Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Last few hco builds are failing installation Bug is opened following this comment: https://bugzilla.redhat.com/show_bug.cgi?id=1709677#c6 Version-Release number of selected component (if applicable): CDI 1.9 (2.0.0-11, 2.0.0-12) How reproducible: 100% Steps to Reproduce: Install hco with the above versions Actual results: CDI pods, except for the operator fails to install Expected results: Installation to finish successfully, have CDI pods running.
Assigning to Simone. The bug is to be closed once a new hco build is issued with the bellow rbac for cdi-operator: ``` - serviceAccountName: cdi-operator rules: - apiGroups: - rbac.authorization.k8s.io resources: - roles - rolebindings - clusterrolebindings - clusterroles verbs: - '*' - apiGroups: - security.openshift.io resources: - securitycontextconstraints verbs: - get - list - watch - apiGroups: - security.openshift.io resourceNames: - privileged resources: - securitycontextconstraints verbs: - get - patch - update - apiGroups: - "" resources: - serviceaccounts - services verbs: - '*' - apiGroups: - "" resources: - nodes verbs: - get - list - watch - update - patch - apiGroups: - extensions resources: - deployments verbs: - '*' - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch - apiGroups: - "" resources: - configmaps verbs: - watch - create - delete - get - update - patch - list - apiGroups: - batch resources: - jobs verbs: - create - delete - get - update - patch - list - apiGroups: - apiextensions.k8s.io resources: - customresourcedefinitions verbs: - create - delete - get - update - patch - list - watch - apiGroups: - apps resources: - deployments - daemonstes verbs: - create - get - list - delete - watch - update - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - get - create - update - apiGroups: - apiregistration.k8s.io resources: - apiservices verbs: - get - list - watch - create - update - patch - apiGroups: - cdi.kubevirt.io resources: - '*' verbs: - '*' - apiGroups: - storage.k8s.io resources: - storageclasses verbs: - get - list - apiGroups: - "" resources: - events verbs: - create - update - patch - apiGroups: - "" resources: - pods - persistentvolumeclaims verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - persistentvolumeclaims/finalizers - pods/finalizers verbs: - update - apiGroups: - "" resources: - services verbs: - get - list - watch - create - delete - apiGroups: - "" resources: - secrets verbs: - get - list - watch - create - apiGroups: - "" resources: - namespaces verbs: - get - list - apiGroups: - route.openshift.io resources: - routes verbs: - get - list - watch - create - update - patch - apiGroups: - route.openshift.io resources: - routes/custom-host verbs: - create - update ```
The long term method for fixing this issue is for: 1) This PR to be merged https://github.com/kubevirt/containerized-data-importer/pull/798 2) Changes to be vendored into HCO project 3) Update HCO manifest generation to use vendored CDI I don't want for us to manually update HCO and then have to manually update later when CDI is updated.
Simone, can we move this to ON_QA yet?
Yes, ON_QA since hco-bundle-registry:v2.0.0-15
Verified, build: 2.0.0-15