Operator fight with Kyverno: Labels on Pods

**What did you do to encounter the bug?**
Steps to reproduce the behavior:

* Deploy [Kyverno](https://github.com/kyverno/kyverno) to project
* Use a mutating policy to add a label to a pod - [example](https://kyverno.io/policies/other/add-labels/add-labels/)
* Deploy the Community operator to project
* there is an operator fight between Kyvero and the MongoDB operator which produced Kyverno UpdateRequests:

1. the MongoDB is [hard-coding](https://github.com/mongodb/mongodb-kubernetes-operator/blob/f6a53c96128e3e998f4c274964876206ce409305/controllers/construct/mongodbstatefulset.go#L129-L131) labels in the StatefulSet generation logic.
2. Kyverno mutates/adds labels
3. the operator tries to reconcile with the StatefulSet .spec.template.metadata.labels -> so it will try to revert the Kyverno changes to the previous form, which triggers Kyverno again in step 2.

**What did you expect?**
No fight between Kyverno and the MongoDB Community operator: No UpdateRequest CRs produced in the cluster.

**What happened instead?**
Operator fight in the steps 2 and 3 described above.

**Screenshots**
- 

**Operator Information**
 - Operator Version: main, commit [f6a53c96128e3e998f4c274964876206ce409305](https://github.com/mongodb/mongodb-kubernetes-operator/commit/f6a53c96128e3e998f4c274964876206ce409305)
 - MongoDB Image used: main

**Kubernetes Cluster Information**
 - Distribution: OKD
 - Version: v4.19
 - Image Registry location (quay, or an internal registry)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Operator fight with Kyverno: Labels on Pods #1732

Screenshots

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Operator fight with Kyverno: Labels on Pods #1732

Description

Screenshots

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions