Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7839

User is allowed to create IP Address pool with duplicate entries for namespace and matchExpression for serviceSelector and namespaceSelector

XMLWordPrintable

    • Low
    • No
    • 1
    • OCP VE Sprint 232, OCP VE Sprint 233, OCP VE Sprint 234
    • 3
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Validation is missing for namespaces and matchExpression used for namespaceSelector and serviceSelector as duplicate entries are allowed.
matchLabel accepts duplicate entries in YAML but silently drops when ip addresspool is created.

      Version-Release number of selected component (if applicable):

      4.13

      How reproducible:

      Always

      Steps to Reproduce:

      1. Install metallb operator and create IP addresspool with YAML below:
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: ip-addresspool-l3a
  labels:
    zone: east
  namespace: metallb-system
spec:
  addresses:
    - 10.10.1.1-10.10.1.10
  autoAssign: true
  avoidBuggyIPs: true
  serviceAllocation:
    priority: 50
    namespaces:
      - test
    namespaceSelectors:
      - matchLabels:
          team: operations
      - matchExpressions:
          - key: region
            operator: In
            values: 
              - 'na'
              - 'na'
 2. Another YAML
--
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: ip-addresspool-l3a
  labels:
    zone: east
  namespace: metallb-system
spec:
  addresses:
    - 10.10.1.1-10.10.1.10
  autoAssign: true
  avoidBuggyIPs: true
  serviceAllocation:
    priority: 50
    namespaces:
      - test
      - test
    namespaceSelectors:
      - matchLabels:
          team: operations
      - matchExpressions:
          - key: region
            operator: In
            values: 
              - 'na'

      Actual results:

      IP address pool is created
--
oc get ipaddresspool ip-addresspool-l3a -n metallb-system -oyaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  creationTimestamp: "2023-02-22T00:27:33Z"
  generation: 1
  labels:
    zone: east
  name: ip-addresspool-l3a
  namespace: metallb-system
  resourceVersion: "257675"
  uid: 998dc5cf-a2b4-48e0-b5f1-808d5d84edf0
spec:
  addresses:
  - 10.10.1.1-10.10.1.10
  autoAssign: true
  avoidBuggyIPs: true
  serviceAllocation:
    namespaceSelectors:
    - matchLabels:
        team: operations
    - matchExpressions:
      - key: region
        operator: In
        values:
        - na
        - na
    namespaces:
    - test
    priority: 50

 oc get ipaddresspool ip-addresspool-l3a -n metallb-system -oyaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  creationTimestamp: "2023-02-22T00:42:50Z"
  generation: 1
  labels:
    zone: east
  name: ip-addresspool-l3a
  namespace: metallb-system
  resourceVersion: "263468"
  uid: a105edd2-9910-4163-a25a-5591177d7951
spec:
  addresses:
  - 10.10.1.1-10.10.1.10
  autoAssign: true
  avoidBuggyIPs: true
  serviceAllocation:
    namespaceSelectors:
    - matchLabels:
        team: operations
    - matchExpressions:
      - key: region
        operator: In
        values:
        - na
    namespaces:
    - test
    - test
    priority: 50

      Expected results:

      Warning message and ip address pool should not be created.

      Additional info:

       

              pepalani@redhat.com Periyasamy Palanisamy
              rhn-support-asood Arti Sood
              Arti Sood Arti Sood
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: