[release-4.14] OCPBUGS-31360: Remove egressip write permissions from ovn-kubernetes-node

[kyrtapz]

Backport of #2203

CONFLICT (content): Merge conflict in bindata/network/ovn-kubernetes/common/002-rbac-node.yaml

Signed-off-by: Patryk Diak pdiak@redhat.com
(cherry picked from commit 4019afe)

[kyrtapz]

/jira cherry-pick OCPBUGS-27199

[openshift-ci-robot]

@kyrtapz: Jira Issue OCPBUGS-27199 has been cloned as Jira Issue OCPBUGS-31360. Will retitle bug to link to clone.
/retitle OCPBUGS-31360: Remove egressip write permissions from ovn-kubernetes-node

In response to this:

/jira cherry-pick OCPBUGS-27199

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@kyrtapz: This pull request references Jira Issue OCPBUGS-31360, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.14.z) matches configured target version for branch (4.14.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• dependent bug Jira Issue OCPBUGS-27199 is in the state Closed (Done-Errata), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-27199 targets the "4.15.0" version, which is one of the valid target versions: 4.15.0, 4.15.z
• bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Backport of #2203

CONFLICT (content): Merge conflict in bindata/network/ovn-kubernetes/common/002-rbac-node.yaml

Signed-off-by: Patryk Diak pdiak@redhat.com
(cherry picked from commit 4019afe)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@kyrtapz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-openstack-kuryr	b282389	link	false	/test e2e-openstack-kuryr
ci/prow/e2e-network-mtu-migration-ovn-ipv6	b282389	link	false	/test e2e-network-mtu-migration-ovn-ipv6
ci/prow/e2e-vsphere-ovn-dualstack-primaryv6	b282389	link	false	/test e2e-vsphere-ovn-dualstack-primaryv6
ci/prow/security	b282389	link	false	/test security
ci/prow/4.14-upgrade-from-stable-4.13-e2e-gcp-ovn-upgrade	b282389	link	false	/test 4.14-upgrade-from-stable-4.13-e2e-gcp-ovn-upgrade
ci/prow/e2e-vsphere-ovn-dualstack	b282389	link	false	/test e2e-vsphere-ovn-dualstack

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[dougbtv]

/lgtm

[dougbtv]

/label backport-risk-assessed

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dougbtv, kyrtapz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dougbtv,kyrtapz]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jechen0648]

/ocpbugs cc-qa

[jechen0648]

/label qe-approved

[openshift-ci-robot]

@kyrtapz: This pull request references Jira Issue OCPBUGS-31360, which is valid.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.14.z) matches configured target version for branch (4.14.z)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
• dependent bug Jira Issue OCPBUGS-27199 is in the state Closed (Done-Errata), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-27199 targets the "4.15.0" version, which is one of the valid target versions: 4.15.0, 4.15.z
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (jechen@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Backport of #2203

CONFLICT (content): Merge conflict in bindata/network/ovn-kubernetes/common/002-rbac-node.yaml

Signed-off-by: Patryk Diak pdiak@redhat.com
(cherry picked from commit 4019afe)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[zhaozhanqi]

/label cherry-pick-approved

[openshift-ci-robot]

@kyrtapz: Jira Issue OCPBUGS-31360: All pull requests linked via external trackers have merged:

• openshift/cluster-network-operator#2320

Jira Issue OCPBUGS-31360 has been moved to the MODIFIED state.

In response to this:

Backport of #2203

CONFLICT (content): Merge conflict in bindata/network/ovn-kubernetes/common/002-rbac-node.yaml

Signed-off-by: Patryk Diak pdiak@redhat.com
(cherry picked from commit 4019afe)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build cluster-network-operator-container-v4.14.0-202403272210.p0.gbdcd97c.assembly.stream.el8 for distgit cluster-network-operator.
All builds following this will include this PR.