Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
False
-
False
-
Quay Enterprise
-
0
Description
Currently, QBO uses the label/selector control-plane: controller-manager which seems to be used across all operators as it's part of the SDK. This poses a problem because it allows traffic to be forwarded to any pod that has the same label. In shared namespaces such as openshift-operators where other operators might exist, this would mean that traffic is sent to all the operator pods which can cause issues in their work. The fix would be to change the selector/label on QBO to something else which is more Quay specific.
QBO service as it is now after deployment:
apiVersion: v1 kind: Service metadata: creationTimestamp: "2021-12-17T15:07:24Z" labels: operators.coreos.com/quay-bridge-operator.openshift-operators: "" name: quay-bridge-operator-controller-manager-service namespace: openshift-operators ownerReferences: - apiVersion: operators.coreos.com/v1alpha1 blockOwnerDeletion: false controller: false kind: ClusterServiceVersion name: quay-bridge-operator.v3.6.2 uid: 0320e297-47fd-4792-956a-29f29a32e944 resourceVersion: "106481" uid: c8ba1bd6-e308-4895-a175-7092e49cf2a0 spec: clusterIP: 172.30.211.35 clusterIPs: - 172.30.211.35 internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: "443" port: 443 protocol: TCP targetPort: 9443 selector: control-plane: controller-manager sessionAffinity: None type: ClusterIP status: loadBalancer: {}
Description of QBO pod:
# oc describe pod quay-bridge-operator-controller-manager-6cb9bb58d9-pmv4m
Name: quay-bridge-operator-controller-manager-6cb9bb58d9-pmv4m
Namespace: openshift-operators
Priority: 0
Node: ip-10-0-210-205.eu-central-1.compute.internal/10.0.210.205
Start Time: Fri, 17 Dec 2021 15:07:24 +0000
Labels: control-plane=controller-manager
pod-template-hash=6cb9bb58d9
...
Attachments
Issue Links
- account is impacted by
-
PROJQUAY-3028 Release v3.6.3
-
- Closed
-
