+++ This bug was initially created as a clone of Bug #1916454 +++ Description of problem: There are known new CredentialsRequests when upgrading from 4.6 to 4.7. Update the Upgradeable calculation that CCO performs to watch for these Secrets when CCO is in Manual mode (where the cluster admin is responsible for creating the Secrets).
I am able to follow upgrade from openshift-install-linux-4.6.0-0.nightly-2021-02-13-034601 to 4.7 rc.2 (test case OCP-38501): Install 4.6 cluster in manual mode without the 2 new credentials After installation, add the two new credentials and upgrade.
@lwan Not sure if I can close this or if you want to verify one more time. Thanks.
(In reply to To Hung Sze from comment #4) > @lwan > Not sure if I can close this or if you want to verify one more time. > Thanks. Thanks, To Hung Sze. I double verified on 4.6.0-0.nightly-2021-02-17-215814, the issue has fixed. I thought you don't need to verify upgrade from 4.6 to 4.7 without the 2 new credentials in yourcase, you just need to 1. check co status before upgrade, it should be like below $ oc get co cloud-credential -o json | jq -r ".status.conditions" [ { "lastTransitionTime": "2021-02-18T06:07:14Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" }, { "lastTransitionTime": "2021-02-18T05:08:41Z", "status": "False", "type": "Degraded" }, { "lastTransitionTime": "2021-02-18T05:08:41Z", "status": "False", "type": "Progressing" }, { "lastTransitionTime": "2021-02-18T06:08:21Z", "message": "Cannot upgrade manual mode cluster to 4.7 due to missing secret(s): [openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds] Please see Manually Creating IAM documentation for the cluster's platform.", "reason": "ManualModeMissingSecrets", "status": "False", "type": "Upgradeable" } ] 2. add the missing secrets, check the co status again oc get co cloud-credential -o json | jq -r ".status.conditions" [ { "lastTransitionTime": "2021-02-18T06:07:14Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" }, { "lastTransitionTime": "2021-02-18T05:08:41Z", "status": "False", "type": "Degraded" }, { "lastTransitionTime": "2021-02-18T05:08:41Z", "status": "False", "type": "Progressing" }, { "lastTransitionTime": "2021-02-18T06:15:42Z", "status": "True", "type": "Upgradeable" } ] 3. when Upgradeable=True, then you upgrade cluster to 4.7. the upgrage should be successful.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:0510