[Bug] ConfigSet, ConfigBlame and RunningConfig leaking into other namespaces #417
Description
Problem
ConfigSet, ConfigBlame and RunningConfig are showing up in unexpected namespaces when listing these resources
Reproduction
echo "==> Cleaning up any existing minikube cluster"
minikube delete --all || true
echo "==> Starting minikube (this may take a minute)"
minikube start --embed-certs
echo "==> Ensuring nodes are Ready"
kubectl wait --for=condition=Ready nodes --all --timeout=120s
echo "==> Install sdc"
kubectl apply -f https://docs.sdcio.dev/artifacts/basic-usage/installation.yaml
echo "==> Waiting for api-server in namespace sdc-system to become Ready"
kubectl rollout status deployment/api-server -n sdc-system
echo "==> Waiting for controller in namespace sdc-system to become Ready"
kubectl rollout status deployment/controller -n sdc-system
echo "==> Waiting for data-server in namespace sdc-system to become Ready"
kubectl wait --for=jsonpath='{.status.readyReplicas}'=1 statefulset/data-server-controller -n sdc-system
echo "==> Start notconf"
kubectl apply -n sdc-system -f - <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: notconf
labels:
app: notconf
spec:
replicas: 1
selector:
matchLabels:
app: notconf
template:
metadata:
labels:
app: notconf
spec:
containers:
- name: notconf
image: ghcr.io/notconf/notconf-sros:22.2
imagePullPolicy: IfNotPresent
ports:
- name: netconf
containerPort: 830
protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
name: notconf
spec:
type: ClusterIP
selector:
app: notconf
ports:
- name: netconf
protocol: TCP
port: 830
targetPort: 830
EOF
echo "==> Waiting for notconf in namespace sdc-system to become Ready"
kubectl rollout status deployment/notconf -n sdc-system
echo "==> Create SDC resources"
kubectl apply -f - <<EOF
---
apiVersion: inv.sdcio.dev/v1alpha1
kind: Schema
metadata:
name: sros.nokia.sdcio.dev-22.2.1
namespace: sdc-system
spec:
provider: sros.nokia.sdcio.dev
version: 22.2.R1
repositories:
- repoURL: https://github.com/nokia/7x50_YangModels
kind: tag
ref: sros_22.2.r1
dirs:
- src: YANG
dst: .
schema:
models:
- nokia-combined
includes:
- ietf
- nokia-sros-yang-extensions.yang
excludes: []
---
apiVersion: inv.sdcio.dev/v1alpha1
kind: TargetConnectionProfile
metadata:
name: test-sros-netconf
namespace: sdc-system
labels:
scdio.dev/env: ci-test
spec:
port: 830
protocol: netconf
skipVerify: true
includeNS: true
operationWithNS: true
commitCandidate: running
---
apiVersion: inv.sdcio.dev/v1alpha1
kind: TargetSyncProfile
metadata:
name: test-sros-netconf-getconfig
namespace: sdc-system
spec:
buffer: 0
workers: 10
validate: true
sync:
- name: config
protocol: netconf
port: 830
paths:
- /
mode: get
encoding: CONFIG
interval: "30s"
---
apiVersion: inv.sdcio.dev/v1alpha1
kind: DiscoveryRule
metadata:
name: sros-dr-static
namespace: sdc-system
spec:
period: 1m
concurrentScans: 2
defaultSchema:
provider: sros.nokia.sdcio.dev
version: 22.2.R1
addresses:
- address: notconf.sdc-system.svc.cluster.local
hostName: notconf
targetConnectionProfiles:
- credentials: sros.nokia.sdcio.dev
connectionProfile: test-sros-netconf
syncProfile: test-sros-netconf-getconfig
targetTemplate:
labels:
sdcio.dev/target-type: sros
---
apiVersion: v1
kind: Secret
metadata:
name: sros.nokia.sdcio.dev
namespace: sdc-system
type: kubernetes.io/basic-auth
stringData:
username: admin
password: admin
---
apiVersion: config.sdcio.dev/v1alpha1
kind: ConfigSet
metadata:
name: customer
namespace: sdc-system
spec:
target:
targetSelector:
matchLabels:
sdcio.dev/target-type: sros
priority: 5
config:
- path: /
value:
configure:
service:
customer:
- customer-name: "1"
customer-id: 1
- customer-name: "2"
customer-id: 2
EOF
echo "==> Waiting for schema in namespace sdc-system to become Ready"
kubectl wait --for=condition=Ready schema/sros.nokia.sdcio.dev-22.2.1 -n sdc-system --timeout=120s
echo "==> Waiting for confg in namespace sdc-system to become Ready"
kubectl wait --for=condition=Ready config.config.sdcio.dev/customer-notconf -n sdc-system
echo "==> Get configsets, configs, configblames, and runningconfigs in sdc-system namespace. We expect to see the configset we just created, and the config, configblame and runningconfig created by the controller."
kubectl get configset -n sdc-system
kubectl get config -n sdc-system
kubectl get configblames -n sdc-system
kubectl get runningconfig -n sdc-system
echo "==> Get configsets, configs, configblames, and runningconfigs in default namespace. We expect to see see nothing as everything should be in the sdc-system namespace."
kubectl get configset -n default
kubectl get config -n default
kubectl get configblames -n default
kubectl get runningconfig -n default
Result
kubectl get configset -n sdc-system; \
kubectl get config -n sdc-system; \
kubectl get configblames -n sdc-system; \
kubectl get runningconfig -n sdc-system
NAME READY TARGETS
configset.config.sdcio.dev/customer True 1
NAME READY REASON PRIORITY TARGET SCHEMA
config.config.sdcio.dev/customer-notconf True config applied and target ready 5 sdc-system/notconf sros.nokia.sdcio.dev/22.2.R1
NAME
configblame.config.sdcio.dev/notconf
NAME
runningconfig.config.sdcio.dev/notconf
kubectl get configset -n default; \
kubectl get config -n default; \
kubectl get configblames -n default; \
kubectl get runningconfig -n default
NAME READY TARGETS
configset.config.sdcio.dev/customer True 1
No resources found in default namespace.
NAME
configblame.config.sdcio.dev/notconf
NAME
runningconfig.config.sdcio.dev/notconf
Expected Result
We should not see anything in the default namespace, only the sdc-system namespace
Additional information
kubectl -n sdc-system get deployment -o json | jq '.items[].spec.template.spec.containers[].image'
"ghcr.io/sdcio/config-server-api-server:v0.0.55"
"ghcr.io/sdcio/config-server-controller:v0.0.55"
"ghcr.io/notconf/notconf-sros:22.2"
kubectl -n sdc-system get statefulset -o json | jq '.items[].spec.template.spec.containers[].image'
"ghcr.io/sdcio/config-server-controller:v0.0.55"
"ghcr.io/sdcio/data-server:v0.0.67"Metadata
Metadata
Assignees
Labels
No labels