-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.15.0
-
None
-
Yes
-
ODC Sprint 3262, ODC Sprint 3263, ODC Sprint 3264, ODC Sprint 3265, ODC Sprint 3266, ODC Sprint 3267
-
6
-
Rejected
-
False
-
Description of problem:
Console user settings are saved in a ConfigMap for each user in the namespace openshift-console-user-settings.
The console frontend uses the k8s API to read and write that ConfigMap. The console backend creates a ConfigMap with a Role and RoleBinding for each user, giving that single user read and write access to his/her own ConfigMap.
The number of Role and RoleBindings might decrease a cluster performance. This has happened in the past, esp. on the Developer Sandbox, where a long-living cluster creates new users that is then automatically removed after a month. Keeping the Role and RoleBinding results in performance issues.
The resources had an ownerReference before 4.15 so that the 3 resources (1 ConfigMap, 1 Role, 1 RoleBinding) was automatically removed when the User resource was deleted. This ownerReference was removed with 4.15 to support external OIDC providers.
Issue OCPBUGS-37560 is about to restore that feature for the OpenShift auth provider.
This ticket here is about adding a feature-flag to switch from ConfigMap user settings (default) to in browser/localSorage user settings (opt-out). This will allow cluster admins with tausends of console users to disable user settings if it negatively affects cluster performance.
History:
- User setting feature was introduced 2020 with 4.7 (
ODC-4370) without a ownerReference for these resources. - After noticing performance issues on Dev Sandbox 2022 (BZ 2019564) we added an ownerReference in 4.11 (PR 11130) and backported this change 4.10 and 4.9.
- The ownerReference was removed in 4.15 with
CONSOLE-3829/OCPBUGS-16814/PR 13321. This is a regression.
See also:
- https://github.com/openshift/console/blob/release-4.14/pkg/usersettings/helpers.go
- https://github.com/openshift/console/blob/release-4.15/pkg/usersettings/helpers.go
Version-Release number of selected component (if applicable):
4.15+
How reproducible:
Always
Steps to Reproduce:
- Create a new user
- Login into the console
- Check for the user settings ConfigMap, Role and RoleBinding for that deleted user.
- Delete the user
- The resources should now be removed...
Actual results:
The three resources weren't deleted after the user was deleted.
Expected results:
The three resources should be deleted after the user is deleted.
Additional info: