Bug 1916868

Summary: teach CCO about upgradeability from 4.6 to 4.7
Product: OpenShift Container Platform Reporter: Joel Diaz <jdiaz>
Component: Cloud Credential OperatorAssignee: Joel Diaz <jdiaz>
Status: CLOSED ERRATA QA Contact: wang lin <lwan>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.6.zCC: lwan, tsze, yunjiang
Target Milestone: ---   
Target Release: 4.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1916454 Environment:
Last Closed: 2021-02-22 13:54:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1916454    
Bug Blocks:    

Description Joel Diaz 2021-01-15 17:04:12 UTC
+++ This bug was initially created as a clone of Bug #1916454 +++

Description of problem:
There are known new CredentialsRequests when upgrading from 4.6 to 4.7. Update the Upgradeable calculation that CCO performs to watch for these Secrets when CCO is in Manual mode (where the cluster admin is responsible for creating the Secrets).

Comment 3 To Hung Sze 2021-02-15 20:55:04 UTC
I am able to follow upgrade from openshift-install-linux-4.6.0-0.nightly-2021-02-13-034601 to 4.7 rc.2 (test case OCP-38501):

Install 4.6 cluster in manual mode without the 2 new credentials
After installation, add the two new credentials and upgrade.

Comment 4 To Hung Sze 2021-02-17 17:25:35 UTC
@lwan 
Not sure if I can close this or if you want to verify one more time.
Thanks.

Comment 5 wang lin 2021-02-18 07:47:25 UTC
(In reply to To Hung Sze from comment #4)
> @lwan 
> Not sure if I can close this or if you want to verify one more time.
> Thanks.

Thanks, To Hung Sze. I double verified on 4.6.0-0.nightly-2021-02-17-215814, the issue has fixed. I thought you don't need to verify upgrade from 4.6 to 4.7 without the 2 new credentials in yourcase, you just need to 
1. check co status before upgrade, it should be like below
$ oc get co cloud-credential -o json | jq -r ".status.conditions"
[
  {
    "lastTransitionTime": "2021-02-18T06:07:14Z",
    "message": "Credential minting is disabled by cluster admin",
    "reason": "OperatorDisabledByAdmin",
    "status": "True",
    "type": "Available"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Degraded"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Progressing"
  },
  {
    "lastTransitionTime": "2021-02-18T06:08:21Z",
    "message": "Cannot upgrade manual mode cluster to 4.7 due to missing secret(s): [openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds] Please see Manually Creating IAM documentation for the cluster's platform.",
    "reason": "ManualModeMissingSecrets",
    "status": "False",
    "type": "Upgradeable"
  }
]

2. add the missing secrets, check the co status again
 oc get co cloud-credential -o json | jq -r ".status.conditions"
[
  {
    "lastTransitionTime": "2021-02-18T06:07:14Z",
    "message": "Credential minting is disabled by cluster admin",
    "reason": "OperatorDisabledByAdmin",
    "status": "True",
    "type": "Available"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Degraded"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Progressing"
  },
  {
    "lastTransitionTime": "2021-02-18T06:15:42Z",
    "status": "True",
    "type": "Upgradeable"
  }
]

3. when Upgradeable=True, then you upgrade cluster to 4.7. the upgrage should be successful.

Comment 7 errata-xmlrpc 2021-02-22 13:54:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0510