Description of problem: After this PR [1] merged, cco introduce a system so that any/all platforms will set Upgradeable=False until an annotation has been appllied to CCO's CloudCredential config object when cco is in Manual mode, but we missing azure and ovirt platforms, we always set Upgradeable=True on azure and ovirt, see Azure:https://github.com/openshift/cloud-credential-operator/blob/master/pkg/azure/actuator.go#L745-L747 ovirt: https://github.com/openshift/cloud-credential-operator/blob/master/pkg/ovirt/actuator.go#L353-L355 [1] https://github.com/openshift/cloud-credential-operator/pull/286 Version-Release number of selected component (if applicable): 4.8.0-0.nightly-2021-06-25-182927 How reproducible: 100% Steps to Reproduce: 1. Launch an ipi on azure 2. change cco mode to Manual $oc patch cloudcredential cluster --type 'merge' -p '{"spec": {"credentialsMode": "Manual"}}' 3. Check co cloud-credential conditions $oc get co cloud-credential -o json | jq -r ".status.conditions" Actual results: Upgradeable=True $ oc get co cloud-credential -o json | jq -r ".status.conditions" [ { "lastTransitionTime": "2021-06-25T10:21:25Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" }, { "lastTransitionTime": "2021-06-25T07:47:36Z", "status": "False", "type": "Degraded" }, { "lastTransitionTime": "2021-06-25T07:53:33Z", "status": "False", "type": "Progressing" }, { "lastTransitionTime": "2021-06-25T07:47:36Z", "status": "True", "type": "Upgradeable" } ] Expected results: Upgradeable=False Additional info:
Verified on 4.10.0-0.ci-2021-09-26-200812 1. Launch an ipi on azure 2. change cco mode to Manual $oc patch cloudcredential cluster --type 'merge' -p '{"spec": {"credentialsMode": "Manual"}}' 3. Check co cloud-credential conditions $ oc get co cloud-credential -o json | jq -r ".status.conditions[]" { "lastTransitionTime": "2021-09-27T07:13:09Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" } { "lastTransitionTime": "2021-09-27T01:53:30Z", "status": "False", "type": "Degraded" } { "lastTransitionTime": "2021-09-27T02:05:01Z", "status": "False", "type": "Progressing" } { "lastTransitionTime": "2021-09-27T07:16:12Z", "message": "Upgradeable annotation cloudcredential.openshift.io/upgradeable-to on cloudcredential.operator.openshift.io/cluster object needs updating before upgrade. See Manually Creating IAM documentation for instructions on preparing a cluster for upgrade.", "reason": "MissingUpgradeableAnnotation", "status": "False", "type": "Upgradeable" } 4. patch annotation, it will be cleared $ oc patch cloudcredential cluster --type 'merge' -p '{"metadata": {"annotations": {"cloudcredential.openshift.io/upgradeable-to": "4.11.0"}}}' cloudcredential.operator.openshift.io/cluster patched $ oc get co cloud-credential -o json | jq -r ".status.conditions[]" { "lastTransitionTime": "2021-09-27T07:13:09Z", "message": "Credential minting is disabled by cluster admin", "reason": "OperatorDisabledByAdmin", "status": "True", "type": "Available" } { "lastTransitionTime": "2021-09-27T01:53:30Z", "status": "False", "type": "Degraded" } { "lastTransitionTime": "2021-09-27T02:05:01Z", "status": "False", "type": "Progressing" } { "lastTransitionTime": "2021-09-27T07:15:55Z", "status": "True", "type": "Upgradeable" }
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056