-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.18.z
-
None
-
None
-
False
-
-
None
-
Low
-
Yes
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When attempting to patch a hostedcluster CRD in order to perform an upgrade, the patch command fails with a CEL validation failure like:
The HostedCluster "XXXX" is invalid: spec: Invalid value: "object": no such key: servingCerts evaluating rule: APIServer loadBalancer hostname cannot be in ClusterConfiguration.apiserver.servingCerts.namedCertificates[]
Version-Release number of selected component (if applicable):
MCE 2.10
How reproducible:
yes
Steps to Reproduce:
1. Upgrade MCE from 2.8 to 2.10.
2. Create a hostedcluster CRD with no servingCerts under spec.Configuration.apiserver.
3. Run patch on CRD like "$ oc patch hostedcluster XXXX -n XXXXXX --type=merge -p='{"spec":{"channel":"stable-4.18"}}'"
Actual results:
Patch command fails with "no such key".
Expected results:
Hostedcluster patched and upgrading.
Additional info:
A workaround for this is to add a blank structure that the validator expects to see:
oc patch hostedcluster XXXX -n XXXXXX --type=merge -p='{"spec":{"channel":"stable-4.18", "configuration":{"apiServer":{"servingCerts":{"namedCertificates":[]}}}}}'
Looking at some of the validations, it looks like it could be from https://github.com/openshift/hypershift/pull/6091, but not positive.