+++ This bug was initially created as a clone of Bug #2057209 +++ Description of problem: Kubernetes limits object names to 63 characters. If a policy name defined in a PolicyGenTemplate approaches this limit the Topology Aware Life-cycle Operator (TALO)cannot create child policies. When this occurs, the parent policy will remain in a "NonCompliant" state. Version-Release number of selected component (if applicable): 4.10 How reproducible: 100% Steps to Reproduce: 1. Install OCP with TALO and GitOps operators 2. Create a PolicyGenTemplate with a policy name and cluster name near the 63 character limit 3. Install a cluster via ZTP using GitOps and TALO 4. Verify that the parent policy remains in NonCompliant state and child policy is never created. Actual results: Child policy is not created. Expected results: TALO created child policy which eventually goes into "Compliant" state. Additional info: Kubernetes character limit documented here: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/governance/governance --- Additional comment from on 2022-04-20 14:40:19 UTC --- https://github.com/openshift-kni/cluster-group-upgrades-operator/pull/145
Verified with latest 4.10 TALM build. When the composed policy name exceeds 64 chars, the name will be cut as designed. $ oc get policies -A NAMESPACE NAME REMEDIATION ACTION COMPLIANCE STATE AGE default test-cgu-longlonglonglonglonglonglonglonglonglong-w6r4r enforce NonCompliant 20s worker-2 default.test-cgu-longlonglonglonglonglonglonglonglonglong-w6r4r enforce NonCompliant 19s
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.10.24 extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:5665