kubemacpool: Remove namespace labels #1566
Conversation
kubevirt-bot
added
release-note
qinqon
force-pushed
the
remove-kubemacpool-namespace-labels
branch
from
28641b6
to
7a47ce7
Compare
| @@ -1,9 +1,6 @@ | |||
| apiVersion: v1 | |||
| kind: Namespace | |||
| metadata: | |||
| labels: | |||
| control-plane: mac-controller-manager | |||
There was a problem hiding this comment.
why control-plane: mac-controller-manager is removed as well ?
it was not part of the latest breaking change
There was a problem hiding this comment.
+1, it should stay. I think we already delete it for non-namespaced objects (here).
There was a problem hiding this comment.
Btw some of the logic there was in order to maintain backward compatability
maybe the versions we support /deployed on customer site are new enough so we can remove this patch?
(more info here #1145)
also worth to see https://github.com/kubevirt/cluster-network-addons-operator/pull/1145/files#r796372158
not sure if was handled
of course not part of this PR scope
There was a problem hiding this comment.
I would not depend on the controller and keep the manifest as we want them to be, so we don't need time for them to be fixed.
There was a problem hiding this comment.
The controller is removing them only for backward compatibility, for versions where CNAO label stuff that it didn't need to have and then those versions were upgraded to one that fixed the labeling.
You can see here a discussion that tells that we better remove it from the source itself - KMP, IIRC
https://github.com/kubevirt/cluster-network-addons-operator/pull/1145/files#r796372158
|
/test pull-cluster-network-addons-operator-unit-test |
|
Worth to enclose the failure of HCO please on PR desc |
| metadata: | ||
| name: cluster-network-addons | ||
| labels: | ||
| control-plane: mac-controller-manager |
There was a problem hiding this comment.
I think adding/removing the control-plane label should not be part of this PR,
There was a problem hiding this comment.
I will remove it from here, but the adding at bump-kubemacpool is ok
| - op: replace | ||
| path: /data/RANGE_START | ||
| value: "{{ .RangeStart }}" | ||
| - op: replace | ||
| path: /data/RANGE_END | ||
| value: "{{ .RangeEnd }}" | ||
| EOF | ||
| cat <<EOF > config/cnao/cnao_remove-labels_patch.yaml |
There was a problem hiding this comment.
can you specifically remove the pod-security.kubernetes.io/enforce label?
There was a problem hiding this comment.
I am going to remove all the labels since controller is removing the other one too.
qinqon
force-pushed
the
remove-kubemacpool-namespace-labels
branch
from
7a47ce7
to
f62b973
Compare
|
https://prow.ci.kubevirt.io/view/gs/kubevirt-prow/pr-logs/pull/kubevirt_cluster-network-addons-operator/1566/pull-e2e-cnao-multus-dynamic-networks-functests/1668906222926958592 |
|
/test pull-e2e-cluster-network-addons-operator-kubemacpool-functests |
|
or just a flake ? (didnt look deep) |
|
/test pull-e2e-cluster-network-addons-operator-kubemacpool-functests |
|
it still fails |
|
/override pull-e2e-cnao-multus-dynamic-networks-functests |
|
@qinqon: Overrode contexts on behalf of qinqon: pull-e2e-cnao-multus-dynamic-networks-functests In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
hiccup
Is very dangerous to label the shared namespace, it affects all the network components, we should remove the label, if we see kubemacpool depends on something, we will fix it. |
The kubemacpool project was adding restricted label to test security context. This change remove labels altogether and configure them at CI to test it. Signed-off-by: Enrique Llorente <ellorent@redhat.com>
qinqon
force-pushed
the
remove-kubemacpool-namespace-labels
branch
from
f62b973
to
a32efaa
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
|
Sumup here for future possible AI, thanks |
|
/override pull-e2e-cnao-multus-dynamic-networks-functests |
|
@qinqon: Overrode contexts on behalf of qinqon: pull-e2e-cnao-multus-dynamic-networks-functests In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: qinqon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: cluster-network-addons |
There was a problem hiding this comment.
nit: we don't need to parameterize the ns name ?
anyhow if needed can be done on follow PR
What this PR does / why we need it:
The kubemacpool project was adding restricted label to test security context. This change remove labels altogether and configure them at CI to test it.
Special notes for your reviewer:
Since the CNAO namespace is shared between components is done there instead of kubemacpool that has it's own namespace.
Release note: