Description of problem: A cluster may have old and new templates (e.g after upgrade). Currently a user can delete older templates and they will not be reconsiled by the operator; older templates should be protected from deletion as VMs may be referencing them. Version-Release number of selected component (if applicable): CNV 2.6.0 (after upgrade) How reproducible: Steps to Reproduce: 1. Install CNV 2.5.z 2. Create a VM from template 3. Upgrade the cluster 4. Delete the template which was used to create the VM 5. Try to restart the VMI Actual results: The restart will fail as the template is not found. w/a - update the VM to use a new template Expected results: Older templates should be reconsiled / protected from deletion Additional info:
I think that, instead of blocking the deletion of old templates, the SSP operator could add the 'vm.kubevirt.io/validations' annotation to old VMs. Then the template-validator would use the validation rules from the annotation and not form a non-existing template. Old VMs could be updated when the SSP resource is updated to a new version. It would be more efficient than updating on each reconciliation iteration.
Template in use by a VM was allowed to be deleted on 4.9 CNV that had been upgraded from 2.5 $ oc delete template -n openshift rhel6-desktop-tiny-v0.11.3 template.template.openshift.io "rhel6-desktop-tiny-v0.11.3" deleted
Verified. Cluster upgraded From: OpenShift 4.6.48 / OpenShift Virtualization 2.5.8 To: OpenShift 4.9.7 / OpenShift Virtualization 4.9.1-23 VMs were created using templates from the UI in 2.5.8 and then the cluster upgraded. After upgrade to 4.9.1, verified delete command was rejected regardless if the VMs were running or not. $ oc delete -n openshift template rhel8-server-tiny-v0.11.3 Error from server (Forbidden): admission webhook "template-admission.ssp.kubevirt.io" denied the request: Template cannot be deleted, because the following VMs are referencing it for validation: {LIST_OF_ALL_VMS_CREATED_FOR_TEST}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Virtualization 4.9.1 Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:5091