:
      apiVersion: oadp.openshift.io/v1alpha1
kind: DataProtectionApplication
metadata:
  name: example-dpa
  namespace: backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df
spec:
  configuration:
    velero:
      defaultPlugins:
        - openshift
        - aws
      resourceTimeout: 10m
    nodeAgent:
      enable: true
      uploaderType: kopia
  backupLocations:
    - name: default
      velero:
        provider: aws
        default: true
        objectStorage:
          bucket: skrenger-oadp-example
          prefix: skrenger-bak
        config:
          region: eu-central-1
        credential:
          key: cloud
          name: cloud-credentials
  snapshotLocations:
    - velero:
        provider: aws
        config:
          region: eu-central-1

      Actual results:

      The Operator fails to label the Secret with the above error messages. The DPA fails with:

      status:
  conditions:
    - lastTransitionTime: '2024-05-01T11:57:38Z'
      message: 'Secret "cloud-credentials" is invalid: metadata.labels: Invalid value: "backup-1b4cafe8-8cd7-40a7-ba23-250d3fac23df.dataprotectionapplication": name part must be no more than 63 characters'
      reason: Error
      status: 'False'
      type: Reconciled

      Expected results:

      Deploying a DPA does not fail in namespaces with more than 34 character in the name.

      Additional info:

      • Reproduced on 4.14.15

            [OADP-4461] [IBM QE-P] Verify Bug OADP-4211 - OADP fails when its namespace name is longer than 37 characters

            Aniruddha Nayek added a comment - - edited

            Verified with 1.3.3-12

            1. Create a namespace with more than 37 characters 

            [root@rdr-ani416-65f4-bastion-0 ~]# oc new-project project-openshift-adp-new-1000000000000000
Now using project "project-openshift-adp-new-1000000000000000" on server "https://api.rdr-ani416-65f4.redhat.com:6443".

            2.Install the OADP Operator in this namespace

            [root@rdr-ani416-65f4-bastion-0 ~]# oc get csv -n project-openshift-adp-new-1000000000000000
NAME                   DISPLAY         VERSION   REPLACES               PHASE
oadp-operator.v1.3.3   OADP Operator   1.3.3     oadp-operator.v1.3.2   Succeeded
[root@rdr-ani416-65f4-bastion-0 ~]# oc get pods -n project-openshift-adp-new-1000000000000000
NAME                                               READY   STATUS    RESTARTS   AGE
openshift-adp-controller-manager-bb865c48b-r95ct   1/1     Running   0          84s

            3. Create the necessary "cloud-credentials" Secret

            [root@rdr-ani416-65f4-bastion-0 ~]# oc create secret generic cloud-credentials -n project-openshift-adp-new-1000000000000000 --from-file cloud=aws_creds
secret/cloud-credentials created

            4. Create the DPA:

            [root@rdr-ani416-65f4-bastion-0 ~]# oc get dpa -o yaml
apiVersion: v1
items:
- apiVersion: oadp.openshift.io/v1alpha1
  kind: DataProtectionApplication
  metadata:
    creationTimestamp: "2024-07-12T07:50:16Z"
    generation: 1
    name: ts-dpa
    namespace: project-openshift-adp-new-1000000000000000
    resourceVersion: "786035"
    uid: bda24e93-7a76-484f-8ec1-33b3997ce949
  spec:
    backupLocations:
    - name: default
      velero:
        config:
          profile: default
          region: us-east-1
        credential:
          key: cloud
          name: cloud-credentials
        default: true
        objectStorage:
          bucket: newocpbucket
          prefix: velero
        provider: aws
    configuration:
      nodeAgent:
        enable: true
        uploaderType: kopia
      velero:
        defaultPlugins:
        - openshift
        - aws
        - csi
  status:
    conditions:
    - lastTransitionTime: "2024-07-12T07:50:17Z"
      message: Reconcile complete
      reason: Complete
      status: "True"
      type: Reconciled
kind: List
metadata:
  resourceVersion: ""
  
[root@rdr-ani416-65f4-bastion-0 ~]# oc get pods -n project-openshift-adp-new-1000000000000000
NAME                                                READY   STATUS    RESTARTS   AGE
node-agent-d6zj5                                     1/1     Running   0          2m49s
node-agent-hmcmk                                     1/1     Running   0          2m49s
node-agent-lbqzq                                     1/1     Running   0          2m49s
velero-d49bc9969-rdzlb                               1/1     Running   0          2m49s
openshift-adp-controller-manager-bb865c48b-r95ct     1/1     Running   0          5m12s

            DPA reconciles successfully

            Aniruddha Nayek added a comment - - edited Verified with 1.3.3-12 1. Create a namespace with more than 37 characters  [root@rdr-ani416-65f4-bastion-0 ~]# oc new -project project-openshift-adp- new -1000000000000000 Now using project "project-openshift-adp- new -1000000000000000" on server "https: //api.rdr-ani416-65f4.redhat.com:6443" . 2.Install the OADP Operator in this namespace [root@rdr-ani416-65f4-bastion-0 ~]# oc get csv -n project-openshift-adp- new -1000000000000000 NAME                   DISPLAY         VERSION   REPLACES               PHASE oadp- operator .v1.3.3   OADP Operator   1.3.3     oadp- operator .v1.3.2   Succeeded [root@rdr-ani416-65f4-bastion-0 ~]# oc get pods -n project-openshift-adp- new -1000000000000000 NAME                                               READY   STATUS    RESTARTS   AGE openshift-adp-controller-manager-bb865c48b-r95ct   1/1     Running   0          84s 3. Create the necessary "cloud-credentials" Secret [root@rdr-ani416-65f4-bastion-0 ~]# oc create secret generic cloud-credentials -n project-openshift-adp- new -1000000000000000 --from-file cloud=aws_creds secret/cloud-credentials created 4. Create the DPA: [root@rdr-ani416-65f4-bastion-0 ~]# oc get dpa -o yaml apiVersion: v1 items: - apiVersion: oadp.openshift.io/v1alpha1   kind: DataProtectionApplication   metadata:     creationTimestamp: "2024-07-12T07:50:16Z"     generation: 1     name: ts-dpa     namespace: project-openshift-adp- new -1000000000000000     resourceVersion: "786035"     uid: bda24e93-7a76-484f-8ec1-33b3997ce949   spec:     backupLocations:     - name: default       velero:         config:           profile: default           region: us-east-1         credential:           key: cloud           name: cloud-credentials         default : true         objectStorage:           bucket: newocpbucket           prefix: velero         provider: aws     configuration:       nodeAgent:         enable: true         uploaderType: kopia       velero:         defaultPlugins:         - openshift         - aws         - csi   status:     conditions:     - lastTransitionTime: "2024-07-12T07:50:17Z"       message: Reconcile complete       reason: Complete       status: "True"       type: Reconciled kind: List metadata:   resourceVersion: ""   [root@rdr-ani416-65f4-bastion-0 ~]# oc get pods -n project-openshift-adp- new -1000000000000000 NAME                                                READY   STATUS    RESTARTS   AGE node-agent-d6zj5                                     1/1     Running   0          2m49s node-agent-hmcmk                                     1/1     Running   0          2m49s node-agent-lbqzq                                     1/1     Running   0          2m49s velero-d49bc9969-rdzlb                               1/1     Running   0          2m49s openshift-adp-controller-manager-bb865c48b-r95ct     1/1     Running   0          5m12s DPA reconciles successfully

              anayek Aniruddha Nayek
              akarol@redhat.com Aziza Karol
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: