Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SDN-4160: blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0 #4203

Merged
merged 1 commit into from
Oct 6, 2023
Merged

SDN-4160: blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0 #4203

merged 1 commit into from
Oct 6, 2023

Conversation

wking
Copy link
Member

@wking wking commented Oct 6, 2023

The risk is for updating out of the impacted releases to hypothetical future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0. But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are not expected to ever have running-as-root webhook listeners.

Pattern-matching apiserver_storage_objects from b573872 (#3786) and egressips.k8s.ovn.org from 894fab7 (#2628).

The risk is only for standalone (non-HyperShift) clusters, but we haven't worked up PromQL for "I'm (not) HyperShift" yet, and it's just prerelease versions, so I'm skipping over that detail for now and declaring the risk for all OVN clusters (standalone and HyperShift) thinking about updating into impacted releases.

Generated by manually writing the rc.e risk, and then copying it around with:

$ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done

@wking wking changed the title blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0 SDN-4160: blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, and 4.15.0-ec.0 Oct 6, 2023
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Oct 6, 2023
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 6, 2023
edited by openshift-ci bot

@wking: This pull request references SDN-4160 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set.

In response to this:

The risk is for updating out of the impacted releases to hypothetical future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0. But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are not expected to ever have running-as-root webhook listeners.

Pattern-matching apiserver_storage_objects from b573872 (#3786) and egressips.k8s.ovn.org from 894fab7 (#2628).

The risk is only for standalone (non-HyperShift) clusters, but we haven't worked up PromQL for "I'm (not) HyperShift" yet, and it's just prerelease versions, so I'm skipping over that detail for now and declaring the risk for all OVN clusters (standalone and HyperShift) thinking about updating into impacted releases.

Generated by manually writing the rc.e risk, and then copying it around with:

$ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 6, 2023
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 6, 2023
edited by openshift-ci bot

@wking: This pull request references SDN-4160 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set.

In response to this:

The risk is for updating out of the impacted releases to hypothetical future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0. But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are not expected to ever have running-as-root webhook listeners.

Pattern-matching apiserver_storage_objects from b573872 (#3786) and egressips.k8s.ovn.org from 894fab7 (#2628).

The risk is only for standalone (non-HyperShift) clusters, but we haven't worked up PromQL for "I'm (not) HyperShift" yet, and it's just prerelease versions, so I'm skipping over that detail for now and declaring the risk for all OVN clusters (standalone and HyperShift) thinking about updating into impacted releases.

Generated by manually writing the rc.e risk, and then copying it around with:

$ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@wking wking force-pushed the declare-OVNWebhookUserConflict branch from a169e68 to 880e699 Compare October 6, 2023 18:52
@wking
blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4, …
54c73a9 
…and 4.15.0-ec.0

The risk is for updating out of the impacted releases to hypothetical
future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0.
But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks
dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are
not expected to ever have running-as-root webhook listeners.

Pattern-matching:

* apiserver_storage_objects from b573872
 (blocked-edges/4.13.*-PerformanceProfilesCPUQuota: Declare new risk,
 2023-06-27, openshift#3786),

* egressips.k8s.ovn.org from 894fab7
  (blocked-edges/4.11.9-ovn-namespace: 4.11.9 does not fix the
  regression, 2022-10-12, openshift#2628), and

* _id from 5cb2e93 (blocked-edges/4.11.*-KeepalivedMulticastSkew:
  Explicit _id="", 2023-05-09, openshift#3591).

Using cluster_installer with the hypershift invoker is new for this
commit, and in this case I'm using it to declare HyperShift clustres
not exposed to the risk.

Generated by manually writing the rc.e risk, and then copying it around with:

  $ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done
@wking wking force-pushed the declare-OVNWebhookUserConflict branch from 880e699 to 54c73a9 Compare October 6, 2023 19:07
@wking
Copy link
Member Author

wking commented Oct 6, 2023

I found a guess at "am I Hosted/HyperShift?" PromQL in OTA-907, which I've tried to integrate here. But regardless of whether that's the right PromQL, it hosted ClusterVersion have still not been taught how to evaluate PromQL risks, so they'll see the update as possibly-at-risk no matter what we put in the expression.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 6, 2023

@wking: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

LalatenduMohanty
LalatenduMohanty approved these changes Oct 6, 2023
View reviewed changes
Copy link
Member

@LalatenduMohanty LalatenduMohanty left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 6, 2023
PratikMahajan
PratikMahajan approved these changes Oct 6, 2023
View reviewed changes
Copy link
Contributor

@PratikMahajan PratikMahajan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 6, 2023
edited by openshift-ci bot

@wking: This pull request references SDN-4160 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.15.0" version, but no target version was set.

In response to this:

The risk is for updating out of the impacted releases to hypothetical future releases with the user change, e.g. from 4.14.0-rc.3 to 4.14.0. But we're warning on * -> 4.14.0-rc.3 (and similar) to help folks dodge the sticky updates entirely, because 4.14.0-rc.2 -> 4.14.0 are not expected to ever have running-as-root webhook listeners.

Pattern-matching apiserver_storage_objects from b573872 (#3786) and egressips.k8s.ovn.org from 894fab7 (#2628).

The risk is only for standalone (non-HyperShift) clusters, but we haven't worked up PromQL for "I'm (not) HyperShift" yet, and it's just prerelease versions, so I'm skipping over that detail for now and declaring the risk for all OVN clusters (standalone and HyperShift) thinking about updating into impacted releases.

Generated by manually writing the rc.e risk, and then copying it around with:

$ for VERSION in 4.14.0-rc.4 4.15.0-ec.0; do sed "s/4.14.0-rc.3/${VERSION}/" blocked-edges/4.14.0-rc.3-OVNWebhookUserConflict.yaml > "blocked-edges/${VERSION}-OVNWebhookUserConflict.yaml"; done

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 6, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: LalatenduMohanty, PratikMahajan, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [LalatenduMohanty,PratikMahajan,wking]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot merged commit d03d9cf into openshift:master Oct 6, 2023
5 checks passed
wking added a commit to wking/cincinnati-graph-data that referenced this pull request Oct 6, 2023
@wking
blocked-edges/*-OVNWebhookUserConflict: Fix the name
26e900d 
Which I'd missed with a sloppy copy/paste in 54c73a9
(blocked-edges: Declare OVNWebhookUserConflict for 4.14.0-rc.3, rc.4,
and 4.15.0-ec.0, 2023-10-06, openshift#4203).
@wking wking mentioned this pull request Oct 6, 2023
Merged
@wking wking deleted the declare-OVNWebhookUserConflict branch October 6, 2023 22:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LalatenduMohanty LalatenduMohanty LalatenduMohanty approved these changes

@PratikMahajan PratikMahajan PratikMahajan approved these changes

Assignees

@LalatenduMohanty LalatenduMohanty

@PratikMahajan PratikMahajan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
4 participants
@wking @openshift-ci-robot @LalatenduMohanty @PratikMahajan