OCPBUGS-25805: Merge https://github.com/kubernetes/cloud-provider-openstack:release-1.26 into release-4.13 #246
Conversation
![shiftstack-merge-bot[bot]](https://avatars.githubusercontent.com/u/48560946?s=60&v=4){kind=small}
…chart (kubernetes#2449) * Use standard service account name in OCCM helm chart (kubernetes#2332) This removes the `openstack-` prefix from the service account name used by the cloud-controller-manager and moves the default values into the values file. The change is motivated by the following: - Create suitable service accounts, cluster roles and cluster role bindings for use with `--use-service-accounts-credentials=true` - Normalise service account names in the helm chart and plain manifests - Adhere to naming conventions across external cloud controller managers for different clouds (e.g. AWS, GCP, ...) Specifically the first point deserves further details. Prior to this change, users who install the cloud controller manager with helm, would run into the following error when creating load balancers: ``` E0818 08:27:33.802407 11 controller.go:291] error processing service default/hello-bug (will retry): failed to ensure load balancer: failed to patch service object default/hello-bug: services "hello-bug" is forbidden: User "system:serviceaccount:kube-system:cloud-controller-manager" cannot patch resource "services" in API group "" in the namespace "default" ``` Which is due to the fact that the controller is running with the `cloud-controller-manager` service account because `--use-service-account-credentials` is set to `true` by default and the client is initialised with: ``` clientset := clientBuilder.ClientOrDie("cloud-controller-manager") ``` Whilst users can work around this by passing `--use-service-account-credentials=false`, the desired behaviour would be to install suitable RBAC in the first place. See: - https://kubernetes.io/docs/concepts/architecture/cloud-controller/ - https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/ - kubernetes#2049 - kubernetes#1722 - kubernetes#1755 Signed-off-by: Wolodja Wentland <wwentland@wavecon.de> * Remove spurious whitespace in OCCM values file (kubernetes#2347) The space character was sadly introduced in an earlier PR and had not been picked up by the helm linter, presumably because the GHA did not run. Signed-off-by: Wolodja Wentland <w@wentland.dev> --------- Signed-off-by: Wolodja Wentland <wwentland@wavecon.de> Signed-off-by: Wolodja Wentland <w@wentland.dev>
openshift-ci
bot
added
the
needs-ok-to-test
|
Hi @shiftstack-merge-bot[bot]. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
This doesn't affect us, no need to merge it. /hold |
openshift-ci
bot
added
the
do-not-merge/hold
…tes#2459) Co-authored-by: Nuckal777 <erik.schubert@sap.com>
shiftstack-merge-bot-cloner
bot
force-pushed
the
merge-bot-release-4.13
branch
from
f970a2f
to
efb993c
Compare
|
/hold cancel Okay, this is a nice one. |
openshift-ci
bot
added
ok-to-test
openshift-ci
bot
added
lgtm
|
/label backport-risk-assessed |
|
@dulek: Can not set label backport-risk-assessed: Must be member in one of these teams: [openshift-patch-managers] In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
…etes#2498) * [occm] update k8s.io/kubernetes to v1.26.11 in go.mod * Fix "go list -m all" execution * remove rand seed --------- Co-authored-by: Jesse Haka <haka.jesse@gmail.com>
shiftstack-merge-bot-cloner
bot
force-pushed
the
merge-bot-release-4.13
branch
from
efb993c
to
dd36fcc
Compare
Co-authored-by: kayrus <kay.diam@gmail.com>
…1.26 into release-4.13
shiftstack-merge-bot-cloner
bot
force-pushed
the
merge-bot-release-4.13
branch
from
dd36fcc
to
12a5ea4
Compare
openshift-ci
bot
added
the
backport-risk-assessed
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: gryf, mandre, shiftstack-merge-bot[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/jira cherrypick OCPBUGS-25804 |
|
@pierreprinetti: Jira Issue OCPBUGS-25804 has been cloned as Jira Issue OCPBUGS-25805. Will retitle bug to link to clone. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
changed the title
openshift-ci-robot
added
jira/severity-low
|
@shiftstack-merge-bot[bot]: This pull request references Jira Issue OCPBUGS-25805, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
jira/invalid-bug
|
/jira refresh |
|
@pierreprinetti: This pull request references Jira Issue OCPBUGS-25805, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/label cherry-pick-approved |
openshift-ci
bot
added
the
cherry-pick-approved
|
/jira refresh |
|
@pierreprinetti: This pull request references Jira Issue OCPBUGS-25805, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@pierreprinetti: This pull request references Jira Issue OCPBUGS-25805, which is valid. The bug has been moved to the POST state. 6 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (itbrown@redhat.com), skipping review request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest-required |
|
/retest |
openshift-merge-bot
bot
merged commit dd43577
into
openshift:release-4.13
|
@shiftstack-merge-bot[bot]: Jira Issue OCPBUGS-25805: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-25805 has been moved to the MODIFIED state. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build csi-driver-manila-container-v4.13.0-202402061238.p0.gdd43577.assembly.stream.el8 for distgit csi-driver-manila. |
|
Fix included in accepted release 4.13.0-0.nightly-2024-02-06-230816 |
No description provided.