Bug 1830031

Summary: OLM operator fails to create namespace for OperatorGroup with long name
Product: OpenShift Container Platform Reporter: Marc Sluiter <msluiter>
Component: OLMAssignee: Alexander Greene <agreene>
OLM sub component: OLM QA Contact: Jian Zhang <jiazha>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: agreene
Version: 4.5   
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: OperatorGroups apply labels to namespaces included in that OperatorGroup, with the exception that the OperatorGroup supports all namespaces. The label applied to these namespaces were based off the name of the OperatorGroup and the namespace the OperatorGroup is deployed in. Both namespaces and names can be as long as 253 characters, label keys and values have a 63 character limit. Consequence: The OperatorGroup label would occasionally fail to be applied because the generated label key would exceed the 63 character limit. Fix: The OperatorGroup label is now based on the OpreatorGroup's UID and will always be 58 characters in length. Result: The OperatorGroup label will never exceed the 63 character limit.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-07-13 17:33:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Marc Sluiter 2020-04-30 18:26:10 UTC
Description of problem:

Deploymemt of an operator with registry image + CatalogSource + OperatorGroup + Subscription fails. Log of olm-operator:

E0430 16:32:55.542653 1 queueinformer_operator.go:290] sync {"update" "openshift-performance-addon"} failed: Namespace "openshift-performance-addon" is invalid: metadata.labels: Invalid value: "olm.operatorgroup/openshift-performance-addon.openshift-performance-addon-operatorgroup": name part must be no more than 63 characters

Version-Release number of selected component (if applicable):
Latest OCP 4.5 in CI

How reproducible:
reporting after 1st appearence

Steps to Reproduce:
1. Use an OperatorGroup like this:

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: openshift-performance-addon-operatorgroup
  namespace: openshift-performance-addon
spec:
  targetNamespaces:
    - openshift-performance-addon


Actual results:
Operator isn't deployed

Expected results:
Operator is deployed


Additional info:
failed CI job for more logs etc.:
https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/pr-logs/pull/openshift-kni_performance-addon-operators/198/pull-ci-openshift-kni-performance-addon-operators-master-e2e-gcp/804

Comment 1 Marc Sluiter 2020-05-01 09:36:35 UTC
This OperatorGroup works:

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: performance-addon-operator
  namespace: openshift-performance-addon
spec:
  targetNamespaces:
    - openshift-performance-addon

Comment 5 Jian Zhang 2020-05-08 06:59:08 UTC
Cluster version is 4.5.0-0.nightly-2020-05-07-144853

mac:~ jianzhang$ oc  -n openshift-operator-lifecycle-manager exec catalog-operator-6c5576474-kmzdw -- olm --version
OLM version: 0.14.2
git commit: 6544650f2bff3d58b60af24e4eab2b9d4cb06b1b

1, Check other OperatorGroup object.
mac:~ jianzhang$ oc get og -A
NAMESPACE                              NAME                                      AGE
openshift-monitoring                   openshift-cluster-monitoring              146m
openshift-operator-lifecycle-manager   olm-operators                             171m
openshift-operators                    global-operators                          171m
openshift-template-service-broker      openshift-template-service-broker-247wt   121m

mac:~ jianzhang$ oc get -n openshift-monitoring  og openshift-cluster-monitoring -o=jsonpath='{.metadata.uid}'
40b0ea7d-b8fb-4f66-b772-e9c1b0b00ea1


mac:~ jianzhang$ oc get ns openshift-monitoring -o=jsonpath='{.metadata.labels}'
map[name:openshift-monitoring network.openshift.io/policy-group:monitoring olm.operatorgroup.uid/40b0ea7d-b8fb-4f66-b772-e9c1b0b00ea1: openshift.io/cluster-monitoring:true]

2, Create a long name OperatorGrroup as above shows.
mac:~ jianzhang$ oc adm new-project openshift-performance-addon
Created project openshift-performance-addon

mac:~ jianzhang$ cat bug-og.yaml 
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: openshift-performance-addon-operatorgroup
  namespace: openshift-performance-addon
spec:
  targetNamespaces:
    - openshift-performance-addon

mac:~ jianzhang$ oc create -f bug-og.yaml 
operatorgroup.operators.coreos.com/openshift-performance-addon-operatorgroup created

mac:~ jianzhang$ oc get ns openshift-performance-addon -o yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    openshift.io/description: ""
    openshift.io/display-name: ""
    openshift.io/sa.scc.mcs: s0:c25,c5
    openshift.io/sa.scc.supplemental-groups: 1000610000/10000
    openshift.io/sa.scc.uid-range: 1000610000/10000
  creationTimestamp: "2020-05-08T06:54:03Z"
  labels:
    olm.operatorgroup.uid/33bcd1ea-dc92-4fc2-80e2-ccc30d5753dd: ""
...
mac:~ jianzhang$ oc get  og -n openshift-performance-addon openshift-performance-addon-operatorgroup  -o yaml
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  creationTimestamp: "2020-05-08T06:54:14Z"
  generation: 1
  name: openshift-performance-addon-operatorgroup
  namespace: openshift-performance-addon
  resourceVersion: "81057"
  selfLink: /apis/operators.coreos.com/v1/namespaces/openshift-performance-addon/operatorgroups/openshift-performance-addon-operatorgroup
  uid: 33bcd1ea-dc92-4fc2-80e2-ccc30d5753dd
spec:
  targetNamespaces:
  - openshift-performance-addon
status:
  lastUpdated: "2020-05-08T06:54:14Z"
  namespaces:
  - openshift-performance-addon


As we can see, the key to the OperatorGroup labels of the namespace has been changed to uid.
It will less than 63 characters, looks good to me, verify it.

Comment 6 errata-xmlrpc 2020-07-13 17:33:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409