search

devfile / devworkspace-operator

Apache License 2.0
61 stars 55 forks source link

invalid metadata.labels being added #1232

Closed ryanw666 closed 7 months ago

ryanw666 commented 7 months ago

I just followed the instructions in the readme to deploy devworkspace operator to a cluster. Then when I tried to run kubectl apply -f samples/code-latest.yaml, I get:

The DevWorkspace "code-latest" is invalid: metadata.labels: Invalid value: "aws-iam-authenticator:281621839170:AROAUDEPYHVBAYNDFMTJV": a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue',  or 'my_value',  or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')

I'm baffled because there's no metadata.labels in that file; it's literally just the file from this repository. Would appreciate any ideas on what could be causing this.

Devworkspace operator version: 8f3eafb9 (main branch as of posting) Cluster kubernetes version: v1.28.5-eks-5e0fdde

AObuchow commented 7 months ago

Hi @ryanw666 thanks for the report.

I suppose you're deploying DevWorkspace Operator to some AWS hosted Kubernetes cluster correct? Do you mind providing more info on your environment? My best guess is the AWS platform is adding the aws-iam-authenticator:281621839170:AROAUDEPYHVBAYNDFMTJV label which is breaking things (though I'm not sure why this is being added).

By any chance, if you try deploying a pod to your cluster such as the following (by saving this YAML to a file and doing a kubectl apply -f <filename>) do you get a similar error about a metadata.label?:

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.14.2
    ports:
    - containerPort: 80

Lastly, have you tried creating a dedicated namespace for deploying your devworkspace? In the kubectl command you gave, you are deploying the devworkspace to the default namespace. Perhaps you need to deply your devworksapce to another namespace to prevent the aws-iam-authenticator label from being added? e.g. kubectl apply -f samples/code-latest.yaml -n <your-namespace>

ryanw666 commented 7 months ago

Thanks for your response. I am indeed deploying this on an AWS-hosted kubernetes cluster, but deploying the nginx pod you suggest goes through without errors and no metadata.labels appears.

I tried just now deploying it in its own workspace (kubectl apply -f samples/code-latest.yaml -n my-namespace) but got the same error.

Let me know if there's any other useful information I could provide.

ryanw666 commented 7 months ago

Ah! I have found that it works if I deploy the devworkspace operator to a local kind cluster instead of to AWS. So it's something particular to AWS.

AObuchow commented 7 months ago

@ryanw666 I'm glad to hear you figured out the issue!