This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Bug 2187519 - CNV Virt components are missing required metadata.labels
Summary: CNV Virt components are missing required metadata.labels
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Virtualization
Version: 4.13.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.15.0
Assignee: ffossemo
QA Contact: Kedar Bidarkar
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-04-17 19:45 UTC by Debarati Basu-Nag
Modified: 2023-12-14 16:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-12-14 16:12:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker   CNV-28182 0 None None None 2023-12-14 16:12:28 UTC

Internal Links: 2187533

Description Debarati Basu-Nag 2023-04-17 19:45:31 UTC 
Description of problem: Following virt resources are missing "app.kubernetes.io/managed-by", "app.kubernetes.io/version", "app.kubernetes.io/component", "app.kubernetes.io/part-of" metadata.labels

List of resources:
Secret:
1) kubevirt-operator-dockercfg-*
2) kubevirt-handler-token-*
3) kubevirt-handler-dockercfg-*
4) kubevirt-controller-token-*
5) kubevirt-controller-dockercfg-*
6) kubevirt-apiserver-token-*
7) kubevirt-apiserver-dockercfg-*
8) kubevirt-operator-token-*

Role:
1) kubevirt-hyperconverged-operator.v4.13.0-kubevirt-op-*

RoleBinding:
1) kubevirt-hyperconverged-operator.v4.13.0-kubevirt-op-*

ServiceAccount:
1) kubevirt-operator

EndPoints:
1) virt-operator
2) virt-controller



Version-Release number of selected component (if applicable):
4.13.0

How reproducible:
100%

Steps to Reproduce:
1. Check all virt resources installed in openshift-cnv namespace contains the above mentioned labels.
2.
3.

Actual results:
Some examples:
(cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ oc get secret kubevirt-exportproxy-token-x6hg8 -n openshift-cnv -o json | jq ".metadata"
{
  "annotations": {
    "kubernetes.io/created-by": "openshift.io/create-dockercfg-secrets",
    "kubernetes.io/service-account.name": "kubevirt-exportproxy",
    "kubernetes.io/service-account.uid": "945ddff7-d2a8-4c16-87c4-b0f9e63c891d"
  },
  "creationTimestamp": "2023-04-05T13:26:06Z",
  "name": "kubevirt-exportproxy-token-x6hg8",
  "namespace": "openshift-cnv",
  "resourceVersion": "65942",
  "uid": "59c36a3d-c67f-47ac-ae0d-985127e8d6eb"
}
(cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ 
========================
(cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ oc get secret kubevirt-operator-dockercfg-q2sgk -n openshift-cnv -o json | jq ".metadata"
{
  "annotations": {
    "kubernetes.io/service-account.name": "kubevirt-operator",
    "kubernetes.io/service-account.uid": "934dae41-65c5-4902-95f9-31a4c77bd536",
    "openshift.io/token-secret.name": "kubevirt-operator-token-7b5jh",
    "openshift.io/token-secret.value": "eyJhbGciOiJSUzI1NiIsImtpZCI6InlLMUM1S185aU0tRGc2VWgydnBuODNTNHdNZFpNX2dTY3IxZmRTeVBaMDgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtY252Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Imt1YmV2aXJ0LW9wZXJhdG9yLXRva2VuLTdiNWpoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imt1YmV2aXJ0LW9wZXJhdG9yIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTM0ZGFlNDEtNjVjNS00OTAyLTk1ZjktMzFhNGM3N2JkNTM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9wZW5zaGlmdC1jbnY6a3ViZXZpcnQtb3BlcmF0b3IifQ.XVt51COc_4j4vkYlTnXjaXpXpOFhzZ8I-87R0MDsoGNiuwtAHqaR4h1VuES3NNGArJ86IJws262liqykeYOVjY0jPWS_ut2wrGDQRrz-lbQoCBWoyeCT2QbLQFrDiMhoEvRUuePlq9zRA-Uy8kb1XcoGulQNjnDwqy6PrPNGnjs6L5efjTIuMXdU9jS9TI3ZU11tL2NZVOY9rpUE8w_otzugsYFt_OQYTMKvmoYU8hFpQdcx_wbBsyXAhDPVHQNXs9iGHXJa8I0-UfJ7Xz6Hfa7dsv0c8OBsBOoEQ7DcXZcW1X4R0JRFHrheVp00qhJjs_lUL2ju_BJhemNQFFJT9VZScEuHDGkifm6Y3l2OYU_bYE3ncythqCDsXqKUl_Lr5Jm33u54B8gkJqOIumLbm0jXMbHY0U7_ULjtClAylLoga7Sc0fLFnRETXQSPdj1UYhiz4dHR5xnBDbobzVcn8InQPgfH96GIDIyS5Y9zELHLGpQeu5eT8pPl0cx1yvxF781axE6w6-eqSlVYoJgC_QUNMfzdclQU6YnEBmFmAcqEtXaAIpUYvt5PF6qUIn_G7nRpAZ2q7yvWf6-ce94PCaT8bqgRrl-ZtFhkb-L1tFSarOnAR5WO1x9FJsWuiXopiHVBdehdRczl6IH9GWeJq1A-Vy8b1lQufyOLpzwT01A"
  },
  "creationTimestamp": "2023-04-05T13:24:20Z",
  "name": "kubevirt-operator-dockercfg-q2sgk",
  "namespace": "openshift-cnv",
  "ownerReferences": [
    {
      "apiVersion": "v1",
      "blockOwnerDeletion": false,
      "controller": true,
      "kind": "Secret",
      "name": "kubevirt-operator-token-7b5jh",
      "uid": "e88de223-47ff-4528-8013-bddc70b70b97"
    }
  ],
  "resourceVersion": "62698",
  "uid": "c80d442e-8afd-40f8-8eb5-769bd94db20a"
}
(cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ 
=============================
(cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ oc get secret kubevirt-handler-token-kcgqj -n openshift-cnv -o json | jq ".metadata"
{
  "annotations": {
    "kubernetes.io/created-by": "openshift.io/create-dockercfg-secrets",
    "kubernetes.io/service-account.name": "kubevirt-handler",
    "kubernetes.io/service-account.uid": "d00e67ce-f2f2-47b1-9e9a-b2ca3e85f765"
  },
  "creationTimestamp": "2023-04-05T13:26:06Z",
  "name": "kubevirt-handler-token-kcgqj",
  "namespace": "openshift-cnv",
  "resourceVersion": "65938",
  "uid": "3ada8e40-8cd8-4768-a014-55d9ec12b17d"
}
(cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ 

Expected results:

All these resources should have associated "app.kubernetes.io/managed-by", "app.kubernetes.io/version", "app.kubernetes.io/component", "app.kubernetes.io/part-of" in metadata.labels

Additional info:
Background information: https://issues.redhat.com/browse/CNV-9097
Comment 1 Kedar Bidarkar 2023-04-26 12:27:12 UTC 
After discussing with Virt Devs and depending upon severity and capacity, it was decided to target it to CNV 4.15.
Comment 3 ffossemo 2023-07-28 10:34:51 UTC 
All the secrets `-token`, `-dockercfg` secrets are not created by us, but rather by k8s, OpenShift controllers.

Regarding the other mentioned resources, they are created by OLM in HCO and due to https://github.com/operator-framework/operator-lifecycle-manager/issues/2161#issuecomment-850994988
we cannot label such resources with our custom labels.

We should wait until OLM fixes it.
Comment 4 Antonio Cardace 2023-07-31 07:38:43 UTC 
Deferring to the next major release since we'll have to wait for a fix in OLM.
Note You need to log in before you can comment on or make changes to this bug.