Bug 1892244

Summary: The ClusterServiceVersion can define Webhooks that cannot be created.
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: OLMAssignee: Alexander Greene <agreene>
OLM sub component: OLM QA Contact: kuiwang
Status: CLOSED WONTFIX Docs Contact:
Severity: low    
Priority: medium CC: krizza, sople, ttaylor, vdinh
Version: 4.6Keywords: Reopened
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-03 19:51:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1891898    
Bug Blocks:    

Description OpenShift BugZilla Robot 2020-10-28 09:51:40 UTC 
+++ This bug was initially created as a clone of Bug #1891898 +++

Description of problem:
Operator Authors can create CSVs that define Webhooks with containerPorts set outside the range of 0-65535, which prevents the ValidatingWebhookConfiguration or MutatingWebhookConfiguration from being created due to failed validation.

Version-Release number of selected component (if applicable):
4.6.0

How reproducible:
Always

Steps to Reproduce:
1.Install a CSV that defines a webhook whose containerPort value is less than 0 or greater than 65535.

Actual results:
Validating / mutating webhook is not created, CSV rotates through different install phases.

Expected results:
The webhook is installed correctly and the operator reaches the succeeded phase.

Additional info:

--- Additional comment from agreene on 2020-10-27 17:48:15 UTC ---

Example OLM Failure Log:

```
time="2020-10-27T14:02:12Z" level=error msg="Webhooks: Error creating MutatingWebhookConfiguration: MutatingWebhookConfiguration.admissionregistration.k8s.io \"mopentelemetrycollector.kb.io-gtbpc\" is invalid: webhooks[0].clientConfig.service.port: Invalid value: 0: port is not valid: must be between 1 and 65535, inclusive"
```
Comment 5 Kevin Rizza 2021-02-01 18:22:30 UTC 
Because of the priority of this bug, it is unlikely that it will ever be backported into 4.6. The operator teams that are developing webhooks should be testing and are aware of this limitation in 4.6, and as a result there shouldn't actually be any customer impact unless they are developing operators with webhooks themselves. In that case, the workaround of specifying a valid port should be sufficient.

I'm closing this backport bz as WONTFIX.