Bug 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster
Summary: Cluster Pools with conflicting name of existing clusters in same namespace fa...
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: Console
Version: rhacm-2.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: rhacm-2.4.6
Assignee: John Swanke
QA Contact: dhuynh
Christopher Dawson
Depends On:
TreeView+ depends on / blocked
Reported: 2022-06-29 22:13 UTC by Daniel Schimpfoessl
Modified: 2022-09-26 14:53 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-09-26 14:52:40 UTC
Target Upstream Version:
bot-tracker-sync: rhacm-2.4.z+

Attachments (Terms of Use)
Error messages in cluster pool creation screen. (177.67 KB, image/png)
2022-06-29 22:13 UTC, Daniel Schimpfoessl
no flags Details
oc command output before and after pool creation (143.70 KB, image/png)
2022-06-29 22:14 UTC, Daniel Schimpfoessl
no flags Details

System ID Private Priority Status Summary Last Updated
Github stolostron backlog issues 23877 0 None None None 2022-06-30 03:25:57 UTC
Red Hat Product Errata RHSA-2022:6696 0 None None None 2022-09-26 14:53:50 UTC

Description Daniel Schimpfoessl 2022-06-29 22:13:10 UTC
Created attachment 1893497 [details]
Error messages in cluster pool creation screen.

Created attachment 1893497 [details]
Error messages in cluster pool creation screen.

Description of the problem:
Given an existing cluster named aws (with created namespace aws).
Creating a cluster pool named aws in the aws namespace fails (see attachment) with errors for existing artifacts such as aws-pull-secret, aws-install-config, aws-aws-creds. The pool can still be created but the existing cluster is deleted at that point (see attachment). Renaming the pool at that point fails to created the pool as well.

Release version:
ACM 2.5

Operator snapshot version:

OCP version:

Browser Info:

Steps to reproduce:
1. Create cluster named acm
2. Create cluster pool named acm in acm namespace

Actual results:
Cluster pool is created after showing errors and existing cluster is destroyed.

Expected results:
Conflict detection and either cluster pool created with unique artifact names and the existing cluster remains.

Additional info:

Comment 1 Daniel Schimpfoessl 2022-06-29 22:14:38 UTC
Created attachment 1893498 [details]
oc command output before and after pool creation

Comment 2 daliu 2022-06-30 06:54:21 UTC
This namespace will be deleted after the cluster destroyed. And this namespace should only be used for resources of cluster instance, and you should not put anything else in this namespace, like: Clusterpool, Deployment, Policy, Application.

We will add an doc for this.

Comment 3 Daniel Schimpfoessl 2022-06-30 14:54:43 UTC
Our current documentation makes it sound like there is a namespace shared for clusters and cluster pools but you do not have to use it.


1.16.2. Creating a cluster pool
You can either select an existing namespace from the list, or type the name of a new one to create one. The cluster pool does not have to be in the same namespace as the clusters.

Comment 4 Eric Fried 2022-06-30 16:00:26 UTC
I have basically no skin in this, but...

IMHO this requires more than a doc fix. The result is catastrophic and completely unexpected. *Some* kind of preventive measure needs to be enacted.

Comment 5 daliu 2022-07-01 00:45:40 UTC
Thanks @efried 
The document is the first step.

Anyway, we should not delete the customer clusters when the clusterpool creation fails.

Then we need to consider what should we do next, maybe at least two options:
1. should not delete the clusterdeployment and related secrets when clusterpool creation fails
2. do not allow to create other kind of resources in the cluster ns.

Comment 6 Napoco Agbetra 2022-07-27 02:53:11 UTC
Verified in 2.5.2-DOWNSTREAM-2022-07-19-17-04-37 and OCP 4.10.18
Created cluster with name 'x' and namespace 'x'
Tried to create a clusterpool with same name and namespace as cluster but the clusterpool creation failed as expected and showed errors that the pull secret, install config, and aws-secret already existed for that namespace
Verified in backend as well that the clusterpool did not get created
Cluster did not get destroyed

Comment 11 errata-xmlrpc 2022-09-26 14:52:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.