Bug 1908347 - CVO overwrites ValidatingWebhookConfiguration for snapshots
Summary: CVO overwrites ValidatingWebhookConfiguration for snapshots
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Storage
Version: 4.7
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.7.0
Assignee: Jan Safranek
QA Contact: Qin Ping
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-12-16 13:35 UTC by Jan Safranek
Modified: 2021-02-24 15:45 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:45:05 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-csi-snapshot-controller-operator pull 68 0 None closed Bug 1908347: Apply ValidatingWebhookConfiguration correctly 2021-01-15 09:57:49 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:45:25 UTC

Description Jan Safranek 2020-12-16 13:35:45 UTC
We let CVO to apply ValidatingWebhookConfiguration for volume snapshot validation. CA bundle is automatically injected into this API object and this makes CVO to update the object again, creating endless loop of injecting CA bundle & removing it.

Fortunately, CVO is not particularly fast, so it does not disrupt the service, however, we should fix it.

Steps to reproduce:

1. oc get validatingwebhookconfiguration snapshot.storage.k8s.io -o yaml
...
  generation: 48
...

It should not grow that much.

Comment 2 Qin Ping 2021-01-06 13:08:17 UTC
Verified with: 4.7.0-0.nightly-2021-01-06-055910

Comment 5 errata-xmlrpc 2021-02-24 15:45:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.