Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-11014

Applications being duplicated when 3scale Operator is reinstalled in an environment that uses a self signed cert

XMLWordPrintable

    • False
    • None
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started

      Issue description:

      In 3scale 2.14, if 3scale Operator (tested with version 0.11.11) is uninstalled and then reinstalled but is unable to connect to the Admin Portal due to a self-signed or invalid certificate, it will cause any application CRs to enter an error state with the applicationID field removed from the Application CR. Thus, after correcting the certificate issue in the operator, it will ultimately create a duplicate application .

      How to reproduce:

      1. Create a developersecret.yaml, developeruser.yaml, developeraccount.yaml, product.yaml and a application.yaml;
      2. Wait for operator to sync all CR's, and check the assigned applicationID of application:
      $ oc get application/testapplication -o yaml
apiVersion: capabilities.3scale.net/v1beta1
kind: Application
...
status:
  applicationID: 10
  conditions:
  - lastTransitionTime: "2024-05-01T17:08:36Z"
    status: "True"
    type: Ready
  observedGeneration: 2
  providerAccountHost: https://3scale-admin.apps.example.com
  state: live
      1. Checking in Admin Portal, we can see the created application in the product:
      2. Remove and reinstall the 3scale Operator;
      3. Wait for operator to start and check the application status:
      $ oc get application/testapplication -o yaml
apiVersion: capabilities.3scale.net/v1beta1
kind: Application
...
status:
  conditions:
  - lastTransitionTime: "2024-05-01T17:16:30Z"
    message: 'spec.productCRName: Invalid value: v1.LocalObjectReference{Name:"testproduct"}:
      productCR name doesnt have a valid product reference'
    status: "False"
    type: Ready
  observedGeneration: 2
      1. Note that the applicationID vanished from application CR;
      2. Reinject admin portal certificate to the 3scale Operator to allow the operator to manage the custom resources;
      3. Wait for the operator to reconcile the custom resources and check Application CR again:
      $ oc get application/testapplication -o yaml
apiVersion: capabilities.3scale.net/v1beta1
kind: Application
...
status:
  applicationID: 11
  conditions:
  - lastTransitionTime: "2024-05-01T17:18:11Z"
    status: "True"
    type: Ready
  observedGeneration: 2
  providerAccountHost: https://3scale-admin.apps.example.com
  state: live
      1. Note that the applicationID changed from 10 to 11;
      2. Checking the Admin Portal, we can see the duplicated application:

      Workaround:

      If the Custom Resource objects has the "insecure_skip_verify: true" in the metadata -> annotations, the Operator will not remove the applicationID from the Application CR and will work fine.

        1. image-2024-05-01-14-20-06-362.png
          206 kB
          Ernani Azevedo
        2. image-2024-05-01-14-15-16-332.png
          195 kB
          Ernani Azevedo
        3. application.yaml
          0.3 kB
          Ernani Azevedo
        4. product.yaml
          0.3 kB
          Ernani Azevedo
        5. developeraccount.yaml
          0.2 kB
          Ernani Azevedo
        6. developeruser.yaml
          0.3 kB
          Ernani Azevedo
        7. developersecret.yaml
          0.1 kB
          Ernani Azevedo

            Unassigned Unassigned
            rhn-support-eazevedo Ernani Azevedo
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: