ServiceBinding `serviceInstanceNamespace` attribute is removed from the ServiceBinding resource by sap-btp-service-operator

[pre]

The serviceInstanceNamespace in the ServiceBinding resource is interpreted but then removed from the resource by sap-btp-service-operator. Creating the ServiceBinding is successful, though.

The problem: When manifests managed by ArgoCD, suddenly disappearing attributes cause a reconciliation loop.

1. ArgoCD declares the ServiceBinding manifest with serviceInstanceNamespace
2. sap-btp-service-operator removes serviceInstanceNamespace attribute
3. ArgoCD finds the resouce is missing serviceInstanceNamespace and adds it back
4. sap-btp-service-operator removes it again
5. repeats forverer

-> sap-btp-service-operator must not remove any attributes from the ServiceBinding resource.

We are using v0.6.0 at the moment.

Given a ServiceBinding manifest as follows:

apiVersion: services.cloud.sap.com/v1alpha1
kind: ServiceBinding
metadata:
  name: example-credstore-service-binding
  namespace: example-ns
spec:
  serviceInstanceName: credstore-service-instance
  serviceInstanceNamespace: integration
  secretName: example-credstore-service-binding
  credentialsRotationPolicy:
    enabled: true
    rotationFrequency: 336h
    rotatedBindingTTL: 336h

The ServiceBinding is created successfully

  conditions:
    - lastTransitionTime: '2024-04-30T14:04:27Z'
      message: ServiceBinding provisioned successfully
      observedGeneration: 2
      reason: Created
      status: 'True'
      type: Succeeded

But ArgoCD sees the missing attribute and its declaration causes an indefinite reconciliation loop between argocd & sap-btp-service-operator:

sap-btp-service-operator logs

2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  Binding created successfully    {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "7b0ea37c-fb9a-4b73-8bae-9bed0117af97", "cr1-credstore-service-binding": "cluster-internal-bindings"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  getting service instance named credstore-service-instance in namespace integration for binding cr1-credstore-service-binding in namespace cluster-internal-bindings {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "7b0ea37c-fb9a-4b73-8bae-9bed0117af97", "cr1-credstore-service-binding": "cluster-internal-bindings"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  Creating binding secret {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "7b0ea37c-fb9a-4b73-8bae-9bed0117af97", "cr1-credstore-service-binding": "cluster-internal-bindings", "name": "cr1-credstore-service-binding"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  Updating binding    {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "7b0ea37c-fb9a-4b73-8bae-9bed0117af97", "cr1-credstore-service-binding": "cluster-internal-bindings", "bindingID": "717fbec5-d030-4392-96f6-25469a9c21e8"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  updating ServiceBinding status  {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "7b0ea37c-fb9a-4b73-8bae-9bed0117af97", "cr1-credstore-service-binding": "cluster-internal-bindings"}
2024-04-30T14:04:27Z    DEBUG   events  SecretCreated   {"type": "Normal", "object": {"kind":"ServiceBinding","namespace":"cluster-internal-bindings","name":"cr1-credstore-service-binding","uid":"f9beedd3-bcb6-41d4-9c57-08ef47982940","apiVersion":"services.cloud.sap.com/v1","resourceVersion":"487913555"}, "reason": "SecretCreated"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  getting service instance named credstore-service-instance in namespace integration for binding cr1-credstore-service-binding in namespace cluster-internal-bindings {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "6bacffb7-c975-415a-bc57-ae02200acdbc", "cr1-credstore-service-binding": "cluster-internal-bindings"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  Binding in final state  {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "6bacffb7-c975-415a-bc57-ae02200acdbc", "cr1-credstore-service-binding": "cluster-internal-bindings"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  getting service instance named credstore-service-instance in namespace integration for binding cr1-credstore-service-binding in namespace cluster-internal-bindings {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "f6537dda-be64-4fe5-a1a3-3fb699eb76ef", "cr1-credstore-service-binding": "cluster-internal-bindings"}
2024-04-30T14:04:27Z    INFO    controllers.ServiceBinding  Binding in final state  {"servicebinding": {"name":"cr1-credstore-service-binding","namespace":"cluster-internal-bindings"}, "correlation_id": "f6537dda-be64-4fe5-a1a3-3fb699eb76ef", "cr1-credstore-service-binding": "cluster-internal-bindings"}

[I065450]

Hi @pre

I have tested it locally, and the operator did not remove the serviceInstanceNamespace attribute.

Regards, Naama

[kerenlahav]

Hi @pre We were not able to reproduce this issue If you still see this issue please verify the service binding crd has this field in the schema (https://github.com/SAP/sap-btp-service-operator/blob/main/config/crd/bases/services.cloud.sap.com_servicebindings.yaml#L143) reopen in case needed

[pre]

Thanks for the response! My resource had apiVersion: services.cloud.sap.com/v1alpha1 which does not allow spec.serviceInstanceNamespace. So it was not ArgoCD removing the attribute, it was the resource validation failing an unsupported attribute.

Changing to apiVersion: services.cloud.sap.com/v1 allows deploying with serviceInstanceNamespace.