Description of problem: secondary scheduler CR instance does not get updated when sso is upgrade from 1.0.1 to 1.1.0 Version-Release number of selected component (if applicable): secondaryscheduleroperator.v1.1.0 Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 secondaryscheduleroperator.v1.0.1 Succeeded [knarra@knarra openshift-tests-private]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.0-rc.1 True False 3h16m Cluster version is 4.11.0-rc.1 How reproducible: Always Steps to Reproduce: 1. Install 4.11 cluster 2. Install 1.0.1 SSO operator 3. point catalogsource index to the 1.1.0 sso operator 4. Now change the source in secondary scheduler subscription Actual results: I see that secondary scheduler pod gets updated but the secondary scheduler CR instance does not get updated. [knarra@knarra openshift-tests-private]$ oc get pods -n openshift-secondary-scheduler-operator NAME READY STATUS RESTARTS AGE secondary-scheduler-685d5ccbff-p82p7 1/1 Running 0 8m57s secondary-scheduler-operator-7df65b895d-jzd64 1/1 Running 0 3m44s Expected results: Secondary scheduler CR instance should get updated as well. Additional info: We might need to extend the operator sync method to check for the missing restricted pod security level bits
cannot verify bug until https://bugzilla.redhat.com/show_bug.cgi?id=2107513 is fixed.
Moving the bug to verified state as i see that CR instance is beind updated when SSO is being upgraded from 1.0.1 to 1.1.0 [knarra@knarra ~]$ oc get pods -n openshift-secondary-scheduler-operator NAME READY STATUS RESTARTS AGE secondary-scheduler-5c67b4949f-x5dbt 1/1 Terminating 0 5m7s secondary-scheduler-85d784d8ff-mtfff 1/1 Running 0 8s secondary-scheduler-operator-65b6964bb-c55hr 1/1 Running 0 17s [knarra@knarra ~]$ oc get csv -n openshift-secondary-scheduler-operator NAME DISPLAY VERSION REPLACES PHASE elasticsearch-operator.5.4.3 OpenShift Elasticsearch Operator 5.4.3 Succeeded secondaryscheduleroperator.v1.1.0 Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 secondaryscheduleroperator.v1.0.1 Succeeded Also see that securitycontext is present after upgrade to 1.1.0 is done. securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL securityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399