Bug 1957446 - prepare CCO for future without v1beta1 CustomResourceDefinitions
Summary: prepare CCO for future without v1beta1 CustomResourceDefinitions
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Credential Operator
Version: 4.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.8.0
Assignee: Joel Diaz
QA Contact: wang lin
: 1965947 (view as bug list)
Depends On:
Blocks: 1947719
TreeView+ depends on / blocked
Reported: 2021-05-05 19:01 UTC by Joel Diaz
Modified: 2021-07-27 23:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2021-07-27 23:06:39 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cloud-credential-operator pull 336 0 None open Bug 1957446: v1beta to v1 for the CredentialsRequest CRD 2021-05-05 19:02:40 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:07:12 UTC

Description Joel Diaz 2021-05-05 19:01:44 UTC
Description of problem:
Current CCO has a v1beta1 CRD for its CredentialsRequests. Next kube release (1.22) will drop support for v1beta1. Upgrading may cause some race conditions depending on whether v1beta1 is dropped before CCO is upgraded to a version with v1 CRDs.

Comment 1 Stefan Schimanski 2021-06-01 10:03:08 UTC
This cannot wait until 4.9. It causes an permanent alert in 4.8.

Comment 3 Xingxing Xia 2021-06-02 07:09:03 UTC
*** Bug 1965947 has been marked as a duplicate of this bug. ***

Comment 4 wang lin 2021-06-02 08:07:35 UTC
Verified on 4.8.0-0.nightly-2021-06-01-231204

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2021-06-01-231204   True        False         67m     Cluster version is 4.8.0-0.nightly-2021-06-01-231204

$ MASTERS=`oc get no | grep master | grep -o '^[^ ]*'`
$ for i in $MASTERS; do oc debug no/$i -- chroot /host bash -c "grep -hE '"'"k8s.io/removed-release":"[^"]+"'"' /var/log/kube-apiserver/audit*.log" ; done > all.log
$ grep '"k8s.io/removed-release":"1.22"' all.log > 1.22.log
$ jq -r '.user.username+": "+.requestURI' 1.22.log | sed 's/=[0-9][^&]*/=***/g' | sort | uniq -c | sort -n > 1.22.removed.apis
$ cat 1.22.removed.apis
     10 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses?limit=***&resourceVersion=***
     54 system:kube-controller-manager: /apis/extensions/v1beta1/ingresses?allowWatchBookmarks=true&resourceVersion=***&timeout=***&timeoutSeconds=***&watch=true

no v1beta1/customresourcedefinitions/credentialsrequests.cloudcredential.openshift.io now

4.7.10 -> 4.8.0-0.nightly-2021-06-01-231204  passed

Comment 7 errata-xmlrpc 2021-07-27 23:06:39 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.