Bug 1484563
Summary: | You should not be able to modify metadata.generation in a DC | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Eric Jones <erjones> |
Component: | Master | Assignee: | Tomáš Nožička <tnozicka> |
Status: | CLOSED ERRATA | QA Contact: | zhou ying <yinzhou> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.3.1 | CC: | aos-bugs, ccoleman, decarr, jokerman, mfojtik, mmccomas, wsun |
Target Milestone: | --- | ||
Target Release: | 3.3.1 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: User can modify metadata.generation which he shouldn't be able to modify.
Consequence: It can break controllers.
Fix: Forbid changing metadata.generation.
Result: Any changes to metadata.generation are ignored.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-28 22:07:41 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eric Jones
2017-08-23 21:00:35 UTC
It seems like in general, if we never expect observedGeneration to go down, ValidateObjectMetaUpdate in Kubernetes should probably prevent `Generation` from going down as well. I believe the error is specifically in regards to status updates -- spec-only updates seem to go through. However, incorrect status causes issues with things which depend on status for information, such as the HPA, which consumes `status.replicas` via the scale subresource. Not merged with latest OCP v3.3.1.46.16 Confirmed with OCP v3.3.1.46.31, now can't update the generation. openshift v3.3.1.46.31 kubernetes v1.3.0+52492b4 etcd 2.3.0+git Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188 |