1916868 – teach CCO about upgradeability from 4.6 to 4.7

Bug 1916868 - teach CCO about upgradeability from 4.6 to 4.7

Summary: teach CCO about upgradeability from 4.6 to 4.7

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Cloud Credential Operator
Sub Component:
Version:	4.6.z
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.6.z
Assignee:	Joel Diaz
QA Contact:	wang lin
Docs Contact:
URL:
Whiteboard:
Depends On:	1916454
Blocks:
TreeView+	depends on / blocked

Reported:	2021-01-15 17:04 UTC by Joel Diaz
Modified:	2021-02-22 13:54 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1916454
Environment:
Last Closed:	2021-02-22 13:54:32 UTC
Target Upstream Version:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cloud-credential-operator pull 287	0	None	closed	Bug 1916868: Check 47 creds backport	2021-02-15 14:38:02 UTC
Red Hat Product Errata	RHBA-2021:0510	0	None	None	None	2021-02-22 13:54:42 UTC

Description Joel Diaz 2021-01-15 17:04:12 UTC

+++ This bug was initially created as a clone of Bug #1916454 +++

Description of problem:
There are known new CredentialsRequests when upgrading from 4.6 to 4.7. Update the Upgradeable calculation that CCO performs to watch for these Secrets when CCO is in Manual mode (where the cluster admin is responsible for creating the Secrets).

Comment 3 To Hung Sze 2021-02-15 20:55:04 UTC

I am able to follow upgrade from openshift-install-linux-4.6.0-0.nightly-2021-02-13-034601 to 4.7 rc.2 (test case OCP-38501):

Install 4.6 cluster in manual mode without the 2 new credentials
After installation, add the two new credentials and upgrade.

Comment 4 To Hung Sze 2021-02-17 17:25:35 UTC

@lwan 
Not sure if I can close this or if you want to verify one more time.
Thanks.

Comment 5 wang lin 2021-02-18 07:47:25 UTC

(In reply to To Hung Sze from comment #4)
> @lwan 
> Not sure if I can close this or if you want to verify one more time.
> Thanks.

Thanks, To Hung Sze. I double verified on 4.6.0-0.nightly-2021-02-17-215814, the issue has fixed. I thought you don't need to verify upgrade from 4.6 to 4.7 without the 2 new credentials in yourcase, you just need to 
1. check co status before upgrade, it should be like below
$ oc get co cloud-credential -o json | jq -r ".status.conditions"
[
  {
    "lastTransitionTime": "2021-02-18T06:07:14Z",
    "message": "Credential minting is disabled by cluster admin",
    "reason": "OperatorDisabledByAdmin",
    "status": "True",
    "type": "Available"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Degraded"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Progressing"
  },
  {
    "lastTransitionTime": "2021-02-18T06:08:21Z",
    "message": "Cannot upgrade manual mode cluster to 4.7 due to missing secret(s): [openshift-cloud-credential-operator/cloud-credential-operator-gcp-ro-creds] Please see Manually Creating IAM documentation for the cluster's platform.",
    "reason": "ManualModeMissingSecrets",
    "status": "False",
    "type": "Upgradeable"
  }
]

2. add the missing secrets, check the co status again
 oc get co cloud-credential -o json | jq -r ".status.conditions"
[
  {
    "lastTransitionTime": "2021-02-18T06:07:14Z",
    "message": "Credential minting is disabled by cluster admin",
    "reason": "OperatorDisabledByAdmin",
    "status": "True",
    "type": "Available"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Degraded"
  },
  {
    "lastTransitionTime": "2021-02-18T05:08:41Z",
    "status": "False",
    "type": "Progressing"
  },
  {
    "lastTransitionTime": "2021-02-18T06:15:42Z",
    "status": "True",
    "type": "Upgradeable"
  }
]

3. when Upgradeable=True, then you upgrade cluster to 4.7. the upgrage should be successful.

Comment 7 errata-xmlrpc 2021-02-22 13:54:32 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.18 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0510

Note You need to log in before you can comment on or make changes to this bug.