Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2.0.1 is not functional in an application with a deny-all NetworkPolicy #48

Closed
benlangfeld opened this issue Feb 14, 2024 · 0 comments · Fixed by #49
Closed

2.0.1 is not functional in an application with a deny-all NetworkPolicy #48

benlangfeld opened this issue Feb 14, 2024 · 0 comments · Fixed by #49
Labels
bug Something isn't working

Comments

@benlangfeld
Copy link
Member

Expected behaviour

  • The operator should delete NetworkPolicy objects it created and no longer intends to manage, so that upgrades of the operator and new Redis deployments work identically. RedisFailover should become unhealthy and make it obvious that the upgraded operator version is incompatible with the application.
  • Optionally the operator should have test coverage for the scenario of being deployed in a namespace with a deny-all NetworkPolicy.
  • Patch (or minor) releases should not break applications. Backwards incompatible changes should be released in new major versions to indicate additional caution to the user performing an upgrade.

Actual behaviour

When upgrading the operator for an existing RedisFailover

If the RedisFailover was previously created by the operator at version < 2.0.0, Redis will continue to work until the abandoned NetworkPolicy resources are manually deleted.

When deploying a new RedisFailover with the existing operator

Redis and Sentinel pods are unable to connect to each other and are never marked healthy.

Steps to reproduce the behaviour

  • Deploy a NetworkPolicy as such to the namespace:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
spec:
  podSelector: {}
  policyTypes:
  - Ingress
  • Deploy the operator at version 2.0.0.
  • Create a RedisFailover and wait for it to become healthy.
  • Deploy the operator at version 2.0.2.
  • Observe the first RedisFailover continuing to work.
  • Create a second RedisFailover. Observe that it does not work.
@benlangfeld benlangfeld added the bug Something isn't working label Feb 14, 2024
@benlangfeld benlangfeld changed the title 2.0.2 is not functional in an application with a deny-all NetworkPolicy 2.0.1 is not functional in an application with a deny-all NetworkPolicy Feb 14, 2024
@indiebrain indiebrain mentioned this issue Feb 22, 2024
Merged
rurkss added a commit that referenced this issue Feb 22, 2024
@rurkss @benlangfeld @indiebrain
Remove orphaned network policy resource (#49)
ad39869 
Fixes: #48

This PR aims to address an issue introduced in release 2.0.1, where the
logic for generating network policy resources by the operator was
changed. From version 2.0.1 onwards, the operator no longer generates
network policies for Redis but failed to remove existing policies
generated prior to this version. This PR introduces a check and removal
process for that leftover network policiy.

---------

Co-authored-by: Ben Langfeld <[email protected]>
Co-authored-by: Aaron Kuehler <[email protected]>
@indiebrain indiebrain mentioned this issue Feb 26, 2024
Merged
indiebrain added a commit that referenced this issue Feb 26, 2024
@indiebrain
Prepare release v2.1.0 (#51)
a69e571 
Prepare the repository for tagging / release of version 2.1.0.

Note, this release contains a
[fix](#49) for
#48 - hence the minor
version upgrade.

References
----------

-
https://semver.org/#what-do-i-do-if-i-accidentally-release-a-backward-incompatible-change-as-a-minor-version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove orphaned network policy resource powerhome/redis-operator
1 participant
@benlangfeld