Block OpenShift upgrades while incompatible operators are installed #2081
Conversation
|
Skipping CI for Draft Pull Request. |
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: njhale The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
njhale
changed the title
njhale
force-pushed
the
openshift/block-upgrades
branch
12 times, most recently
from
e663cae to
bc7b3f0
Compare
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
njhale
force-pushed
the
openshift/block-upgrades
branch
9 times, most recently
from
7fe816e to
99531be
Compare
njhale
force-pushed
the
openshift/block-upgrades
branch
from
99531be to
2106b69
Compare
| *ReconcilerConfig | ||
|
|
||
| delayRequeue reconcile.Result | ||
| mutate MutateFunc |
There was a problem hiding this comment.
| mutate MutateFunc | |
| mutate Mutator |
| type skews []skew | ||
|
|
||
| func (s skews) String() string { | ||
| // TODO: Use a string builder. |
There was a problem hiding this comment.
| return nil, err | ||
| } | ||
|
|
||
| // Take the highest semver if there's more than one max version specified |
There was a problem hiding this comment.
Would it be a safer choice to go with the lowest version?
There was a problem hiding this comment.
I was going at this from the perspective that folks would always make a conscious decision to add the property, but over several releases may forget to remove older ones.
| return nil, err | ||
| } | ||
|
|
||
| // TODO: Is there a better way to filter (server-side maybe)? |
There was a problem hiding this comment.
There should be an olm.copiedFrom label on copied CSVs. I've had this thought too, and I'm not sure why there are no examples of a CSV label selector referencing it.
There was a problem hiding this comment.
I added a label selector.
| LastTransitionTime: r.Now(), | ||
| } | ||
|
|
||
| if r.syncTracker.SuccessfulSyncs() > 0 && reflect.DeepEqual(co.Status.Versions, r.TargetVersions) { |
There was a problem hiding this comment.
This seems fine, but do we need to lean on reflection? Since OperandVersion is struct{Name,Version string} it would be a tiny loop.
There was a problem hiding this comment.
we can do an ElementsMatch type thing easily enough.
There was a problem hiding this comment.
I went ahead and made this change.
openshift-ci
bot
added
the
needs-rebase
- Refactor OpenShift ClusterOperator monitoring for olm-operator into an independent controller - Set the OLM operator's ClusterOperator to upgradeable=false whenever incompatible operators, installed by OLM, exist on cluster; effectively blocking OpenShift upgrades Signed-off-by: Nick Hale <[email protected]>
Bump controller-runtime dependency to include a fix for the Channel Source which was preventing events from being enqueued. (see kubernetes-sigs/controller-runtime#1343) Signed-off-by: Nick Hale <[email protected]>
Signed-off-by: Nick Hale <[email protected]>
Signed-off-by: Nick Hale <[email protected]>
Signed-off-by: Nick Hale <[email protected]>
Signed-off-by: Nick Hale <[email protected]>
njhale
force-pushed
the
openshift/block-upgrades
branch
from
bea36e4 to
8d0e190
Compare
Signed-off-by: Nick Hale <[email protected]>
njhale
force-pushed
the
openshift/block-upgrades
branch
from
8d0e190 to
ecac3be
Compare
openshift-ci
bot
removed
the
needs-rebase
openshift-ci-robot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
Description of the change:
Set OLM's
ClusterOperatorresource to Upgradeable=false when any OLM managed operator on the cluster has a maxOpenShiftVersion property less than the next minor OCP release.Implements OLM-2074.
I decided to implement this as a new controller so we could more easily interleave new and preexisting ClusterOperator behavior.