Bug 1916868 - teach CCO about upgradeability from 4.6 to 4.7
Summary: teach CCO about upgradeability from 4.6 to 4.7
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Credential Operator
Version: 4.6.z
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.6.z
Assignee: Joel Diaz
QA Contact: wang lin
URL:
Whiteboard:
Depends On: 1916454
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-01-15 17:04 UTC by Joel Diaz
Modified: 2021-02-22 13:54 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1916454
Environment:
Last Closed: 2021-02-22 13:54:32 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cloud-credential-operator pull 287 0 None closed Bug 1916868: Check 47 creds backport 2021-02-15 14:38:02 UTC
Red Hat Product Errata RHBA-2021:0510 0 None None None 2021-02-22 13:54:42 UTC

Description Joel Diaz 2021-01-15 17:04:12 UTC
+++ This bug was initially created as a clone of Bug #1916454 +++

Description of problem:
There are known new CredentialsRequests when upgrading from 4.6 to 4.7. Update the Upgradeable calculation that CCO performs to watch for these Secrets when CCO is in Manual mode (where the cluster admin is responsible for creating the Secrets).

Comment 3 To Hung Sze 2021-02-15 20:55:04 UTC
I am able to follow upgrade from openshift-install-linux-4.6.0-0.nightly-2021-02-13-034601 to 4.7 rc.2 (test case OCP-38501):

Install 4.6 cluster in manual mode without the 2 new credentials
After installation, add the two new credentials and upgrade.

Comment 4 To Hung Sze 2021-02-17 17:25:35 UTC
@lwan@redhat.com 
Not sure if I can close this or if you want to verify one more time.
Thanks.

Comment 5 wang lin 2021-02-18 07:47:25 UTC
(In reply to To Hung Sze from comment #4)
> @lwan@redhat.com 
> Not sure if I can close this or if you want to verify one more time.
> Thanks.

Thanks, To Hung Sze. I double verified on 4.6.0-0.nightly-2021-02-17-215814, the issue has fixed. I thought you don't need to verify upgrade from 4.6 to 4.7 without the 2 new credentials in yourcase, you just need to 
1. check co status before upgrade, it should be like below
$ oc get co cloud-credential -o json | jq -r ".status.conditions"
[
  {
    "lastTransitionTime": "2021-02-18T06:07:14Z",
    "message": "Credential minting is disabled by cluster admin",
    "reason": "OperatorDisabledByAdmin",
    "status": "True",
    "type": "Available"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Degraded"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Progressing"
  },
  {
    "lastTransitionTime": "2021-02-18T06:08:21Z",
    "message": "Cannot upgrade manual mode cluster to 4.7 due to missing secret(s): [openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds] Please see Manually Creating IAM documentation for the cluster's platform.",
    "reason": "ManualModeMissingSecrets",
    "status": "False",
    "type": "Upgradeable"
  }
]

2. add the missing secrets, check the co status again
 oc get co cloud-credential -o json | jq -r ".status.conditions"
[
  {
    "lastTransitionTime": "2021-02-18T06:07:14Z",
    "message": "Credential minting is disabled by cluster admin",
    "reason": "OperatorDisabledByAdmin",
    "status": "True",
    "type": "Available"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Degraded"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Progressing"
  },
  {
    "lastTransitionTime": "2021-02-18T06:15:42Z",
    "status": "True",
    "type": "Upgradeable"
  }
]

3. when Upgradeable=True, then you upgrade cluster to 4.7. the upgrage should be successful.

Comment 7 errata-xmlrpc 2021-02-22 13:54:32 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0510


Note You need to log in before you can comment on or make changes to this bug.