Hide Forgot
Created attachment 1893497 [details] Error messages in cluster pool creation screen. Created attachment 1893497 [details] Error messages in cluster pool creation screen. Description of the problem: Given an existing cluster named aws (with created namespace aws). Creating a cluster pool named aws in the aws namespace fails (see attachment) with errors for existing artifacts such as aws-pull-secret, aws-install-config, aws-aws-creds. The pool can still be created but the existing cluster is deleted at that point (see attachment). Renaming the pool at that point fails to created the pool as well. Release version: ACM 2.5 Operator snapshot version: OCP version: 4.10.18 Browser Info: Steps to reproduce: 1. Create cluster named acm 2. Create cluster pool named acm in acm namespace Actual results: Cluster pool is created after showing errors and existing cluster is destroyed. Expected results: Conflict detection and either cluster pool created with unique artifact names and the existing cluster remains. Additional info:
Created attachment 1893498 [details] oc command output before and after pool creation
This namespace will be deleted after the cluster destroyed. And this namespace should only be used for resources of cluster instance, and you should not put anything else in this namespace, like: Clusterpool, Deployment, Policy, Application. We will add an doc for this. https://github.com/stolostron/backlog/issues/23931
Our current documentation makes it sound like there is a namespace shared for clusters and cluster pools but you do not have to use it. https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/clusters/managing-your-clusters#managing-cluster-pools 1.16.2. Creating a cluster pool You can either select an existing namespace from the list, or type the name of a new one to create one. The cluster pool does not have to be in the same namespace as the clusters.
I have basically no skin in this, but... IMHO this requires more than a doc fix. The result is catastrophic and completely unexpected. *Some* kind of preventive measure needs to be enacted.
Thanks @efried The document is the first step. Anyway, we should not delete the customer clusters when the clusterpool creation fails. Then we need to consider what should we do next, maybe at least two options: 1. should not delete the clusterdeployment and related secrets when clusterpool creation fails 2. do not allow to create other kind of resources in the cluster ns.
Verified in 2.5.2-DOWNSTREAM-2022-07-19-17-04-37 and OCP 4.10.18 Created cluster with name 'x' and namespace 'x' Tried to create a clusterpool with same name and namespace as cluster but the clusterpool creation failed as expected and showed errors that the pull secret, install config, and aws-secret already existed for that namespace Verified in backend as well that the clusterpool did not get created Cluster did not get destroyed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Critical: Red Hat Advanced Cluster Management 2.4.6 security update and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6696