Description of problem: machine-api-operator NS runlevel needs to be set to empty string. This PR needs to be reverted in 4.12 only: https://github.com/openshift/machine-api-operator/pull/1044 For the full history of this issue, see: https://docs.google.com/document/d/16DrsqtrtZUxtl4H0wiyxtvduIWqJZkFgC4Jrc-80Pss/edit# But the tldr for this bug is: 1) we need to set the runlevel to "" in 4.12 2) this should be safe to do now because the CVO is now properly reconciling the securityContext provided by MAO (see: https://bugzilla.redhat.com/show_bug.cgi?id=2108858 3) To verify the fix, we need to start from a 4.3.18 cluster and upgrade it to 4.12 successfully. If the 4.12 upgrade is successful (MAO doesn't fail due to SCC admission or CRIO container start issues), then the fix can be considered verified. Version-Release number of selected component (if applicable): 4.12 How reproducible: always Steps to Reproduce: 1. Install a cluster from version 4.3.18 2. Upgrade the cluster all the way to 4.12 3a. Prior to this change, the cluster will successfully upgrade but the NS will still be labeled as openshift.io/run-level: "1" 3b. After this change, the cluster will successfully upgrade but the NS will be labeled as openshift.io/run-level: "" Actual results: openshift-machine-api NS runlevel label is set to 1 Expected results: runlevel is set to emptystring Additional info:
Verified upgrade the cluster 4.3.18->4.4.33->4.5.41->4.6.60->4.7.56->4.8.48->4.9.46->4.10.29->4.11.1->4.12.0-0.nightly-2022-08-29-102035, upgrade is successful. $ oc edit ns openshift-machine-api openshift.io/run-level: ""
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:7399