Description of problem: If I update the WebhookDescription in a CSV, existing Valdiating/Mutating WebhookConfigurations are not updated on cluster. Version-Release number of selected component (if applicable): 4.5 How reproducible: Always Steps to Reproduce: 1. Install OLM 2. Copy the following yaml to webhook.csv.yaml ``` apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: annotations: alm-examples: '[{"apiVersion":"serving.knative.dev/v1alpha1","kind":"KnativeServing","metadata":{"name":"knative-serving"},"spec":{"config":{"autoscaler":{"container-concurrency-target-default":"100","container-concurrency-target-percentage":"1.0","enable-scale-to-zero":"true","max-scale-up-rate":"10","panic-threshold-percentage":"200.0","panic-window":"6s","panic-window-percentage":"10.0","scale-to-zero-grace-period":"30s","stable-window":"60s","tick-interval":"2s"},"defaults":{"revision-cpu-limit":"1000m","revision-cpu-request":"400m","revision-memory-limit":"200M","revision-memory-request":"100M","revision-timeout-seconds":"300"},"deployment":{"registriesSkippingTagResolving":"ko.local,dev.local"},"gc":{"stale-revision-create-delay":"24h","stale-revision-lastpinned-debounce":"5h","stale-revision-minimum-generations":"1","stale-revision-timeout":"15h"},"logging":{"loglevel.activator":"info","loglevel.autoscaler":"info","loglevel.controller":"info","loglevel.queueproxy":"info","loglevel.webhook":"info"},"observability":{"logging.enable-var-log-collection":"false","metrics.backend-destination":"prometheus"},"tracing":{"enable":"false","sample-rate":"0.1"}}}}]' capabilities: Seamless Upgrades categories: Networking,Integration & Delivery,Cloud Provider,Developer Tools certified: "false" containerImage: quay.io/openshift-knative/serverless-operator:v1.0.0 createdAt: "2019-07-27T17:00:00Z" description: |- Provides a collection of API's to support deploying and serving of serverless applications and functions. repository: https://github.com/openshift-knative/serverless-operator support: Red Hat name: webhook.v1.0.0 namespace: olm spec: apiservicedefinitions: {} webhookdefinitions: - generateName: object.auditor.com type: ValidatingAdmissionWebhook deploymentName: "object-auditor-webhook-deployment" containerPort: 443 sideEffects: "None" failurePolicy: Ignore admissionReviewVersions: - "v1" - "v1beta1" rules: - operations: - "CREATE" apiGroups: - "" apiVersions: - "v1" resources: - "configmaps" selector: name: mywebhook webhookPath: "/mutate" description: | A simple Webhook. displayName: Simple Webhook install: spec: deployments: - name: object-auditor-webhook-deployment spec: replicas: 1 selector: matchLabels: app: object-auditor name: mywebhook template: metadata: labels: app: object-auditor name: mywebhook spec: containers: - name: object-auditor image: quay.io/agreene/object-auditor:latest imagePullPolicy: IfNotPresent args: - -tlsCertFile=/apiserver.local.config/certificates/apiserver.crt - -tlsKeyFile=/apiserver.local.config/certificates/apiserver.key - -alsologtostderr - -v=4 - 2>&1 strategy: deployment installModes: - supported: true type: OwnNamespace - supported: true type: SingleNamespace - supported: true type: MultiNamespace - supported: true type: AllNamespaces keywords: - wbhooks links: - name: Documentation url: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.1/html-single/serverless/index maintainers: - email: knative name: Serverless Team maturity: alpha provider: name: Red Hat version: 1.0.0 ``` 3. Run `oc apply -f webhook.csv.yaml` 4. Check that the CSV was installed successfully: ``` $ oc get csvs NAME DISPLAY VERSION REPLACES PHASE packageserver Package Server 1.0.0 Succeeded webhook.v1.0.0 Simple Webhook 1.0.0 Succeeded ``` 5. Edit the spec.webhookdefinitions.rules[0].operators[0] field with `oc edit csv webhook.v1.0.0 ` and set the value to delete. 6. Check if the validatingWebhookConfiguration was updated: `oc get validatingwebhookconfigurations.admissionregistration.k8s.io -o yaml` Actual results: The validatingwebhookconfigurations created by the CSV is not updated. Expected results: The validatingwebhookconfigurations created by the CSV is updated to use the DELETE operation. Additional info:
[root@preserve-olm-env bug-1833419]# oc version Client Version: 4.4.0-rc.11 Server Version: 4.5.0-0.nightly-2020-05-11-032504 Kubernetes Version: v1.18.0-rc.1 [root@preserve-olm-env bug-1833419]# oc exec catalog-operator-6ddb5ff87f-t7xbz -n openshift-operator-lifecycle-manager -- olm --version OLM version: 0.15.0 git commit: 9ffa1fdb8dcf3153f915563641dc4ceaf3fbe3f2 Steps to test: 1. Install OLM 2. Create the project and operatorgroup [root@preserve-olm-env bug-1833419]# oc new-project olm [root@preserve-olm-env bug-1833419]# cat og.yaml apiVersion: operators.coreos.com/v1alpha2 kind: OperatorGroup metadata: name: hui-og namespace: olm spec: targetNamespaces: - olm [root@preserve-olm-env bug-1833419]# oc apply -f og.yaml operatorgroup.operators.coreos.com/hui-og created 3. Prepare the csv file webhook.csv.yaml ``` apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: annotations: alm-examples: '[{"apiVersion":"serving.knative.dev/v1alpha1","kind":"KnativeServing","metadata":{"name":"knative-serving"},"spec":{"config":{"autoscaler":{"container-concurrency-target-default":"100","container-concurrency-target-percentage":"1.0","enable-scale-to-zero":"true","max-scale-up-rate":"10","panic-threshold-percentage":"200.0","panic-window":"6s","panic-window-percentage":"10.0","scale-to-zero-grace-period":"30s","stable-window":"60s","tick-interval":"2s"},"defaults":{"revision-cpu-limit":"1000m","revision-cpu-request":"400m","revision-memory-limit":"200M","revision-memory-request":"100M","revision-timeout-seconds":"300"},"deployment":{"registriesSkippingTagResolving":"ko.local,dev.local"},"gc":{"stale-revision-create-delay":"24h","stale-revision-lastpinned-debounce":"5h","stale-revision-minimum-generations":"1","stale-revision-timeout":"15h"},"logging":{"loglevel.activator":"info","loglevel.autoscaler":"info","loglevel.controller":"info","loglevel.queueproxy":"info","loglevel.webhook":"info"},"observability":{"logging.enable-var-log-collection":"false","metrics.backend-destination":"prometheus"},"tracing":{"enable":"false","sample-rate":"0.1"}}}}]' capabilities: Seamless Upgrades categories: Networking,Integration & Delivery,Cloud Provider,Developer Tools certified: "false" containerImage: quay.io/openshift-knative/serverless-operator:v1.0.0 createdAt: "2019-07-27T17:00:00Z" description: |- Provides a collection of API's to support deploying and serving of serverless applications and functions. repository: https://github.com/openshift-knative/serverless-operator support: Red Hat name: webhook.v1.0.0 namespace: olm spec: apiservicedefinitions: {} webhookdefinitions: - generateName: object.auditor.com type: ValidatingAdmissionWebhook deploymentName: "object-auditor-webhook-deployment" containerPort: 443 sideEffects: "None" failurePolicy: Ignore admissionReviewVersions: - "v1" - "v1beta1" rules: - operations: - "CREATE" apiGroups: - "" apiVersions: - "v1" resources: - "configmaps" selector: name: mywebhook webhookPath: "/mutate" description: | A simple Webhook. displayName: Simple Webhook install: spec: deployments: - name: object-auditor-webhook-deployment spec: replicas: 1 selector: matchLabels: app: object-auditor name: mywebhook template: metadata: labels: app: object-auditor name: mywebhook spec: containers: - name: object-auditor image: quay.io/agreene/object-auditor:latest imagePullPolicy: IfNotPresent args: - -tlsCertFile=/apiserver.local.config/certificates/apiserver.crt - -tlsKeyFile=/apiserver.local.config/certificates/apiserver.key - -alsologtostderr - -v=4 - 2>&1 strategy: deployment installModes: - supported: true type: OwnNamespace - supported: true type: SingleNamespace - supported: true type: MultiNamespace - supported: true type: AllNamespaces keywords: - wbhooks links: - name: Documentation url: https://access.redhat.com/documentation/en-us/openshift_container_platform/4.1/html-single/serverless/index maintainers: - email: knative name: Serverless Team maturity: alpha provider: name: Red Hat version: 1.0.0 ``` 4. Run `oc apply -f webhook.csv.yaml` [root@preserve-olm-env bug-1833419]# oc get csvs NAME DISPLAY VERSION REPLACES PHASE webhook.v1.0.0 Simple Webhook 1.0.0 Succeeded 5. Edit the spec.webhookdefinitions.rules[0].operators[0] field with `oc edit csv webhook.v1.0.0 ` and set the value to DELETE. 6. Check if the validatingWebhookConfiguration was updated: `oc get validatingwebhookconfigurations.admissionregistration.k8s.io -o yaml` Actual results: The validatingwebhookconfigurations created by the CSV is updated to use the DELETE operation. The result is what we expected. Verify the bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409