Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCP disconnected & private, with workload identity #33459

Merged
merged 1 commit into from Nov 9, 2022
Merged

GCP disconnected & private, with workload identity #33459

merged 1 commit into from Nov 9, 2022

Conversation

jianli-wei
Copy link
Contributor

@jianli-wei jianli-wei commented Oct 26, 2022
edited

  1. 4.12 epic CORS-2361 Deploy disconnected OpenShift cluster with Workload Identity on Google Cloud
  2. add the workflow cucushift-installer-rehearse-gcp-ipi-disconnected-private-cco-manual-workload-identity and provision & deprovision chains
  3. update the step gather-gcp-console to deal with private clusters

@jianlinliu
Copy link
Contributor

In https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_release/33459/rehearse-33459-periodic-ci-openshift-verification-tests-master-installer-rehearse-4.12-installer-rehearse-gcp/1585195667494539264, it failed on gcp-gather-gcp-console, can you help fix it like https://github.com/openshift/release/blob/master/ci-operator/step-registry/gather/aws-console/gather-aws-console-commands.sh#L17-L21

@abutcher
Copy link
Member

abutcher commented Nov 1, 2022

I've updated the deprovision step to include --credentials-request-dir in #33402 for (3) in the description.

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 1, 2022
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 3, 2022
@jianli-wei jianli-wei force-pushed the gcp-disconnected-sts branch 2 times, most recently from a9a5c3f to 62083a7 Compare November 3, 2022 03:16
@jianli-wei
Copy link
Contributor Author

/retest

@jianli-wei
Copy link
Contributor Author

/test pj-rehearse

@jianli-wei jianli-wei force-pushed the gcp-disconnected-sts branch 2 times, most recently from 9ac0361 to 5b2066d Compare November 7, 2022 06:19
@jianli-wei
Copy link
Contributor Author

/test pj-rehearse

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 7, 2022

@jianli-wei: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-4.12-upgrade-from-stable-4.11-gcp-ipi-cco-manual-workload-identity-p1 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/prow/multi-arch-gen-valid 1dc4b54a7b9c0c7f93dcf229c759c0b16a833efb link true /test multi-arch-gen-valid
ci/rehearse/openshift/origin/master/e2e-gcp-ovn 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/rehearse/openshift/origin/release-4.6/e2e-agnostic-cmd 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/rehearse/openshift/origin/master/e2e-gcp-image-ecosystem 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-4.12-upgrade-from-stable-4.11-gcp-ipi-ovn-p1 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-4.12-upgrade-from-stable-4.11-gcp-ipi-ovn-ipsec-p1 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/rehearse/openshift/gcp-filestore-csi-driver-operator/main/operator-e2e 62083a712c662b6ead800ad464f2569fc5e0aa84 link unknown /test pj-rehearse
ci/rehearse/operator-framework/operator-marketplace/master/e2e-gcp-serial 5b2066d16939a06a2c270f36f990383a861eebd8 link unknown /test pj-rehearse
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-disconnected-private-ovn-p2 5b2066d16939a06a2c270f36f990383a861eebd8 link unknown /test pj-rehearse
ci/prow/pj-rehearse 5b2066d16939a06a2c270f36f990383a861eebd8 link false /test pj-rehearse
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-cco-manual-workload-identity-p1 5b2066d16939a06a2c270f36f990383a861eebd8 link unknown /test pj-rehearse
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-baselinecaps-v411-additionalcaps-p2 5b2066d16939a06a2c270f36f990383a861eebd8 link unknown /test pj-rehearse
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-disconnected-p2 5b2066d16939a06a2c270f36f990383a861eebd8 link unknown /test pj-rehearse
ci/rehearse/openshift/cloud-credential-operator/master/e2e-gcp-manual-oidc 5b2066d16939a06a2c270f36f990383a861eebd8 link unknown /test pj-rehearse

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@jianli-wei
Copy link
Contributor Author

Analyzed the above failures, none was caused by the PR.

Test name Comments
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-4.12-upgrade-from-stable-4.11-gcp-ipi-cco-manual-workload-identity-p1 INFO[2022-11-03T04:36:06Z] Step phase pre succeeded after 41m21s.
ci/prow/multi-arch-gen-valid GIT Automatic merge failed
ci/rehearse/openshift/origin/master/e2e-gcp-ovn INFO[2022-11-03T04:51:11Z] Step phase pre succeeded after 41m20s.
ci/rehearse/openshift/origin/release-4.6/e2e-agnostic-cmd INFO[2022-11-03T04:44:08Z] Step phase pre succeeded after 40m20s.
ci/rehearse/openshift/origin/master/e2e-gcp-image-ecosystem RRO[2022-11-03T04:07:49Z] could not run steps: step [release:latest] failed: release "release-latest" failed: the pod ci-op-hj71ft8v/release-latest failed after 59s (failed containers: release): ContainerFailed one or more containers exited
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-4.12-upgrade-from-stable-4.11-gcp-ipi-ovn-p1 INFO[2022-11-03T04:34:26Z] Step phase pre succeeded after 39m20s.
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-4.12-upgrade-from-stable-4.11-gcp-ipi-ovn-ipsec-p1 INFO[2022-11-03T04:36:15Z] Step phase pre succeeded after 41m30s.
ci/rehearse/openshift/gcp-filestore-csi-driver-operator/main/operator-e2e INFO[2022-11-03T04:59:38Z] Step phase pre succeeded after 46m11s.
ci/rehearse/operator-framework/operator-marketplace/master/e2e-gcp-serial INFO[2022-11-07T07:51:47Z] Step phase pre succeeded after 44m0s.
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-disconnected-private-ovn-p2 INFO[2022-11-07T08:10:36Z] Step phase pre succeeded after 1h11m11s.
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-cco-manual-workload-identity-p1 INFO[2022-11-07T07:55:05Z] Step phase pre succeeded after 55m31s.
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-baselinecaps-v411-additionalcaps-p2 INFO[2022-11-07T07:49:13Z] Step phase pre succeeded after 50m30s.
ci/rehearse/periodic-ci-openshift-openshift-tests-private-release-4.12-amd64-nightly-e2e-gcp-ipi-disconnected-p2 INFO[2022-11-07T08:17:56Z] Step phase pre succeeded after 1h18m31s.
ci/rehearse/openshift/cloud-credential-operator/master/e2e-gcp-manual-oidc 2022/11/07 07:11:23 Failed to create IAM service accounts: Failed while processing each CredentialsRequest: Failed to add predefined roles for IAM service account ci-op-7ndlflyk-edea3-openshift-image-registry-gcs: error setting project policy: googleapi: Error 409: There were concurrent policy changes. Please retry the whole read-modify-write with exponential backoff. The request's ETag '\007\005\354\334!X\024+' did not match the current policy's ETag '\007\005\354\334!\204\350\032'., aborted

@jianli-wei
Copy link
Contributor Author

/assign jianlinliu

@jianlinliu
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 8, 2022
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 9, 2022
@jianli-wei
Copy link
Contributor Author

/assign jianlinliu

@jianlinliu
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Nov 9, 2022
@jianlinliu
Copy link
Contributor

@vrutkovs can you help approve this PR.

@vrutkovs
Copy link
Member

vrutkovs commented Nov 9, 2022

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 9, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jianli-wei, jianlinliu, vrutkovs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 9, 2022
@jianlinliu
Copy link
Contributor

/label rehearsals-ack

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 9, 2022

@jianlinliu: The label(s) /label rehearsals-ack cannot be applied. These labels are supported: platform/aws, platform/azure, platform/baremetal, platform/google, platform/libvirt, platform/openstack, ga, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, px-approved, docs-approved, qe-approved, downstream-change-needed, approved, backport-risk-assessed, bugzilla/valid-bug, cherry-pick-approved, jira/valid-bug, staff-eng-approved. Is this label configured under labels -> additional_labels or labels -> restricted_labels in plugin.yaml?

In response to this:

/label rehearsals-ack

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jianlinliu
Copy link
Contributor

jianlinliu commented Nov 9, 2022
edited

/pj-rehearse ack

1 similar comment
@jianlinliu
Copy link
Contributor

/pj-rehearse ack

@openshift-ci-robot openshift-ci-robot added the rehearsals-ack Signifies that rehearsal jobs have been acknowledged label Nov 9, 2022
@openshift-merge-robot openshift-merge-robot merged commit 7088023 into openshift:master Nov 9, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 9, 2022

@jianli-wei: Updated the ci-operator-master-configs configmap in namespace ci at cluster app.ci using the following files:

  • key openshift-verification-tests-master__installer-rehearse-4.12.yaml using file ci-operator/config/openshift/verification-tests/openshift-verification-tests-master__installer-rehearse-4.12.yaml

In response to this:

  1. 4.12 epic CORS-2361 Deploy disconnected OpenShift cluster with Workload Identity on Google Cloud
  2. add the workflow cucushift-installer-rehearse-gcp-ipi-disconnected-private-cco-manual-workload-identity and provision & deprovision chains
  3. update the step gather-gcp-console to deal with private clusters

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@petr-muller petr-muller mentioned this pull request Nov 9, 2022
Closed
@jianli-wei jianli-wei deleted the gcp-disconnected-sts branch November 10, 2022 01:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jianlinliu jianlinliu jianlinliu left review comments

@shellyyang1989 shellyyang1989 Awaiting requested review from shellyyang1989

Assignees

@jianlinliu jianlinliu

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. rehearsals-ack Signifies that rehearsal jobs have been acknowledged
Projects
None yet
Milestone
No milestone
6 participants
@jianli-wei @jianlinliu @abutcher @vrutkovs @openshift-ci-robot @openshift-merge-robot