Description of problem: Some of the cdi resources missing app labels Version-Release number of selected component (if applicable): Client Version: 4.9.0-202108121026.p0.git.25b5251.assembly.stream-25b5251 Server Version: 4.9.0-0.nightly-2021-08-14-065522 Kubernetes Version: v1.22.0-rc.0+76ff583 CNV 4.9 How reproducible: Always Steps to Reproduce: 1. Verify the app labels in cdi resources 2. 3. Actual results: $ oc get configmap cdi-operator-leader-election-helper -n openshift-cnv -o yaml apiVersion: v1 kind: ConfigMap metadata: annotations: control-plane.alpha.kubernetes.io/leader: '{"holderIdentity":"cdi-operator-689b5bc5bf-jjlb9_7e7c1cbd-60c0-4265-b4d1-63af541225b9","leaseDurationSeconds":15,"acquireTime":"2021-08-16T17:38:24Z","renewTime":"2021-08-17T07:41:27Z","leaderTransitions":5}' creationTimestamp: "2021-08-16T14:54:59Z" name: cdi-operator-leader-election-helper namespace: openshift-cnv resourceVersion: "1216816" uid: f5c22b79-dc35-47ab-aa2e-5d7f8c377a1b Expected results: The cdi resources should be including the app labels: app.kubernetes.io/component: storage app.kubernetes.io/managed-by: cdi-controller/cdi-operator app.kubernetes.io/part-of: hyperconverged-cluster app.kubernetes.io/version: v4.9.0 Additional info: Below secrets are missing app labels as well: cdi-api-signing-key cdi-apiserver-dockercfg-jmksj cdi-apiserver-token-lnnxh cdi-operator-dockercfg-jzx9b cdi-operator-token-bq5df cdi-operator-token-d6jqc cdi-sa-dockercfg-2nnqz cdi-sa-token-tgf26 cdi-sa-token-zvjl7 cdi-uploadproxy-dockercfg-bnhbn cdi-uploadproxy-token-gs7kt cdi-uploadproxy-token-sfrs2
The serviceaccount cdi-operator has the same issue: $ oc get sa cdi-operator -n openshift-cnv -o yaml apiVersion: v1 imagePullSecrets: - name: cdi-operator-dockercfg-jzx9b kind: ServiceAccount metadata: creationTimestamp: "2021-08-16T14:54:34Z" labels: operators.coreos.com/kubevirt-hyperconverged.openshift-cnv: "" name: cdi-operator namespace: openshift-cnv ownerReferences: - apiVersion: operators.coreos.com/v1alpha1 blockOwnerDeletion: false controller: false kind: ClusterServiceVersion name: kubevirt-hyperconverged-operator.v4.9.0 uid: c47ec510-8301-40cd-8f76-27069b19f70a resourceVersion: "67819" uid: 15169b8a-ebfb-4737-b0da-56e3e50bf5c1 secrets: - name: cdi-operator-dockercfg-jzx9b - name: cdi-operator-token-d6jqc
Test on latest CNV v4.9.0-152 cluster , the app labels are existed in secret cdi-api-signing-key kind: Secret metadata: creationTimestamp: "2021-08-28T00:38:53Z" labels: app.kubernetes.io/component: storage app.kubernetes.io/managed-by: cdi-apiserver app.kubernetes.io/part-of: hyperconverged-cluster app.kubernetes.io/version: v4.9.0 cdi.kubevirt.io: keystore name: cdi-api-signing-key namespace: openshift-cnv
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.9.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:4104