BZ-1961399: Adding clarification around required GCP permissions #44356
Conversation
sagidlow
added
peer-review-needed
openshift-ci
bot
added
the
size/XS
✅ Deploy Preview for osdocs ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
|
|
||
| The roles are applied to the service accounts that the control plane and compute | ||
| machines use: | ||
| machines use. The roles are required for configuring a GCP project to host the {product-title}. |
There was a problem hiding this comment.
The initial ask was to clarify "if the entries in the table is for Installer or after-install operations or both". I don't think the above statement answers the question, could you please clarify? Thanks!
There was a problem hiding this comment.
@jianli-wei Do you have any suggestions for the text? My understanding is that these roles are required to configure a GCP project which is done prior to installing OCP.
There was a problem hiding this comment.
@sagidlow Sorry, it's not for configuring a GCP project, because the GCP projects (one as service project and another as host project) should have been created before OCP installation. As for the initial ask, i.e. "if the entries in the table is for Installer or after-install operations or both", sorry that I cannot answer for sure even after discussing with other QEs. We guess, the Day-1 and Day-2 operations may require the same set of roles, in terms of the control plane and compute machines. @patrickdillon Would you please advise? Thanks!
There was a problem hiding this comment.
Personally, I don't think the bug is valid. It says "As it is written now, it is not clear if the entries in the table is for Installer or after-install operations or both." The doc clearly states: " To deploy an {product-title} cluster, the service
account requires the following permissions."
So yes, it is a requirement for deployment. We have separate sections which also talk about permissions required to operate the cluster. I think https://bugzilla.redhat.com/show_bug.cgi?id=1961399 is NOTABUG
Asa a side note, when reviewing this, I noticed "The roles are applied to the service accounts that the control plane and compute machines use." This is not accurate. It could simply be removed.
There was a problem hiding this comment.
@jianli-wei, are you ok with us closing this issue as NOTABUG?
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
openshift-ci
bot
removed
the
lifecycle/stale
|
The enterprise-4.12 label has been added to this PR. This is because your PR targets the If the update in your PR does NOT apply to version 4.12 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main. |
kalexand-rh
removed
the
peer-review-needed
|
Only versions 4.8+ are still in maintenance. I am removing labels from earlier versions from this PR. |
|
The This is because your PR targets the If the update in your PR does NOT apply to version 4.13 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main. |
|
@jianli-wei, are you ok with us closing this issue as NOTABUG? |
Yes, please go ahead. FYI there's a 4.13 epic CORS-1871 Determine and Document the explicit list of required credential permissions for GCP which I think would clarify the required permissions for GCP. Thanks! |
Thank you so much! |
7 participants
Applies to 4.6+
BZ Link: https://bugzilla.redhat.com/show_bug.cgi?id=1961399
QE ack required.
**Preview Link: ** Added a sentence before Table 3 in the Required GCP permissions section.