OPECO-3054,OCPBUGS-21980,OCPBUGS-20347,OPRUN-3106: skuznets/bump vendor ii #600
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 28977ca102802759d42fc608574fa6f29bec24f5
Generic APIServers now fail to start if the do not define the OpenAPIV3 schemas. This commit introduces a change to define the OpenAPIV3 schemas Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: a217efc73c7391f2737d836ce448114121290eb3
Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 9ec03f07f942dc9cef736957fa152e39157d6e13
This will specifically allow OLM to avoid the "use" verb for SCCs that it wasn't configured to work with on OpenShift clusters. Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 1c419a3fd20207ac8c6d41030e96d0c7b0275efd
This change tightens the alerting rules to avoid resetting the alerts upon transient scrape failures. It also removes the `message` annotation in favor of the `description` annotation which is more commonly used by the Prometheus community. Signed-off-by: Simon Pasquier <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: cda76ee57d15868284a3f412dcc19afeda4b644c
Signed-off-by: Simon Pasquier <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 2a9017153f62023c8ba68f1f9806dab5d0133ff5
A good chunk of this logic is fatally flawed - it would be much more simple to manage a Deployment and use server-side apply to ensure that the current server state always matched the desired state, but that would be a large refactor and who knows how many other things are loosely coupled here. This is the smallest change that allows for the current serving pod to not yet have a running catalog server. Signed-off-by: Steve Kuznetsov <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 95405d81e4c87c8113ccd7a95ba4d088b200a42a
Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-registry Upstream-commit: f538df278daeed4b25453d15d6d282f0dc31beb7
Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-registry Upstream-commit: b1374806c6d9028eb4cfe4343eb1a25002690237
Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: api Upstream-commit: 071829b7c42526d9fb58023024abfb62c7a3e516 Signed-off-by: Steve Kuznetsov <[email protected]>
|
/retest |
|
/approve There may be a need to add the commit introduced in #601 to this so OLM can use the correct SCC. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: awgreene, stevekuznetsov The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
After reducing the RBAC granted to the OLM ServiceAccount in an earlier commit, this commit introduces RBAC so pods that use the OLM ServiceAccount will qualify to use the restricted-v2 SCC. Signed-off-by: Alexander Greene <[email protected]> Signed-off-by: Steve Kuznetsov <[email protected]>
|
Infra failure on ci/prow/e2e-upgrade: /retest |
Signed-off-by: Steve Kuznetsov <[email protected]>
awgreene
reviewed
Nov 3, 2023
| @@ -28,6 +28,7 @@ rules: | |||
| - securitycontextconstraints | |||
| resourceNames: | |||
| - restricted-v2 | |||
| - anyuid | |||
There was a problem hiding this comment.
This is needed to satisfy a feature in which we allow catalogSources in legacy mode, which cannot run under the constraints introduced by the restricted-v2 SCC, you can learn more by inspecting this test.
Looks bona-fide here |
|
Nothing obvious in the must-gather:
|
|
Actually looks like the test in question is There is also no logging in there whatsoever - adding it in operator-framework/operator-lifecycle-manager#3089, will rebase once that's merged upstream to pull it in. |
Yup, that's what I saw. |
|
/test e2e-gcp-olm |
Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 2abfb3c18528b23f531db0b4baf64ab641f38036
This reverts commit 2abfb3c18528b23f531db0b4baf64ab641f38036. Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: e8afbf7e5abe049f54fe5d9569e72863be9879f4
This reverts commit f7b970ea796e341941319d6e1a0966ac9af11055. Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 17b910356999a523b327c8045ecf2ae958791802
Problem: Commit 95405d81e4c87c8113ccd7a95ba4d088b200a42ai updated the catalog operator's logic so it does not delete the pod associated with a catalogSource while it is in a Pending state. Unfortunately, there is a race condition in which the pod may be admitted to the cluster without the imagePullSecrets specified for it's serviceAccount by the admission controller, preventing the pod from pulling its image from registries that require authentication and causing the pod to never reach a successful state. Solution: Update the catalog operator to detect when a pod is missing the imagePullSecrets granted to its serviceAccount. Signed-off-by: Alexander Greene <[email protected]> Upstream-repository: operator-lifecycle-manager Upstream-commit: 0e1e089003d4fb656bc7278641c2db2fe0841598
…ft#306) Signed-off-by: dtfranz <[email protected]> Upstream-repository: api Upstream-commit: 6b3567d593e430a0c9601e15ece31d031eac7ce9 Signed-off-by: Steve Kuznetsov <[email protected]>
/retest |
|
/retest |
|
/retest |
|
/retest Flake test suit will fail |
|
/lgtm |
|
/retitle OPRUN-3106: skuznets/bump vendor ii |
openshift-ci
bot
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@stevekuznetsov: This pull request references OPRUN-3106 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retitle OCPBUGS-20347,OPRUN-3106: skuznets/bump vendor ii |
openshift-ci
bot
changed the title
|
@stevekuznetsov: Jira Issue OCPBUGS-20347: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-20347 has been moved to the MODIFIED state. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@awgreene not sure the bots will be happy trying to make more than one Jira connected |
@stevekuznetsov this is a supported workflow, Alex Pavel had sent an email out a few months ago:
|
|
/retitle OCPBUGS-21980,OCPBUGS-20347,OPRUN-3106: skuznets/bump vendor ii |
openshift-ci
bot
changed the title
|
@stevekuznetsov: Jira Issue OCPBUGS-21980: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-21980 has been moved to the MODIFIED state. Jira Issue OCPBUGS-20347 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/retitle OPECO-3054,OCPBUGS-21980,OCPBUGS-20347,OPRUN-3106: skuznets/bump vendor ii |
openshift-ci
bot
changed the title
|
@stevekuznetsov: Jira Issue OCPBUGS-21980 is in an unrecognized state (Verified) and will not be moved to the MODIFIED state. Jira Issue OCPBUGS-20347 is in an unrecognized state (Verified) and will not be moved to the MODIFIED state. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.