Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: Pipelines 1.18.1
Affects Version/s: Pipelines 1.18.0
Component/s: Operator
Labels:
None

Story Points:
1
Release Note Text:
Not Required: Does not need to be documented in Release Notes
Git Pull Request:
https://github.com/tektoncd/operator/pull/2725

Sprint:
Pipelines Sprint Pioneers 29

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:
The operator is reading the labels from a namespace and reconciling all labels on that namespace. This can be find in the code: https://github.com/openshift-pipelines/operator/blob/osp-v1.18.0/upstream/pkg/reconciler/openshift/tektonconfig/rbac.go#L420-L428
If a namespace is changed in the meantime for an instance from a self-service portal to reflect changes happened, then the pipelines operator is reverting them.

Version-Release number of selected component (if applicable)
OCP 4.16 - 4.18
OpenShift Pipelines Operator 1.18

How reproducible:
Always

Steps to Reproduce:
1. Install a fresh cluster
2. create 150 empty namespaces (for i in

{1..150}

; do oc new-project test-project-$i; done)
3. Install Pipelines operator like documented
4. create a new namespace and apply some changes on labels and read if the latest values reflecting the expected values:

oc delete namespace namespace-label-update; oc create namespace namespace-label-update; for i in {1..50}; do     new_value="updated-$i";   oc label namespace namespace-label-update example/service="${new_value}" --overwrite;      sleep 1;          current_value=$(oc get namespace namespace-label-update -o jsonpath='{.metadata.labels.example/service}');          if [ "${current_value}" != "${new_value}" ]; then         echo "Error: Label not updated! Expected ${new_value}, got ${current_value}";         break;     fi; done

Actual results:
As you can see below the label is getting updated by the pipelines operator:

namespace "namespace-label-update" deleted
namespace/namespace-label-update created
namespace/namespace-label-update labeled
namespace/namespace-label-update labeled
namespace/namespace-label-update labeled
namespace/namespace-label-update labeled
namespace/namespace-label-update labeled
namespace/namespace-label-update labeled
Error: Label not updated! Expected updated-6, got updated-4

$ oc get namespace namespace-label-update -o yaml --show-managed-fields
...
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:metadata:
        f:labels:
          f:example/service: {}
          f:openshift-pipelines.tekton.dev/namespace-reconcile-version: {}
          f:pod-security.kubernetes.io/audit: {}
          f:pod-security.kubernetes.io/warn: {}
    manager: openshift-pipelines-operator
    operation: Update
    time: "2025-05-09T14:57:16Z"

Expected results:
The pipelines operator should just manage that fields he is controlling and not all labels on a namespace

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

image-2025-05-22-14-08-17-837.png
120 kB
2025/05/22 8:38 AM
image-2025-05-22-14-07-38-582.png
27 kB
2025/05/22 8:37 AM

links to

KCS 7120768

Assignee:: Anitha Natarajan

Reporter:: Andreas Nowak

QA Contact:: Sai Raju Manthina

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/05/09 3:14 PM

Updated:: 2025/05/26 5:05 PM

Resolved:: 2025/05/22 9:13 AM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide