OCPBUGS-5825: Removes legacy cloud-provider resources

[theobarberbany]

This change removes the cloud-provider ClusterRole, ClusterRoleBinding and ServiceAccount that are no longer required from 4.16

[openshift-ci-robot]

@theobarberbany: This pull request references Jira Issue OCPBUGS-5825, which is invalid:

• expected the bug to target the "4.16.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

This change removes the cloud-provider ClusterRole, ClusterRoleBinding and ServiceAccount that are no longer required from 4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[JoelSpeed]

Code change looks ok, should verify that both install and upgrade jobs do not have these resources in their must-gathers once the CI runs complete

[theobarberbany]

/jira refresh

[openshift-ci-robot]

@theobarberbany: This pull request references Jira Issue OCPBUGS-5825, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.16.0) matches configured target version for branch (4.16.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @zhouying7780

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ingvagabund]

/approve
/lgtm

[atiratree]

@theobarberbany thx for the PR, but there are a few changes required

[atiratree]

this sa should be kept. I think the sa for cloud-provider comes from kube

[ingvagabund]

I missed this one. Thanks for noticing it.

[theobarberbany]

Thanks for the review @atiratree :)

I think the sa for cloud-provider comes from kube

Does this mean there's a SA somewhere else I need to remove?

[atiratree]

I think the SA should be created automatically when the controller runs

https://github.com/kubernetes/kubernetes/blob/a3adc759a3c096accafb1694f77362ee5f957a22/staging/src/k8s.io/legacy-cloud-providers/gce/gce.go#L652

so, no action required

[theobarberbany]

thanks! :)

[atiratree]

please remove these two files from the main list above

[atiratree]

are you planning to backport this to 4.15 branch?

[JoelSpeed]

No, this would break 4.14 to 4.15 upgrades, that's why we are doing this now. The file needs to be removed only once the upgrade to 4.15 is complete, it cannot be removed mid update as that could cause KCM to fall over and halt the upgrade.

[atiratree]

I mean, 4.15 is not released yet, so I think it could still work if we do it before the release.

[atiratree]

^ if the RBAC is not used in the 4.14

[JoelSpeed]

I've been working on the basis that RBAC is used in 4.14, that's why we are removing now, but I will double check when we stopped using it.

[JoelSpeed]

Yep, confirmed, RBAC is used in 4.14, not used in 4.15, so I want to remove only from 4.16 to avoid breaking upgrades

[atiratree]

Thanks for looking into this. Ok let's remove this in 4.16 then.

[atiratree]

/lgtm cancel

[openshift-ci]

@theobarberbany: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/security	2a7520b	link	false	/test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[JoelSpeed]

I'm good with this if @atiratree is, but note, do not want to backport to avoid potential breaking of upgrades

[atiratree]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: atiratree, ingvagabund, theobarberbany

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [atiratree,ingvagabund]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

@theobarberbany: Jira Issue OCPBUGS-5825: All pull requests linked via external trackers have merged:

• openshift/cluster-kube-controller-manager-operator#778

Jira Issue OCPBUGS-5825 has been moved to the MODIFIED state.

In response to this:

This change removes the cloud-provider ClusterRole, ClusterRoleBinding and ServiceAccount that are no longer required from 4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-cluster-kube-controller-manager-operator-container-v4.16.0-202312142332.p0.gb033b8e.assembly.stream for distgit ose-cluster-kube-controller-manager-operator.
All builds following this will include this PR.