2076646 – openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters

Bug 2076646 - openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters

Summary: openshift-install destroy unable to delete PVC disks in GCP if cluster identi...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	4.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.12.0
Assignee:	Brent Barbachem
QA Contact:	Jianli Wei
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-04-19 14:34 UTC by Chinmay Deshpande
Modified:	2023-09-18 04:35 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	* Previously, uninstalling a cluster using the installation program failed to delete all resources in clusters installed on GCP if the cluster name was more than 22 characters long. In this update, uninstalling a cluster using the installation program correctly locates and deletes all GCP cluster resources in cases of long cluster names. (link:https://bugzilla.redhat.com/show_bug.cgi?id=2076646[BZ#2076646])
Clone Of:
Environment:
Last Closed:	2022-08-10 11:07:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift installer pull 5976	0	None	open	Bug 2076646: destroy/gcp: Disk names are filtered using kubernetes name format	2022-06-07 19:47:58 UTC
Red Hat Product Errata	RHSA-2022:5069	0	None	None	None	2022-08-10 11:08:06 UTC

Description Chinmay Deshpande 2022-04-19 14:34:48 UTC

openshift-install destroy unable to delete PVC disks in GCP if cluster identifier is longer than 22 characters

Version:

$ openshift-install version
$ ./openshift-install 4.8.18
built from commit bd366e3cdcf892e1bddd841c702738f5254a0188
release image quay.io/openshift-release-dev/ocp-release@sha256:321aae3d3748c589bc2011062cee9fd14e106f258807dc2d84ced3f7461160ea

Platform: GCP

Installation Type: IPI

What happened?

#When run the openshift-install destroy cluster command, it is observed that PVC disks are not getting deleted, if the metadata.name is more than 22 characters.

# Always at least include the `.openshift_install.log`

What did you expect to happen?

All resources should get deleted successfully with openshift-installer destroy command.

How to reproduce it (as minimally and precisely as possible)?

$ Setup IPI GCP cluster
$ Provide cluster name with 22 chars.
$ Use standard (default) storage class, create pvc and pv.
$ Once done, destroy the cluster
$ Check on the backend platform if the storage disk for PVC is getting deleted or not.

Anything else we need to know?

We deployed an OpenShift 4 cluster in GCP, the `.metadata.name` field in the install config was gcpuser-a.ocp.redhat. The installer adds a unique identifier to the name for the InfraID, in our case, it resulted in `gcpusc1-a-ops-xpaas-nkp6w`.

After the cluster was provisioned, we created a PVC. The corresponding Google cloud disk followed the name `gcpuser-a.ocp.redhat-nk-pvc-<UID>`. Because the disk name did not exactly match the InfraID, when we ran the openshift-install destroy for this cluster, none of the disks for PVCs were deleted.

Comment 1 Brent Barbachem 2022-05-26 13:55:43 UTC

@chdeshpa Can you provide some clarification? First can you provide exact steps to reproduce this issue? The name gcpuser-a.ocp.redhat was used in the install-config but there is no way that this should have been produced as any artifact: gcpusc1-a-ops-xpaas-nkp6w. Did you create a PVC by creating the one manually through the Openshift Web Console or through GCP?

Comment 2 Brent Barbachem 2022-05-26 14:02:53 UTC

The length of the name doesn't appear to cause any issues being longer than 22 characters. I was able to delete an IPI created disk that had a name length greater than 22 characters.

Comment 3 Patrick Dillon 2022-06-02 01:23:19 UTC

This is specifically for the disks created by persistent volumes, so to reproduce you would need to create a cluster with a name length==22 and then create a PV according to https://docs.openshift.com/container-platform/4.9/storage/understanding-persistent-storage.html#understanding-persistent-storage or using the console.

Comment 6 Jianli Wei 2022-06-24 10:39:56 UTC

>Re-created the issue with older version, e.g. 4.11.0-0.nightly-2022-06-21-040754.

$ openshift-install version
openshift-install 4.11.0-0.nightly-2022-06-21-040754
built from commit f912534f12491721e3874e2bf64f7fa8d44aa7f5
release image registry.ci.openshift.org/ocp/release@sha256:8c9769feeebd89a032e6d3710304634dc45ec5a3b29f0d70d2d295428a1d2789
release architecture amd64
$ 
$ export KUBECONFIG=/home/fedora/testabc/auth/kubeconfig
$ oc create -f pvc01.yaml
persistentvolumeclaim/jiwei-pvc01-csi created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "hello-storage" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "hello-storage" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "hello-storage" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "hello-storage" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/jiwei-dep01 created
$ oc get pvc
NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jiwei-pvc01-csi   Bound    pvc-451c832c-db76-453c-accd-ea7ef8288874   1Gi        RWO            standard       7s
$ oc get deployments
NAME          READY   UP-TO-DATE   AVAILABLE   AGE
jiwei-dep01   1/1     1            1           22s
$ gcloud compute disks list --filter='name~gcpuser'
NAME                                                             LOCATION       LOCATION_SCOPE  SIZE_GB  TYPE    STATUS
gcpuser-a-ocp-redhat-r-pvc-451c832c-db76-453c-accd-ea7ef8288874  us-central1-a  zone            1        pd-ssd  READY
gcpuser-a-ocp-redhat-rbvg8-master-0                              us-central1-a  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-rbvg8-worker-a-2tj78                        us-central1-a  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-rbvg8-master-1                              us-central1-b  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-rbvg8-worker-b-rm7tr                        us-central1-b  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-rbvg8-master-2                              us-central1-c  zone            128      pd-ssd  READY
$ 
$ openshift-install destroy cluster --dir testabc
INFO Credentials loaded from file "/home/fedora/.gcp/osServiceAccount.json"
INFO Stopped instance gcpuser-a-ocp-redhat-rbvg8-worker-a-2tj78
INFO Stopped instance gcpuser-a-ocp-redhat-rbvg8-worker-b-rm7tr
INFO Stopped instance gcpuser-a-ocp-redhat-rbvg8-master-2
INFO Stopped instance gcpuser-a-ocp-redhat-rbvg8-master-0
INFO Stopped instance gcpuser-a-ocp-redhat-rbvg8-master-1
INFO Deleted IAM project role bindings
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-cloud-crede-t9csk.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-g-wwmgw.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-m-d8j7s.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-ocp-redhat-rbvg8-m.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-c-z9c28.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-i-56z2r.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-g-vq22t.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-ocp-redhat-rbvg8-w.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-i-mzpmt.gserviceaccount.com
INFO Deleted 2 recordset(s) in zone qe
INFO Deleted 3 recordset(s) in zone gcpuser-a-ocp-redhat-rbvg8-private-zone
INFO Deleted DNS zone gcpuser-a-ocp-redhat-rbvg8-private-zone
INFO Deleted bucket gcpuser-a-ocp-redhat-rbvg8-image-registry-us-central1-lgdsgjlf
INFO Deleted instance gcpuser-a-ocp-redhat-rbvg8-master-1
INFO Deleted instance gcpuser-a-ocp-redhat-rbvg8-worker-b-rm7tr
INFO Deleted instance gcpuser-a-ocp-redhat-rbvg8-master-2
INFO Deleted instance gcpuser-a-ocp-redhat-rbvg8-master-0
INFO Deleted instance gcpuser-a-ocp-redhat-rbvg8-worker-a-2tj78
INFO Deleted disk gcpuser-a-ocp-redhat-rbvg8-master-0
INFO Deleted disk gcpuser-a-ocp-redhat-rbvg8-worker-a-2tj78
INFO Deleted disk gcpuser-a-ocp-redhat-rbvg8-master-1
INFO Deleted disk gcpuser-a-ocp-redhat-rbvg8-worker-b-rm7tr
INFO Deleted disk gcpuser-a-ocp-redhat-rbvg8-master-2
INFO Deleted firewall rule k8s-fw-a448760980c8b49928ffb551a8feaf72
INFO Deleted firewall rule k8s-a448760980c8b49928ffb551a8feaf72-http-hc
INFO Deleted firewall rule gcpuser-a-ocp-redhat-rbvg8-api
INFO Deleted firewall rule gcpuser-a-ocp-redhat-rbvg8-control-plane
INFO Deleted firewall rule gcpuser-a-ocp-redhat-rbvg8-etcd
INFO Deleted firewall rule gcpuser-a-ocp-redhat-rbvg8-health-checks
INFO Deleted firewall rule gcpuser-a-ocp-redhat-rbvg8-internal-cluster
INFO Deleted firewall rule gcpuser-a-ocp-redhat-rbvg8-internal-network
INFO Deleted address gcpuser-a-ocp-redhat-rbvg8-cluster-ip
INFO Deleted address gcpuser-a-ocp-redhat-rbvg8-cluster-public-ip
INFO Deleted forwarding rule a448760980c8b49928ffb551a8feaf72
INFO Deleted forwarding rule gcpuser-a-ocp-redhat-rbvg8-api
INFO Deleted forwarding rule gcpuser-a-ocp-redhat-rbvg8-api-internal
INFO Deleted router gcpuser-a-ocp-redhat-rbvg8-router
INFO Deleted subnetwork gcpuser-a-ocp-redhat-rbvg8-worker-subnet
INFO Deleted target pool gcpuser-a-ocp-redhat-rbvg8-api
INFO Deleted target pool a448760980c8b49928ffb551a8feaf72
INFO Deleted backend service gcpuser-a-ocp-redhat-rbvg8-api-internal
INFO Deleted subnetwork gcpuser-a-ocp-redhat-rbvg8-master-subnet
INFO Deleted instance group gcpuser-a-ocp-redhat-rbvg8-master-us-central1-a
INFO Deleted instance group gcpuser-a-ocp-redhat-rbvg8-master-us-central1-b
INFO Deleted instance group gcpuser-a-ocp-redhat-rbvg8-master-us-central1-c
INFO Deleted health check gcpuser-a-ocp-redhat-rbvg8-api-internal
INFO Deleted HTTP health check a448760980c8b49928ffb551a8feaf72
INFO Deleted HTTP health check gcpuser-a-ocp-redhat-rbvg8-api
INFO Deleted network gcpuser-a-ocp-redhat-rbvg8-network
INFO Time elapsed: 4m19s   
$ 
$ gcloud compute disks list --filter='name~gcpuser'
NAME                                                             LOCATION       LOCATION_SCOPE  SIZE_GB  TYPE    STATUS
gcpuser-a-ocp-redhat-r-pvc-451c832c-db76-453c-accd-ea7ef8288874  us-central1-a  zone            1        pd-ssd  READY
$ 


>Verified in 4.11.0-0.nightly-2022-06-23-153912.

$ export KUBECONFIG=/home/fedora/test2022/auth/kubeconfig
$ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.11.0-0.nightly-2022-06-23-153912   True        False         19m     Cluster version is 4.11.0-0.nightly-2022-06-23-153912
$ oc create -f pvc01.yaml
persistentvolumeclaim/jiwei-pvc01-csi created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "hello-storage" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "hello-storage" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "hello-storage" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "hello-storage" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/jiwei-dep01 created
$ oc get pvc
NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jiwei-pvc01-csi   Bound    pvc-361f3b2d-210a-44a0-b55d-fd8560a8bb1d   1Gi        RWO            standard       5s
$ oc get deployments
NAME          READY   UP-TO-DATE   AVAILABLE   AGE
jiwei-dep01   0/1     1            0           9s
$ gcloud compute disks list --filter='name~gcpuser'
NAME                                                             LOCATION       LOCATION_SCOPE  SIZE_GB  TYPE    STATUS
gcpuser-a-ocp-redhat-m-pvc-361f3b2d-210a-44a0-b55d-fd8560a8bb1d  us-central1-a  zone            1        pd-ssd  READY
gcpuser-a-ocp-redhat-m6jc7-master-0                              us-central1-a  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-m6jc7-worker-a-mrhqr                        us-central1-a  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-m6jc7-master-1                              us-central1-b  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-m6jc7-worker-b-lvfd8                        us-central1-b  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-m6jc7-master-2                              us-central1-c  zone            128      pd-ssd  READY
$
$ openshift-install destroy cluster --dir test2022
INFO Credentials loaded from file "/home/fedora/.gcp/osServiceAccount.json"
INFO Stopped instance gcpuser-a-ocp-redhat-m6jc7-worker-a-mrhqr
INFO Stopped instance gcpuser-a-ocp-redhat-m6jc7-worker-b-lvfd8
INFO Stopped instance gcpuser-a-ocp-redhat-m6jc7-master-1
INFO Stopped instance gcpuser-a-ocp-redhat-m6jc7-master-2
INFO Stopped instance gcpuser-a-ocp-redhat-m6jc7-master-0
INFO Deleted IAM project role bindings
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-ocp-redhat-m6jc7-m.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-c-jzkd9.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-m-d6kcf.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-g-25tcn.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-cloud-crede-vqzjc.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-i-zlbpv.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-ocp-redhat-m6jc7-w.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-g-x859k.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-i-fjvx4.gserviceaccount.com
INFO Deleted 2 recordset(s) in zone qe
INFO Deleted 3 recordset(s) in zone gcpuser-a-ocp-redhat-m6jc7-private-zone
INFO Deleted DNS zone gcpuser-a-ocp-redhat-m6jc7-private-zone
INFO Deleted bucket gcpuser-a-ocp-redhat-m6jc7-image-registry-us-central1-fxrqcfxo
INFO Deleted instance gcpuser-a-ocp-redhat-m6jc7-master-1
INFO Deleted instance gcpuser-a-ocp-redhat-m6jc7-worker-b-lvfd8
INFO Deleted instance gcpuser-a-ocp-redhat-m6jc7-master-2
INFO Deleted instance gcpuser-a-ocp-redhat-m6jc7-master-0
INFO Deleted instance gcpuser-a-ocp-redhat-m6jc7-worker-a-mrhqr
INFO Deleted disk gcpuser-a-ocp-redhat-m6jc7-master-1
INFO Deleted disk gcpuser-a-ocp-redhat-m6jc7-worker-b-lvfd8
INFO Deleted disk gcpuser-a-ocp-redhat-m6jc7-master-0
INFO Deleted disk gcpuser-a-ocp-redhat-m6jc7-worker-a-mrhqr
INFO Deleted disk gcpuser-a-ocp-redhat-m6jc7-master-2
INFO Deleted firewall rule k8s-a47d8a5ffa73d44b7bf2a3badb10588d-http-hc
INFO Deleted firewall rule gcpuser-a-ocp-redhat-m6jc7-api
INFO Deleted firewall rule gcpuser-a-ocp-redhat-m6jc7-control-plane
INFO Deleted firewall rule gcpuser-a-ocp-redhat-m6jc7-etcd
INFO Deleted firewall rule gcpuser-a-ocp-redhat-m6jc7-health-checks
INFO Deleted firewall rule gcpuser-a-ocp-redhat-m6jc7-internal-cluster
INFO Deleted firewall rule gcpuser-a-ocp-redhat-m6jc7-internal-network
INFO Deleted firewall rule k8s-fw-a47d8a5ffa73d44b7bf2a3badb10588d
INFO Deleted address gcpuser-a-ocp-redhat-m6jc7-cluster-public-ip
INFO Deleted address a47d8a5ffa73d44b7bf2a3badb10588d
INFO Deleted address gcpuser-a-ocp-redhat-m6jc7-cluster-ip
INFO Deleted forwarding rule a47d8a5ffa73d44b7bf2a3badb10588d
INFO Deleted forwarding rule gcpuser-a-ocp-redhat-m6jc7-api
INFO Deleted forwarding rule gcpuser-a-ocp-redhat-m6jc7-api-internal
INFO Deleted router gcpuser-a-ocp-redhat-m6jc7-router
INFO Deleted subnetwork gcpuser-a-ocp-redhat-m6jc7-worker-subnet
INFO Deleted disk gcpuser-a-ocp-redhat-m-pvc-361f3b2d-210a-44a0-b55d-fd8560a8bb1d
INFO Deleted target pool a47d8a5ffa73d44b7bf2a3badb10588d
INFO Deleted target pool gcpuser-a-ocp-redhat-m6jc7-api
INFO Deleted backend service gcpuser-a-ocp-redhat-m6jc7-api-internal
INFO Deleted subnetwork gcpuser-a-ocp-redhat-m6jc7-master-subnet
INFO Deleted instance group gcpuser-a-ocp-redhat-m6jc7-master-us-central1-c
INFO Deleted instance group gcpuser-a-ocp-redhat-m6jc7-master-us-central1-b
INFO Deleted instance group gcpuser-a-ocp-redhat-m6jc7-master-us-central1-a
INFO Deleted health check gcpuser-a-ocp-redhat-m6jc7-api-internal
INFO Deleted HTTP health check a47d8a5ffa73d44b7bf2a3badb10588d
INFO Deleted HTTP health check gcpuser-a-ocp-redhat-m6jc7-api
INFO Deleted network gcpuser-a-ocp-redhat-m6jc7-network
INFO Time elapsed: 4m27s   
$ gcloud compute disks list --filter='name~gcpuser'
Listed 0 items.
$

Comment 10 Jianli Wei 2022-07-08 09:20:46 UTC

>Verified in 4.12.0-0.nightly-2022-07-08-015358.

$ openshift-install version
openshift-install 4.12.0-0.nightly-2022-07-08-015358
built from commit a0108dbbeea43d66267d3196edb80f8ad92dbd33
release image registry.ci.openshift.org/ocp/release@sha256:556d8808fb37015ab3488e838b5a41e7b2ee9db8f2b178cec8fc462d0419d84a
release architecture amd64
$ yq-3.3.0 r work/install-config.yaml metadata
creationTimestamp: null
name: gcpuser-a.ocp.redhat.abc
$ yq-3.3.0 r work/install-config.yaml platform
gcp:
  projectID: openshift-qe
  region: us-central1
$ openshift-install create cluster --dir work
INFO Credentials loaded from file "/home/fedora/.gcp/osServiceAccount.json"
INFO Consuming Install Config from target directory
INFO Creating infrastructure resources...
INFO Waiting up to 20m0s (until 8:37AM) for the Kubernetes API at https://api.gcpuser-a.ocp.redhat.abc.qe.gcp.devcluster.openshift.com:6443...
INFO API v1.24.0+bd7662a up
INFO Waiting up to 30m0s (until 8:51AM) for bootstrapping to complete...
INFO Destroying the bootstrap resources...
INFO Waiting up to 40m0s (until 9:11AM) for the cluster at https://api.gcpuser-a.ocp.redhat.abc.qe.gcp.devcluster.openshift.com:6443 to initialize...
INFO Waiting up to 10m0s (until 8:49AM) for the openshift-console route to be created...
INFO Install complete!
INFO To access the cluster as the system:admin user when using 'oc', run
INFO     export KUBECONFIG=/home/fedora/work/auth/kubeconfig
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.gcpuser-a.ocp.redhat.abc.qe.gcp.devcluster.openshift.com
INFO Login to the console with user: "kubeadmin", and password: "WSVWH-vWknY-HSeI3-WHLrf"
INFO Time elapsed: 25m16s  
$ export KUBECONFIG=/home/fedora/work/auth/kubeconfig
$ oc get nodes
NAME                                                          STATUS   ROLES    AGE   VERSION
gcpuser-a-ocp-redhat-fg672-master-0.c.openshift-qe.internal   Ready    master   29m   v1.24.0+bd7662a
gcpuser-a-ocp-redhat-fg672-master-1.c.openshift-qe.internal   Ready    master   29m   v1.24.0+bd7662a
gcpuser-a-ocp-redhat-fg672-master-2.c.openshift-qe.internal   Ready    master   29m   v1.24.0+bd7662a
gcpuser-a-ocp-redhat-fg672-worker-a-jsqzc                     Ready    worker   21m   v1.24.0+bd7662a
gcpuser-a-ocp-redhat-fg672-worker-b-dmzch                     Ready    worker   21m   v1.24.0+bd7662a
$ oc get machines -n openshift-machine-api
NAME                                        PHASE     TYPE            REGION        ZONE            AGE
gcpuser-a-ocp-redhat-fg672-master-0         Running   n2-standard-4   us-central1   us-central1-a   32m
gcpuser-a-ocp-redhat-fg672-master-1         Running   n2-standard-4   us-central1   us-central1-b   32m
gcpuser-a-ocp-redhat-fg672-master-2         Running   n2-standard-4   us-central1   us-central1-c   32m
gcpuser-a-ocp-redhat-fg672-worker-a-jsqzc   Running   n2-standard-2   us-central1   us-central1-a   27m
gcpuser-a-ocp-redhat-fg672-worker-b-dmzch   Running   n2-standard-2   us-central1   us-central1-b   27m
$ oc create -f pvc01.yaml
persistentvolumeclaim/jiwei-pvc01-csi created
Warning: would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "hello-storage" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "hello-storage" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "hello-storage" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "hello-storage" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/jiwei-dep01 created
$ oc get pv
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                     STORAGECLASS   REASON   AGE
pvc-accf570f-7595-4d97-86dd-dc51673962d3   1Gi        RWO            Delete           Bound    default/jiwei-pvc01-csi   standard                4s
$ oc get pvc
NAME              STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
jiwei-pvc01-csi   Bound    pvc-accf570f-7595-4d97-86dd-dc51673962d3   1Gi        RWO            standard       7s
$ oc get deployments
NAME          READY   UP-TO-DATE   AVAILABLE   AGE
jiwei-dep01   1/1     1            1           21s
$ gcloud compute disks list --filter='name~gcpuser'
NAME                                                             LOCATION       LOCATION_SCOPE  SIZE_GB  TYPE    STATUS
gcpuser-a-ocp-redhat-fg672-master-0                              us-central1-a  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-fg672-worker-a-jsqzc                        us-central1-a  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-f-pvc-accf570f-7595-4d97-86dd-dc51673962d3  us-central1-b  zone            1        pd-ssd  READY
gcpuser-a-ocp-redhat-fg672-master-1                              us-central1-b  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-fg672-worker-b-dmzch                        us-central1-b  zone            128      pd-ssd  READY
gcpuser-a-ocp-redhat-fg672-master-2                              us-central1-c  zone            128      pd-ssd  READY
$ openshift-install destroy cluster --dir work
INFO Credentials loaded from file "/home/fedora/.gcp/osServiceAccount.json"
INFO Stopped instance gcpuser-a-ocp-redhat-fg672-worker-a-jsqzc
INFO Stopped instance gcpuser-a-ocp-redhat-fg672-worker-b-dmzch
INFO Stopped instance gcpuser-a-ocp-redhat-fg672-master-1
INFO Stopped instance gcpuser-a-ocp-redhat-fg672-master-2
INFO Stopped instance gcpuser-a-ocp-redhat-fg672-master-0
INFO Deleted IAM project role bindings
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-i-nm4qs.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-g-9cvwc.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-ocp-redhat-fg672-m.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-c-c8dwh.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-cloud-crede-59bxh.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-g-nc547.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-i-nwsjx.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-oc-openshift-m-6wf44.gserviceaccount.com
INFO Deleted service account projects/openshift-qe/serviceAccounts/gcpuser-a-ocp-redhat-fg672-w.gserviceaccount.com
INFO Deleted 2 recordset(s) in zone qe
INFO Deleted 3 recordset(s) in zone gcpuser-a-ocp-redhat-fg672-private-zone
INFO Deleted DNS zone gcpuser-a-ocp-redhat-fg672-private-zone
INFO Deleted bucket gcpuser-a-ocp-redhat-fg672-image-registry-us-central1-elvddyqf
INFO Deleted instance gcpuser-a-ocp-redhat-fg672-worker-a-jsqzc
INFO Deleted instance gcpuser-a-ocp-redhat-fg672-master-1
INFO Deleted instance gcpuser-a-ocp-redhat-fg672-worker-b-dmzch
INFO Deleted instance gcpuser-a-ocp-redhat-fg672-master-2
INFO Deleted instance gcpuser-a-ocp-redhat-fg672-master-0
INFO Deleted disk gcpuser-a-ocp-redhat-fg672-worker-b-dmzch
INFO Deleted disk gcpuser-a-ocp-redhat-fg672-master-0
INFO Deleted disk gcpuser-a-ocp-redhat-fg672-worker-a-jsqzc
INFO Deleted disk gcpuser-a-ocp-redhat-fg672-master-2
INFO Deleted disk gcpuser-a-ocp-redhat-fg672-master-1
INFO Deleted firewall rule k8s-fw-a559fd49758464d4dac50a291036f0c2
INFO Deleted firewall rule k8s-a559fd49758464d4dac50a291036f0c2-http-hc
INFO Deleted firewall rule gcpuser-a-ocp-redhat-fg672-api
INFO Deleted firewall rule gcpuser-a-ocp-redhat-fg672-control-plane
INFO Deleted firewall rule gcpuser-a-ocp-redhat-fg672-etcd
INFO Deleted firewall rule gcpuser-a-ocp-redhat-fg672-health-checks
INFO Deleted firewall rule gcpuser-a-ocp-redhat-fg672-internal-cluster
INFO Deleted firewall rule gcpuser-a-ocp-redhat-fg672-internal-network
INFO Deleted address gcpuser-a-ocp-redhat-fg672-cluster-ip
INFO Deleted address gcpuser-a-ocp-redhat-fg672-cluster-public-ip
INFO Deleted forwarding rule gcpuser-a-ocp-redhat-fg672-api
INFO Deleted forwarding rule gcpuser-a-ocp-redhat-fg672-api-internal
INFO Deleted forwarding rule a559fd49758464d4dac50a291036f0c2
INFO Deleted router gcpuser-a-ocp-redhat-fg672-router
INFO Deleted disk gcpuser-a-ocp-redhat-f-pvc-accf570f-7595-4d97-86dd-dc51673962d3
INFO Deleted target pool a559fd49758464d4dac50a291036f0c2
INFO Deleted target pool gcpuser-a-ocp-redhat-fg672-api
INFO Deleted backend service gcpuser-a-ocp-redhat-fg672-api-internal
INFO Deleted subnetwork gcpuser-a-ocp-redhat-fg672-master-subnet
INFO Deleted subnetwork gcpuser-a-ocp-redhat-fg672-worker-subnet
INFO Deleted instance group gcpuser-a-ocp-redhat-fg672-master-us-central1-b
INFO Deleted instance group gcpuser-a-ocp-redhat-fg672-master-us-central1-c
INFO Deleted instance group gcpuser-a-ocp-redhat-fg672-master-us-central1-a
INFO Deleted health check gcpuser-a-ocp-redhat-fg672-api-internal
INFO Deleted HTTP health check a559fd49758464d4dac50a291036f0c2
INFO Deleted HTTP health check gcpuser-a-ocp-redhat-fg672-api
INFO Deleted network gcpuser-a-ocp-redhat-fg672-network
INFO Time elapsed: 4m14s   
$ gcloud compute disks list --filter='name~gcpuser'
Listed 0 items.
$

Comment 13 errata-xmlrpc 2022-08-10 11:07:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069

Comment 14 Chinmay Deshpande 2022-08-16 14:46:04 UTC

Hi,

Is there any update on backporting this fix to 4.9 version?

Comment 20 Red Hat Bugzilla 2023-09-18 04:35:45 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.