Skip to content

Webhook mount location is incompatible with older versions of OLM #4439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
njhale opened this issue Jan 26, 2021 · 2 comments · Fixed by #4623
Closed

Webhook mount location is incompatible with older versions of OLM #4439

njhale opened this issue Jan 26, 2021 · 2 comments · Fixed by #4623
Assignees
@estroz
Labels
kind/documentation Categorizes issue or PR as related to documentation. language/go Issue is related to a Go operator project
Milestone
v1.6.0

Comments

@njhale
Copy link
Member

njhale commented Jan 26, 2021

Bug Report

What did you do?

Attempt to deploy an operator with webhooks generated by SDK v1.1.0 against the release-4.6 version of OLM.

What did you expect to see?

The operator falls back to the old default serving cert mount locations for the release-4.6 version of OLM if the newer locations aren't populated:

older release-4.6 locations:

  • /apiserver.local.config/certificates/apiserver.crt
  • /apiserver.local.config/certificates/apiserver.key

newer master locations:

  • /tmp/k8s-webhook-server/serving-certs/tls.cert
  • /tmp/k8s-webhook-server/serving-certs/tls.key

What did you see instead? Under which circumstances?

The operator attempted to use only the new, unpopulated, serving cert mount locations and failed to be deployed:

$ kubectl get events -n operators

55s         Warning   Failed                pod/opentelemetry-operator-controller-manager-9bdd9fcc4-ctr8k     Error: cannot find volume "apiservice-cert" to mount into container "kube-rbac-proxy"
55s         Warning   Failed                pod/opentelemetry-operator-controller-manager-9bdd9fcc4-ctr8k     Error: cannot find volume "apiservice-cert" to mount into container "manager"

Environment

Operator type:

/language go

Kubernetes cluster type:

OpenShift

$ operator-sdk version

v1.1.0

Possible Solution

  • Fall back to older default mount locations when current locations aren't populated
  • Document OLM compatibility

Additional context

  • A patch has been introduced into OLM that mounts serving certs in both the old and new locations. This will not be backported to 4.6 or any earlier releases since it would amount to supporting forwards compatibility with SDK.
  • Original Issue
  • Issue: documenting SDK/OLM compatibility
@openshift-ci-robot openshift-ci-robot added the language/go Issue is related to a Go operator project label Jan 26, 2021
This was referenced Jan 26, 2021
Closed
Closed
@varshaprasad96
Copy link
Member

+1. We may have to document the OLM compatibility in general. Also for this specific issue, we could point out that for previous versions of OLM, the workaround is to specify the location of certs while setting up webhook with controller-runtime manager (ex: here).

@estroz
Copy link
Member

estroz commented Feb 1, 2021

/kind documentation
/assign

@openshift-ci-robot openshift-ci-robot added the kind/documentation Categorizes issue or PR as related to documentation. label Feb 1, 2021
@estroz estroz added this to the v1.5.0 milestone Feb 1, 2021
@jberkhahn jberkhahn modified the milestones: v1.5.0, v1.6.0 Feb 24, 2021
@estroz estroz mentioned this issue Mar 19, 2021
Merged
2 tasks
@ryanemerson ryanemerson mentioned this issue Jul 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@estroz estroz

Labels
kind/documentation Categorizes issue or PR as related to documentation. language/go Issue is related to a Go operator project
Projects
None yet
Milestone
v1.6.0
Development

Successfully merging a pull request may close this issue.

(manifests/v2) add support for webhooks by default and docs estroz/operator-sdk
5 participants
@njhale @jberkhahn @estroz @openshift-ci-robot @varshaprasad96