Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bundle validate incorrectly flags PodDisruptionBudget as removed #6237

Closed
burmanm opened this issue Dec 29, 2022 · 4 comments
Closed

bundle validate incorrectly flags PodDisruptionBudget as removed #6237

burmanm opened this issue Dec 29, 2022 · 4 comments
Assignees
@everettraven
Labels
language/go Issue is related to a Go operator project

Comments

@burmanm
Copy link

burmanm commented Dec 29, 2022

Bug Report

What did you do?

Ran:

/usr/local/bin/operator-sdk bundle validate ./bundle --select-optional suite=operatorframework

What did you expect to see?

Well, nothing. PodDisruptionBudget policy/v1beta1 was deprecated, but not policy/v1.

What did you see instead? Under which circumstances?

WARN[0000] Warning: Value cass-operator.v1.14.0-dev.a6054d2-20221229: this bundle is using APIs which were deprecated and removed in v1.25. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25. Migrate the API(s) for events: (["ClusterServiceVersion.Spec.InstallStrategy.StrategySpec.Permissions[0].Rules[1]" "ClusterServiceVersion.Spec.InstallStrategy.StrategySpec.Permissions[0].Rules[10]" "ClusterServiceVersion.Spec.InstallStrategy.StrategySpec.Permissions[0].Rules[11]"]),poddisruptionbudgets: (["ClusterServiceVersion.Spec.InstallStrategy.StrategySpec.Permissions[0].Rules[13]"]),

Coming from this rule:

            - apiGroups:
                - policy
              resources:
                - poddisruptionbudgets
              verbs:
                - create
                - delete
                - get
                - list
                - patch
                - update
                - watch

This is generated by the kubebuilder line:

// +kubebuilder:rbac:groups=policy,namespace=cass-operator,resources=poddisruptionbudgets,verbs=get;list;watch;create;update;patch;delete

With controller-tools 0.10.0. policy/v1 PodDisruptionBudget is used in the project (which was introduced in 1.21 and is definitely available in 1.25). This works fine. The validation does not seem to understand the difference between versions.

Environment

Operator type:

/language go

Kubernetes cluster type:

kind, 1.25.2 (not that it matters)

$ operator-sdk version

operator-sdk version: "v1.26.0", commit: "cbeec475e4612e19f1047ff7014342afe93f60d2", kubernetes version: "v1.25.0", go version: "go1.19.4", GOOS: "darwin", GOARCH: "amd64"

$ go version (if language is Go)

1.19

$ kubectl version

1.25.2

Possible Solution

Additional context
@openshift-ci openshift-ci bot added the language/go Issue is related to a Go operator project label Dec 29, 2022
@everettraven
Copy link
Contributor

@burmanm Thanks for raising this issue! This is something that is in the process of being resolved. There was an issue in the validation logic with operator-framework/api that didn't check the groups and only the resource names for permissions.

This should have been resolved in the api repo as of operator-framework/api@f1b7296 and we just need to update our dependency on it in Operator SDK (PR #6227 updated the master branch). I'm hoping to get this included in a 1.26 patch release, but if for some reason that doesn't happen the fix should be included in the next release of Operator-SDK.

@burmanm
Copy link
Author

burmanm commented Jan 3, 2023

Sounds good. I'll wait until 1.27 until I try to enforce those warnings as failures.

@everettraven
Copy link
Contributor

Since this issue is technically resolved as of #6227 I am going to close this issue

@burmanm burmanm mentioned this issue Jan 31, 2023
Merged
26 tasks
@tesshuflower
Copy link

@everettraven I think I'm still hitting this issue even with operator-sdk v1.26.1 (which appears to have the fix from #6227). I also tried with 1.27.0 but got the same warning.

The changelog for v1.26.1 mentions this:

operator-sdk bundle validate: Fix a bug in the Kubernetes 1.25 validation logic that would warn that a Kubernetes resource was deprecated without checking the group that contains the resource. (i.e if apps/deployments was deprecated and you used other/deployments you would recieve a warning)". The validation logic will now verify the group and resource before issuing a warning. (https://github.com/operator-framework/operator-sdk/pull/6231)

However I think the issue here is that we have a rule that has the same group and kind but has a different version. v1beta1 is deprecated but we're using v1. In my case it's events.k8s.io but I think it matches the scenario above from @burmanm.

kubebuilder line:

//+kubebuilder:rbac:groups=events.k8s.io,resources=events,verbs=create;update;patch

And resulting rule:

        - apiGroups:
          - events.k8s.io
          resources:
          - events
          verbs:
          - create
          - patch
          - update

Neither of these mentions v1beta1 but I still get the validation warning:

this bundle is using APIs which were deprecated and removed in v1.25. More info: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#v1-25. Migrate the API(s) for events: (["ClusterServiceVersion.Spec.InstallStrategy.StrategySpec.ClusterPermissions[0].Rules[11]"])

@thbkrkr thbkrkr mentioned this issue Mar 25, 2024
Open
@JoaoBraveCoding JoaoBraveCoding mentioned this issue Nov 27, 2024
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@everettraven everettraven

Labels
language/go Issue is related to a Go operator project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@burmanm @everettraven @tesshuflower