Description of problem: There are known new CredentialsRequests when upgrading from 4.6 to 4.7. Update the Upgradeable calculation that CCO performs to watch for these Secrets when CCO is in Manual mode (where the cluster admin is responsible for creating the Secrets).
Verified on 4.7.0-0.nightly-2021-01-17-211555 1. install cluster on gcp with cco in Manual, 2. delete secret openshift-cluster-csi-drivers/gcp-pd-cloud-credentials, openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds 3. check .status.conditions of co cloud-credential $ oc get co cloud-credential -o json | jq -r ".status.conditions" [ { "lastTransitionTime": "2021-01-18T07:32:00Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" }, { "lastTransitionTime": "2021-01-18T06:44:49Z", "status": "False", "type": "Degraded" }, { "lastTransitionTime": "2021-01-18T06:59:22Z", "status": "False", "type": "Progressing" }, { "lastTransitionTime": "2021-01-18T08:20:20Z", "message": "Cannot upgrade manual mode cluster to 4.7 due to missing secret(s): [openshift-cluster-csi-drivers/gcp-pd-cloud-credentials openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds] Please see Manualy Creating IAM documentation for the cluster's platform.", "reason": "ManualModeMissingSecrets", "status": "False", "type": "Upgradeable" } ] 4. recreate secret openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds again, check .status.conditions of co cloud-credential $ oc get co cloud-credential -o json | jq -r ".status.conditions" [ { "lastTransitionTime": "2021-01-18T07:32:00Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" }, { "lastTransitionTime": "2021-01-18T06:44:49Z", "status": "False", "type": "Degraded" }, { "lastTransitionTime": "2021-01-18T06:59:22Z", "status": "False", "type": "Progressing" }, { "lastTransitionTime": "2021-01-18T08:21:50Z", "message": "Cannot upgrade manual mode cluster to 4.7 due to missing secret(s): [openshift-cluster-csi-drivers/gcp-pd-cloud-credentials] Please see Manualy Creating IAM documentation for the cluster's platform.", "reason": "ManualModeMissingSecrets", "status": "False", "type": "Upgradeable" } ] 5. recreate secret openshift-cluster-csi-drivers/gcp-pd-cloud-credentials again, check .status.conditions of co cloud-credential, Upgradeable=Ture. oc get co cloud-credential -o json | jq -r ".status.conditions" [ { "lastTransitionTime": "2021-01-18T07:32:00Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" }, { "lastTransitionTime": "2021-01-18T06:44:49Z", "status": "False", "type": "Degraded" }, { "lastTransitionTime": "2021-01-18T06:59:22Z", "status": "False", "type": "Progressing" }, { "lastTransitionTime": "2021-01-18T08:22:24Z", "status": "True", "type": "Upgradeable" } ] ###### Hi,Joel cco supported mode in openstack and vsphere is Passthrough, I saw the codes are still including openstack and vsphere platform, do we need to test Manual mode for openstack and vsphere.
don't need to test Manual mode for openstack and vsphere at current, installer will prevent the users setting cco to Manual mode.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633