-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SDN-4160: blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0 #4203
SDN-4160: blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0 #4203
Conversation
@wking: This pull request references SDN-4160 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@wking: This pull request references SDN-4160 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
a169e68
to
880e699
Compare
…and 4.15.0-ec.0 The risk is for updating out of the impacted releases to hypothetical future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0. But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are not expected to ever have running-as-root webhook listeners. Pattern-matching: * apiserver_storage_objects from b573872 (blocked-edges/4.13.*-PerformanceProfilesCPUQuota: Declare new risk, 2023-06-27, openshift#3786), * egressips.k8s.ovn.org from 894fab7 (blocked-edges/4.11.9-ovn-namespace: 4.11.9 does not fix the regression, 2022-10-12, openshift#2628), and * _id from 5cb2e93 (blocked-edges/4.11.*-KeepalivedMulticastSkew: Explicit _id="", 2023-05-09, openshift#3591). Using cluster_installer with the hypershift invoker is new for this commit, and in this case I'm using it to declare HyperShift clustres not exposed to the risk. Generated by manually writing the rc.e risk, and then copying it around with: $ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done
880e699
to
54c73a9
Compare
I found a guess at "am I Hosted/HyperShift?" PromQL in OTA-907, which I've tried to integrate here. But regardless of whether that's the right PromQL, it hosted ClusterVersion have still not been taught how to evaluate PromQL risks, so they'll see the update as possibly-at-risk no matter what we put in the expression. |
@wking: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
@wking: This pull request references SDN-4160 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: LalatenduMohanty, PratikMahajan, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Which I'd missed with a sloppy copy/paste in 54c73a9 (blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0, 2023-10-06, openshift#4203).
The risk is for updating out of the impacted releases to hypothetical future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0. But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are not expected to ever have running-as-root webhook listeners.
Pattern-matching
apiserver_storage_objects
from b573872 (#3786) andegressips.k8s.ovn.org
from 894fab7 (#2628).The risk is only for standalone (non-HyperShift) clusters, but we haven't worked up PromQL for "I'm (not) HyperShift" yet, and it's just prerelease versions, so I'm skipping over that detail for now and declaring the risk for all OVN clusters (standalone and HyperShift) thinking about updating into impacted releases.
Generated by manually writing the rc.e risk, and then copying it around with:
$ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done