+++ This bug was initially created as a clone of Bug #1829580 +++ +++ This bug was initially created as a clone of Bug #1829576 +++ Add an e2e test to validates that stale condition DefaultSecurityContextConstraintsUpgradeable is removed from the status block. To make the release cut off, we validated manually and had to merge the corresponding PR without an e2e test. PR: https://github.com/openshift/cluster-kube-apiserver-operator/pull/839 BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1827336
This does not apply to 4.5, so closing it.
Abu can you elaborate on why this doesn't apply to 4.5 so i can confidently approve https://github.com/openshift/cluster-kube-apiserver-operator/pull/845 knowing that it doesn't need to be merged to 4.5 first?
Hi bparees, We added "DefaultSecurityContextConstraintsUpgradeable" (if a user mutates any default SCC then "Upgradeable" is set to "False") in 4.3. Then we realized that it is going to break a lot of customers. So we decided to revert it, and remove the stale condition in 4.3.z stream. we back ported the revert in a rush to make the release cutoff window and did not have time to add the test at that time. We also back ported "remove stale condition" in 4.4.z stream. This takes care of the situation if an affected 4.3 cluster has already upgraded to 4.4 with the stale condition (using --force) It is impossible for the stale condition to make it to a 4.5 because only 4.3 cluster(s) were originally affected and the stale condition could make it to a 4.4 cluster via upgrade. once the cluster is upgraded to 4.4 the stale condition would get removed immediately. So a 4.5 cluster would never see the stale condition.
Thank you!