Bug 1838705 - Wrong webhook port when using WebhookDescription
Summary: Wrong webhook port when using WebhookDescription
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: OLM
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.5.0
Assignee: Alexander Greene
QA Contact: yhui
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-05-21 15:54 UTC by Yuval Turgeman
Modified: 2020-07-13 17:41 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: OLM did not wire the container port of a webhook defined in a CSV to the Validating or Mutating Webhook Configuration created on cluster. The Webhook Configurations created on cluster would always be created with port 443. Consequence: Only webhooks that listened on port 443 would work. Fix: Wire the port defined for the Webhook in the CSV to the Webhook Configuration. Result: OLM now creates the Webhook Configuration with the correct port.
Clone Of:
Environment:
Last Closed: 2020-07-13 17:40:55 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github operator-framework operator-lifecycle-manager pull 1540 0 None closed Bug 1838705: fix(webhook): Wire ContainerPort to Webhook 2020-11-09 09:12:30 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:41:14 UTC

Description Yuval Turgeman 2020-05-21 15:54:55 UTC
Description of problem:
When specifying ContainerPort in a WebhookDescription, the generated webhook will not point to specified port.  Instead, the ValidatingWebhookConfiguration will always point to port 443.

Version-Release number of selected component (if applicable):
4.5

How reproducible:
Always


Steps to Reproduce:
1. Deploy minikube with OLM from release-4.5
2. Define a webhookdefinition in a CSV with containerPort 5555
3. View the resulting ValidatingWebhookConfiguration

Actual results:
The ValidatingWebhookConfiguration's port will remain 443

Expected results:
The ValidatingWebhookConfiguration's port will remain 5555

Comment 4 yhui 2020-05-25 03:40:03 UTC
[root@preserve-olm-env ~]# oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.5.0-0.nightly-2020-05-24-223848   True        False         73m     Cluster version is 4.5.0-0.nightly-2020-05-24-223848
[root@preserve-olm-env 1838705]# oc exec catalog-operator-bdd5d58c9-qfg2x -n openshift-operator-lifecycle-manager -- olm --version
OLM version: 0.15.1
git commit: 1849f658a5c703a1c15bf4467df7eb928d321b18


Steps to test:
1. Install cluster with OLM.

2. Define a webhookdefinition in a CSV with containerPort 5555.
[root@preserve-olm-env 1838705]# cat csv.yaml
```
spec:
  apiservicedefinitions: {}
  webhookdefinitions:
  - generateName: object.auditor.com
    type: ValidatingAdmissionWebhook
    deploymentName: "object-auditor-webhook-deployment"
    containerPort: 5555
```

3. Create operatorgroup and csv.
[root@preserve-olm-env 1838705]# oc apply -f og.yaml 
operatorgroup.operators.coreos.com/hui-og created
[root@preserve-olm-env 1838705]# oc apply -f csv.yaml 
clusterserviceversion.operators.coreos.com/webhook.v1.0.0 created
[root@preserve-olm-env 1838705]# oc get og
NAME     AGE
hui-og   38s
[root@preserve-olm-env 1838705]# oc get csv
NAME             DISPLAY          VERSION   REPLACES   PHASE
webhook.v1.0.0   Simple Webhook   1.0.0                Succeeded

4. View the resulting ValidatingWebhookConfiguration
[root@preserve-olm-env 1838705]# oc get validatingwebhookconfiguration
NAME                       WEBHOOKS   AGE
autoscaling.openshift.io   2          88m
multus.openshift.io        1          95m
object.auditor.com-9m55w   1          82s
[root@preserve-olm-env 1838705]# oc get validatingwebhookconfiguration object.auditor.com-9m55w -o yaml |grep port
      port: 5555
The ValidatingWebhookConfiguration's port becomes 5555.

5. Edit the csv to change the containerPort from 5555 to 5556.
[root@preserve-olm-env 1838705]# oc edit csv webhook.v1.0.0

6. View the resulting ValidatingWebhookConfiguration
[root@preserve-olm-env 1838705]# oc get validatingwebhookconfiguration object.auditor.com-9m55w -o yaml |grep port
      port: 5556
The ValidatingWebhookConfiguration's port becomes 5556.

The result is what we expected. Verify the bug.

Comment 5 errata-xmlrpc 2020-07-13 17:40:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.