Bug 1908347

Summary: CVO overwrites ValidatingWebhookConfiguration for snapshots
Product: OpenShift Container Platform Reporter: Jan Safranek <jsafrane>
Component: StorageAssignee: Jan Safranek <jsafrane>
Storage sub component: Operators QA Contact: Qin Ping <piqin>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: aos-bugs
Version: 4.7   
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:45:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Safranek 2020-12-16 13:35:45 UTC 
We let CVO to apply ValidatingWebhookConfiguration for volume snapshot validation. CA bundle is automatically injected into this API object and this makes CVO to update the object again, creating endless loop of injecting CA bundle & removing it.

Fortunately, CVO is not particularly fast, so it does not disrupt the service, however, we should fix it.

Steps to reproduce:

1. oc get validatingwebhookconfiguration snapshot.storage.k8s.io -o yaml
...
  generation: 48
...

It should not grow that much.
Comment 2 Qin Ping 2021-01-06 13:08:17 UTC 
Verified with: 4.7.0-0.nightly-2021-01-06-055910
Comment 5 errata-xmlrpc 2021-02-24 15:45:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633