-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubemacpool: Remove namespace labels #1566
kubemacpool: Remove namespace labels #1566
Conversation
28641b6
to
7a47ce7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
@@ -1,9 +1,6 @@ | |||
apiVersion: v1 | |||
kind: Namespace | |||
metadata: | |||
labels: | |||
control-plane: mac-controller-manager |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why control-plane: mac-controller-manager
is removed as well ?
it was not part of the latest breaking change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1, it should stay. I think we already delete it for non-namespaced objects (here).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Btw some of the logic there was in order to maintain backward compatability
maybe the versions we support /deployed on customer site are new enough so we can remove this patch?
(more info here #1145)
also worth to see https://github.com/kubevirt/cluster-network-addons-operator/pull/1145/files#r796372158
not sure if was handled
of course not part of this PR scope
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would not depend on the controller and keep the manifest as we want them to be, so we don't need time for them to be fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The controller is removing them only for backward compatibility, for versions where CNAO label stuff that it didn't need to have and then those versions were upgraded to one that fixed the labeling.
You can see here a discussion that tells that we better remove it from the source itself - KMP, IIRC
https://github.com/kubevirt/cluster-network-addons-operator/pull/1145/files#r796372158
/test pull-cluster-network-addons-operator-unit-test |
Worth to enclose the failure of HCO please on PR desc |
metadata: | ||
name: cluster-network-addons | ||
labels: | ||
control-plane: mac-controller-manager |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think adding/removing the control-plane
label should not be part of this PR,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will remove it from here, but the adding at bump-kubemacpool is ok
- op: replace | ||
path: /data/RANGE_START | ||
value: "{{ .RangeStart }}" | ||
- op: replace | ||
path: /data/RANGE_END | ||
value: "{{ .RangeEnd }}" | ||
EOF | ||
cat <<EOF > config/cnao/cnao_remove-labels_patch.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you specifically remove the pod-security.kubernetes.io/enforce
label?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am going to remove all the labels since controller is removing the other one too.
7a47ce7
to
f62b973
Compare
https://prow.ci.kubevirt.io/view/gs/kubevirt-prow/pr-logs/pull/kubevirt_cluster-network-addons-operator/1566/pull-e2e-cnao-multus-dynamic-networks-functests/1668906222926958592
|
/test pull-e2e-cluster-network-addons-operator-kubemacpool-functests |
or just a flake ? (didnt look deep) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
I think that removing all the labels in the yaml patch may bite us in the future, but we can remove the control-plane
label from the NS on the KMP repo in parallel, then consider refining the yaml patch to remove exactly the labels we want.
/test pull-e2e-cluster-network-addons-operator-kubemacpool-functests |
it still fails |
/override pull-e2e-cnao-multus-dynamic-networks-functests |
@qinqon: Overrode contexts on behalf of qinqon: pull-e2e-cnao-multus-dynamic-networks-functests In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
hiccup
Is very dangerous to label the shared namespace, it affects all the network components, we should remove the label, if we see kubemacpool depends on something, we will fix it. |
The kubemacpool project was adding restricted label to test security context. This change remove labels altogether and configure them at CI to test it. Signed-off-by: Enrique Llorente <ellorent@redhat.com>
f62b973
to
a32efaa
Compare
Kudos, SonarCloud Quality Gate passed! |
Sumup here for future possible AI, thanks |
/override pull-e2e-cnao-multus-dynamic-networks-functests |
@qinqon: Overrode contexts on behalf of qinqon: pull-e2e-cnao-multus-dynamic-networks-functests In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: qinqon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: cluster-network-addons |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: we don't need to parameterize the ns name ?
anyhow if needed can be done on follow PR
What this PR does / why we need it:
The kubemacpool project was adding restricted label to test security context. This change remove labels altogether and configure them at CI to test it.
Special notes for your reviewer:
Since the CNAO namespace is shared between components is done there instead of kubemacpool that has it's own namespace.
Release note: