Bug 2100822

Summary: [GCP] create gcpcluster get error
Product: OpenShift Container Platform Reporter: Huali Liu <huliu>
Component: Cloud ComputeAssignee: Alexander Demicev <ademicev>
Cloud Compute sub component: Other Providers QA Contact: Huali Liu <huliu>
Status: CLOSED DUPLICATE Docs Contact:
Severity: high    
Priority: high CC: ademicev
Version: 4.11   
Target Milestone: ---   
Target Release: 4.11.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2107566 (view as bug list) Environment:
Last Closed: 2022-07-18 15:15:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2107566    
Bug Blocks:    

Description Huali Liu 2022-06-24 11:19:04 UTC 
Description of problem:
create gcpcluster get error

Version-Release number of selected component (if applicable):
4.11.0-0.nightly-2022-06-23-153912

How reproducible:
Always

Steps to Reproduce:
1. install a fresh cluster with feature gate
liuhuali@Lius-MacBook-Pro huali-test % oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.nightly-2022-06-23-153912   True        False         97m     Cluster version is 4.11.0-0.nightly-2022-06-23-153912

2. create gcpcluster, yaml file as below:

apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: GCPCluster
metadata:
  name: huliu-gcp18-w98g7
  namespace: openshift-cluster-api
spec:
  region: us-central1
  project: openshift-qe
  network:
    name: huliu-gcp18-w98g7-network


liuhuali@Lius-MacBook-Pro huali-test % oc create -f my-gcpcluster.yaml
gcpcluster.infrastructure.cluster.x-k8s.io/huliu-gcp18-w98g7 created
liuhuali@Lius-MacBook-Pro huali-test % oc get gcpcluster             
NAME                CLUSTER             READY   NETWORK
huliu-gcp18-w98g7   huliu-gcp18-w98g7           huliu-gcp18-w98g7-network
liuhuali@Lius-MacBook-Pro huali-test % oc describe gcpcluster huliu-gcp18-w98g7 
Name:         huliu-gcp18-w98g7
Namespace:    openshift-cluster-api
Labels:       cluster.x-k8s.io/cluster-name=huliu-gcp18-w98g7
Annotations:  <none>
API Version:  infrastructure.cluster.x-k8s.io/v1beta1
Kind:         GCPCluster
Metadata:
  Creation Timestamp:             2022-06-24T08:36:21Z
  Deletion Grace Period Seconds:  0
  Deletion Timestamp:             2022-06-24T09:19:08Z
  Finalizers:
    gcpcluster.infrastructure.cluster.x-k8s.io
  Generation:  3
  Managed Fields:
    API Version:  infrastructure.cluster.x-k8s.io/v1beta1
    Fields Type:  FieldsV1
    fieldsV1:
      f:spec:
        .:
        f:project:
        f:region:
    Manager:      kubectl-create
    Operation:    Update
    Time:         2022-06-24T08:36:21Z
    API Version:  infrastructure.cluster.x-k8s.io/v1beta1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:labels:
          .:
          f:cluster.x-k8s.io/cluster-name:
        f:ownerReferences:
          .:
          k:{"uid":"fc2698c2-30fb-402d-a04b-2fcf1a72f975"}:
    Manager:      cluster-api-controller-manager
    Operation:    Update
    Time:         2022-06-24T08:36:26Z
    API Version:  infrastructure.cluster.x-k8s.io/v1beta1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:finalizers:
          .:
          v:"gcpcluster.infrastructure.cluster.x-k8s.io":
    Manager:      cluster-api-provider-gcp-controller-manager
    Operation:    Update
    Time:         2022-06-24T08:36:26Z
    API Version:  infrastructure.cluster.x-k8s.io/v1beta1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        f:network:
          .:
          f:name:
    Manager:    kubectl-client-side-apply
    Operation:  Update
    Time:       2022-06-24T09:20:14Z
  Owner References:
    API Version:           cluster.x-k8s.io/v1beta1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Cluster
    Name:                  huliu-gcp18-w98g7
    UID:                   fc2698c2-30fb-402d-a04b-2fcf1a72f975
  Resource Version:        78484
  UID:                     04098aca-61b6-49ad-80e1-bb46b207bb18
Spec:
  Network:
    Name:   huliu-gcp18-w98g7-network
  Project:  openshift-qe
  Region:   us-central1
Events:
  Type     Reason               Age                  From            Message
  ----     ------               ----                 ----            -------
  Warning  GCPClusterReconcile  4m8s (x24 over 45m)  gcp-controller  Reconcile error - googleapi: Error 403: Required 'compute.firewalls.create' permission for 'projects/openshift-qe/global/firewalls/allow-huliu-gcp18-w98g7-healthchecks'
More details:
Reason: forbidden, Message: Required 'compute.firewalls.create' permission for 'projects/openshift-qe/global/firewalls/allow-huliu-gcp18-w98g7-healthchecks'
Reason: forbidden, Message: Required 'compute.networks.updatePolicy' permission for 'projects/openshift-qe/global/networks/default'

Actual results:
create gcpcluster succeed, but cannot get Ready, reporting error.

Expected results:
create gcpcluster succeed, and can get Ready, no error.

Additional info:
Comment 3 Joel Speed 2022-07-14 15:38:50 UTC 
Could we check if this has been resolved in 4.12, if it has, we will attempt to backport the resolution to 4.11 as well
Comment 4 Huali Liu 2022-07-18 00:49:09 UTC 
(In reply to Joel Speed from comment #3)
> Could we check if this has been resolved in 4.12, if it has, we will attempt
> to backport the resolution to 4.11 as well

Thanks Joel, I just checked this has been resolved in 4.12 and verified https://bugzilla.redhat.com/show_bug.cgi?id=2107566
Comment 5 Joel Speed 2022-07-18 15:10:46 UTC 
PR is in place, waiting for the first 4.11.z stream release to merge
Comment 6 Joel Speed 2022-07-18 15:15:06 UTC 

*** This bug has been marked as a duplicate of bug 2107564 ***