Bug 2011861
| Summary: | MTC - Exclusion of networkpolicy doesn't work | ||
|---|---|---|---|
| Product: | Migration Toolkit for Containers | Reporter: | Danila Kiselev <dkiselev> |
| Component: | Operator | Assignee: | Jason Montleon <jmontleo> |
| Status: | CLOSED NOTABUG | QA Contact: | Xin jiang <xjiang> |
| Severity: | medium | Docs Contact: | Avital Pinnick <apinnick> |
| Priority: | medium | ||
| Version: | 1.4.3 | CC: | ernelson, jmatthew, jmontleo |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-29 15:45:23 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
This is an override so you probably want:
excluded_resources:
- networkpolicies
- imagetags
- templateinstances
- clusterserviceversions
- packagemanifests
- subscriptions
- servicebrokers
- servicebindings
- serviceclasses
- serviceinstances
- serviceplans
- operatorgroups
- events
- events.events.k8s.io
- rolebindings.authorization.openshift.io
- name: EXCLUDED_RESOURCES
value: networkpolicies,imagetags,templateinstances,clusterserviceversions,packagemanifests,subscriptions,servicebrokers,servicebindings,serviceclasses,serviceinstances,serviceplans,operatorgroups,events,events.events.k8s.io,rolebindings.authorization.openshift.io
That aside I can't reproduce this. With:
excludedResources:
- networkpolicies
I have:
$ oc get po -o yaml migration-controller-65c77c495d-2lkhg | grep EXCLUDED_RESOURCES -A1
- name: EXCLUDED_RESOURCES
value: networkpolicies
I didn't see any container logs from must-gather. Do you see any errors in the operator log? It's possible a task is failing before it's reaching the controller configuration.
Closing as not reproducible on 1.6. If the issue persists and is observed on the most recent version of MTC, please reopen this BZ. |
Description of problem: Exclusion of networkpolicy doesn't work. Version-Release number of selected component (if applicable): OCP 3.11 to OCP 4.6 How reproducible: Very. Steps to Reproduce: Edit config to exclude networkpolicy: ~~~ spec: azure_resource_group: "" cluster_name: host excludedResources: - networkpolicies ... ~~~ Actual results: Migration controller is checking the network policies in destination: ~~~ host/namespaces/openshift-migration/pods/migration-controller-54c5d5fd67-8cptk/mtc/mtc/logs/current.log:2021-09-30T14:37:08.333165477Z 2021-09-30T14:37:08.333165477Z {"level":"info","ts":1633012628333,"logger":"migration|fz87j","msg":"Rollback: Searching destination cluster namespace for resources with migrated-by label.","migMigration":"d173ae10-21fb-11ec-b6f0-a9f7b0ef8f58","phase":"DeleteMigrated","namespace":"test-mtc-pv-small","gvk":"networking.k8s.io/v1/networkpolicies","label":"migration.openshift.io/migrated-by-migplan:2f842f08-1782-446a-bd50-7302cdf24b3d"} 2021-09-30T14:38:00.633300295Z {"level":"info","ts":1633012680633,"logger":"migration|w4qtd","msg":"Rollback: Checking for leftover resources in destination cluster","migMigration":"d173ae10-21fb-11ec-b6f0-a9f7b0ef8f58","gvk":"networking.k8s.io/v1/networkpolicies","namespace":"test-mtc-pv-small"} ~~~ migration controller pod does not seem to be updated correctly, it is still pointing to default excluded resources and not including networkpolicies: ~~~ spec: containers: command: /manager env: name: EXCLUDED_RESOURCES value: imagetags,templateinstances,clusterserviceversions,packagemanifests,subscriptions,servicebrokers,servicebindings,serviceclasses,serviceinstances,serviceplans,operatorgroups,events ~~~ Expected results: Network policy successfully excluded.