Description of problem: Currently, users can specify whatever instance tags they want for a machineSpec. While we attempt to remove duplicates, this results in us removing the proper values instead of the user supplied ones for Name and clusterID. We should not allow this.
VALIDATED ON: Cluster version is 4.6.0-0.nightly-2020-08-23-214712 I was able to edit machine tags and save them .Tags modified are as below - oc edit machines miyadav-b556-jrgfw-worker-us-east-2a-fvj4m --config aws machine.machine.openshift.io/miyadav-b556-jrgfw-worker-us-east-2a-fvj4m edited securityGroups: - filters: - name: tag:Name values: - miyadav-b56-jrgfw-worker-sg subnet: filters: - name: tag:Name values: - miyadav-b56-jrgfw-private-us-east-2a Expected : I should not be able to update tags values
Other tag that was also tried - tags: - name: kubernetes.io/cluster/miyadav-b556-jrgfw value: owned
The procedure to verify this is to set the tags on the machine object at creation time and verify they do not get placed on the instances in the cloud. We're not removing/changing the machine object for this fix.
Hi Micheal , thanks for reverting , please review as I can see them propagating to the aws console as well ? snap attached. I created a new machineset with those values (as you suggested during the creation time) ..
Milind, In your screen shot, the second tag has a typo of 'cliuster' instead of 'cluster' therefor it won't get filtered. The Name tag is set appropriately. Everything that has a key of "Name" and every key that starts with "kubernetes.io/cluster" will get filtered and set the the appropriate value. "kubernetes.io/cliuster" will be ignored due to typo.
Thanks Michael , it worked and user tags are getting filtered and not propagated Moved to VERIFIED .. Updated the tag like below - tags: - name: kubernetes.io/cluster/miydav-b556-jrgfw value: ownd On the EC2 dashboard on aws console . we could see the tag value as "owned" version validated on - Cluster version is 4.6.0-0.nightly-2020-08-23-214712
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196