-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API-1687: modify EarlyAPICertRotation risk to include promql #4864
API-1687: modify EarlyAPICertRotation risk to include promql #4864
Conversation
2045e63
to
55e0625
Compare
url: https://issues.redhat.com/browse/API-1687 | ||
name: EarlyAPICertRotation | ||
message: Clusters older than around one month will trigger an api-int certificate authority rollout, and bugs in that rollout may break kubelet access to the Kubernetes API service. | ||
message: Clusters born in 4.6 and earlier will trigger an api-int certificate authority rollout, and bugs in that rollout may break kubelet access to the Kubernetes API service. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of the discussion indicated that we believe some early 4.7.z are also vulnerable. Can we change this to just say 4.7? No need to be precise about 4.7.z given we're only able to write promql that applies to 4.9 and earlier.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
63e989f
to
6f7f81e
Compare
All clusters originally installed on OpenShift Container Platform (OCP) version 4.7 or earlier. Clusters installed on 4.8 or later and new 4.15 installs are unaffected. due to history pruning in the CVO we cannot reliably detect born in versions less than 4.9. Therefore the conditional update rule will be updated to omit update recommendations in all clusters born in 4.9 or earlier
6f7f81e
to
d9f27b6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: PratikMahajan, wking The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
7a0a8d2
into
openshift:master
/retitle API-1687: modify EarlyAPICertRotation risk to include promql |
All clusters originally installed on OpenShift Container Platform (OCP) version 4.7 or earlier. Clusters installed on 4.8 or later and new 4.15 installs are unaffected.
due to history pruning in the CVO we cannot reliably detect born in versions less than 4.9.
Therefore the conditional update rule will be updated to omit update recommendations in all clusters born in 4.9 or earlier