Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NET-10547] openshift: re-order SCC volume list for Argo sync #4227

Merged
merged 1 commit into from
Aug 5, 2024

Conversation

zalimeni
Copy link
Member

@zalimeni zalimeni commented Aug 2, 2024

Due to logic in OpenShift's admissions hook that force-reorders explicit and implicit entries in this list, our SecurityContextConstraints entries will never successfully sync via tools like ArgoCD, which expect an exact input and output match when diff'ing.

More details on the problem addressed by this change and potential future improvements to avoid it in the future can be found in #4208 (see comments).

Changes proposed in this PR

  • Reorder SCC volumes entries to match the post-reconciliation order persisted by OpenShift

How I've tested this PR

  • Spun up a local OpenShift CRC cluster w/ ArgoCD (GitOps Operator), deployed original and modified charts to verify fix results in a fully synced consul-cni SCC.
  • Tested on Azure using community ArgoCD operator, same results.

How I expect reviewers to test this PR

👀

Checklist

@zalimeni zalimeni added backport/1.1.x Backport to release/1.1.x branch backport/1.3.x This release branch is no longer active. backport/1.4.x backport/1.5.x labels Aug 2, 2024
@zalimeni zalimeni force-pushed the zalimeni/net-10547-openshift-scc-volume-order branch from 18ed9ce to 3f0f19b Compare August 2, 2024 21:45
Due to logic in OpenShift's admissions hook that force-reorders explicit
and implicit entries in this list, our `SecurityContextConstraints`
entries will never successfully sync via tools like ArgoCD, which expect
an exact input and output match when diff'ing.

More details on the problem addressed by this change and potential
future improvements to avoid it in the future can be found in
#4208 (see comments).
@zalimeni zalimeni force-pushed the zalimeni/net-10547-openshift-scc-volume-order branch from 3f0f19b to cd0cd19 Compare August 5, 2024 14:54
@missylbytes missylbytes self-requested a review August 5, 2024 16:29
Copy link
Contributor

@ndhanushkodi ndhanushkodi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport/1.1.x Backport to release/1.1.x branch backport/1.3.x This release branch is no longer active. backport/1.4.x backport/1.5.x
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants