Description of problem: Following virt resources are missing "app.kubernetes.io/managed-by", "app.kubernetes.io/version", "app.kubernetes.io/component", "app.kubernetes.io/part-of" metadata.labels List of resources: Secret: 1) kubevirt-operator-dockercfg-* 2) kubevirt-handler-token-* 3) kubevirt-handler-dockercfg-* 4) kubevirt-controller-token-* 5) kubevirt-controller-dockercfg-* 6) kubevirt-apiserver-token-* 7) kubevirt-apiserver-dockercfg-* 8) kubevirt-operator-token-* Role: 1) kubevirt-hyperconverged-operator.v4.13.0-kubevirt-op-* RoleBinding: 1) kubevirt-hyperconverged-operator.v4.13.0-kubevirt-op-* ServiceAccount: 1) kubevirt-operator EndPoints: 1) virt-operator 2) virt-controller Version-Release number of selected component (if applicable): 4.13.0 How reproducible: 100% Steps to Reproduce: 1. Check all virt resources installed in openshift-cnv namespace contains the above mentioned labels. 2. 3. Actual results: Some examples: (cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ oc get secret kubevirt-exportproxy-token-x6hg8 -n openshift-cnv -o json | jq ".metadata" { "annotations": { "kubernetes.io/created-by": "openshift.io/create-dockercfg-secrets", "kubernetes.io/service-account.name": "kubevirt-exportproxy", "kubernetes.io/service-account.uid": "945ddff7-d2a8-4c16-87c4-b0f9e63c891d" }, "creationTimestamp": "2023-04-05T13:26:06Z", "name": "kubevirt-exportproxy-token-x6hg8", "namespace": "openshift-cnv", "resourceVersion": "65942", "uid": "59c36a3d-c67f-47ac-ae0d-985127e8d6eb" } (cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ ======================== (cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ oc get secret kubevirt-operator-dockercfg-q2sgk -n openshift-cnv -o json | jq ".metadata" { "annotations": { "kubernetes.io/service-account.name": "kubevirt-operator", "kubernetes.io/service-account.uid": "934dae41-65c5-4902-95f9-31a4c77bd536", "openshift.io/token-secret.name": "kubevirt-operator-token-7b5jh", "openshift.io/token-secret.value": "eyJhbGciOiJSUzI1NiIsImtpZCI6InlLMUM1S185aU0tRGc2VWgydnBuODNTNHdNZFpNX2dTY3IxZmRTeVBaMDgifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJvcGVuc2hpZnQtY252Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Imt1YmV2aXJ0LW9wZXJhdG9yLXRva2VuLTdiNWpoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imt1YmV2aXJ0LW9wZXJhdG9yIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiOTM0ZGFlNDEtNjVjNS00OTAyLTk1ZjktMzFhNGM3N2JkNTM2Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Om9wZW5zaGlmdC1jbnY6a3ViZXZpcnQtb3BlcmF0b3IifQ.XVt51COc_4j4vkYlTnXjaXpXpOFhzZ8I-87R0MDsoGNiuwtAHqaR4h1VuES3NNGArJ86IJws262liqykeYOVjY0jPWS_ut2wrGDQRrz-lbQoCBWoyeCT2QbLQFrDiMhoEvRUuePlq9zRA-Uy8kb1XcoGulQNjnDwqy6PrPNGnjs6L5efjTIuMXdU9jS9TI3ZU11tL2NZVOY9rpUE8w_otzugsYFt_OQYTMKvmoYU8hFpQdcx_wbBsyXAhDPVHQNXs9iGHXJa8I0-UfJ7Xz6Hfa7dsv0c8OBsBOoEQ7DcXZcW1X4R0JRFHrheVp00qhJjs_lUL2ju_BJhemNQFFJT9VZScEuHDGkifm6Y3l2OYU_bYE3ncythqCDsXqKUl_Lr5Jm33u54B8gkJqOIumLbm0jXMbHY0U7_ULjtClAylLoga7Sc0fLFnRETXQSPdj1UYhiz4dHR5xnBDbobzVcn8InQPgfH96GIDIyS5Y9zELHLGpQeu5eT8pPl0cx1yvxF781axE6w6-eqSlVYoJgC_QUNMfzdclQU6YnEBmFmAcqEtXaAIpUYvt5PF6qUIn_G7nRpAZ2q7yvWf6-ce94PCaT8bqgRrl-ZtFhkb-L1tFSarOnAR5WO1x9FJsWuiXopiHVBdehdRczl6IH9GWeJq1A-Vy8b1lQufyOLpzwT01A" }, "creationTimestamp": "2023-04-05T13:24:20Z", "name": "kubevirt-operator-dockercfg-q2sgk", "namespace": "openshift-cnv", "ownerReferences": [ { "apiVersion": "v1", "blockOwnerDeletion": false, "controller": true, "kind": "Secret", "name": "kubevirt-operator-token-7b5jh", "uid": "e88de223-47ff-4528-8013-bddc70b70b97" } ], "resourceVersion": "62698", "uid": "c80d442e-8afd-40f8-8eb5-769bd94db20a" } (cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ ============================= (cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ oc get secret kubevirt-handler-token-kcgqj -n openshift-cnv -o json | jq ".metadata" { "annotations": { "kubernetes.io/created-by": "openshift.io/create-dockercfg-secrets", "kubernetes.io/service-account.name": "kubevirt-handler", "kubernetes.io/service-account.uid": "d00e67ce-f2f2-47b1-9e9a-b2ca3e85f765" }, "creationTimestamp": "2023-04-05T13:26:06Z", "name": "kubevirt-handler-token-kcgqj", "namespace": "openshift-cnv", "resourceVersion": "65938", "uid": "3ada8e40-8cd8-4768-a014-55d9ec12b17d" } (cnv-tests-4-13-py3.9) [cloud-user@ocp-ipi-executor-xl cnv-tests]$ Expected results: All these resources should have associated "app.kubernetes.io/managed-by", "app.kubernetes.io/version", "app.kubernetes.io/component", "app.kubernetes.io/part-of" in metadata.labels Additional info: Background information: https://issues.redhat.com/browse/CNV-9097
After discussing with Virt Devs and depending upon severity and capacity, it was decided to target it to CNV 4.15.
All the secrets `-token`, `-dockercfg` secrets are not created by us, but rather by k8s, OpenShift controllers. Regarding the other mentioned resources, they are created by OLM in HCO and due to https://github.com/operator-framework/operator-lifecycle-manager/issues/2161#issuecomment-850994988 we cannot label such resources with our custom labels. We should wait until OLM fixes it.
Deferring to the next major release since we'll have to wait for a fix in OLM.