-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-31893 OCPBUGS-33919: 4.15 sync with master #929
OCPBUGS-31893 OCPBUGS-33919: 4.15 sync with master #929
Conversation
When setSriovNumVfs fails, the error is overwritten by the return error of RemoveUdevRule. If the latter function doesn't return an error (most cases), the reconciliation loop will report success even if vfs were not created/configured.
jq is a required tool in that script. Since we are not setting `-o pipefail`, the script can fail but exit with code 0 making the systemd service report success. This leaves the system in a bad state and user interaction is needed. Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
Field `SriovOperatorConfig.Spec.LogLevel` controls the verbosity of the operator logging system. This commit adjust the operator controller's log level to that field, as it happens in the config-daemon. Note: at the moment, every log calls in the controllers are using `V(0)`, so this commit is not supposed to change the aspect of a logfile. Further commits will change the level of some particular log calls. Log the current and new value for the logger according to what the user had set in the LogLevel field. Before this commit, a value of -2 would produce a misleading line: ``` Set log verbose level {"new-level": 0, "current-level": -2} ``` Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
`"log"` package can't be tuned to a quite mode. Avoid using `log.Printf(...)` in utility methods, as they create a lot of noise in the operator logs. Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
In `syncAllSriovNetworkNodeStates`, every node is looped for every SriovNetworkNodeState resource. This can produce up to `number_of_node^2` calls. Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
Move every log call that has no effect on the clsuter to verbosity level `1`. Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
Move every log call that has no effect on the clsuter to verbosity level `1`. Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
Using `@latest` for tools dependecies produces unrepeatable builds which might break at any point in time. This is particularly important when maintaining released versions which need a backport fix. Note: At the moment is not possible to reference the package `sigs.k8s.io/controller-runtime/tools/setup-envtest` with a specific version: ``` go: sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.16.3: module sigs.k8s.io/controller-runtime@v0.16.3 found, but does not contain package sigs.k8s.io/controller-runtime/tools/setup-envtest ``` See kubernetes-sigs/kubebuilder#2480 Ref: openshift#849 Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
A downstream merge [1][2] overrode the annotations in the config daemonset. This resulted in he sriov-network-config-daemon pod missing the `target.workload.openshift.io/management` annotation which led to the pod not being pinned to the management cores when workload partitioning is enabled. This is a downstream-only patch. [1] openshift#868 [2] commit 0f17753 Signed-off-by: Carlos Goncalves <cgoncalves@redhat.com>
This commits addresses an edge case where a nil object can occur while rendering a file. In that situation, in one of the places the renderer is used, it will try to add ownership to a nil object and fail. Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
This fix a crash: ``` DPANIC sriovnetwork webhook/validate.go:446 odd number of arguments passed as key-value pairs for logging {"ignored key": "10ed"} ```
Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
This commit changes the ENV variable that turns on the admission controllers to enable bundling of additional webhook related settings via the same prefix like certificate mode, CA etc. This is a cosmetic change. Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
This commit starts to make use of the new ADMISSION_CONTROLLERS__* environment variables when rendering manifests. It also adjusts the logic with which cert-manager related annotation is used. Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
This commit adjusts the manifests to use the new ADMISSION_CONTROLLERS__* environment variables and also adjusts the relevant documentation files to reflect the new changes. Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
Replace double underscores with underscores of admission controller related ENV variables to address feedback on the PR. Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
- Add webhook to image build target - use APP_NAME var in image name for consistency Signed-off-by: adrianc <adrianc@nvidia.com>
Signed-off-by: Vasilis Remmas <vremmas@nvidia.com>
Show which device is used in every test case. This information is useful when certificating specific device vendor. Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
PR [1] changed operator's environment variable `ENABLE_ADMISSION_CONTROLLER` to `ADMISSION_CONTROLLERS_ENABLED`. Also, the following environment variable have been introduced as a replacement of the constants: - `operator-webhook-service` -> `ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME` - `network-resources-injector-secret` -> `ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_SECRET_NAME` refs: [1] k8snetworkplumbingwg/sriov-network-operator#561 Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
``` find . -not -path "./vendor*" -type f -print0 | xargs -0 sed -i 's/4\.15/4.16/g' make -f Makefile.bundle bundle ``` Signed-off-by: Andrea Panattoni <apanatto@redhat.com>
Signed-off-by: Sebastian Sch <sebassch@gmail.com>
like openstack and openshift add interfaces and mocks for better unit test Signed-off-by: Sebastian Sch <sebassch@gmail.com>
for example MLX special mstconfig wrapper and create mock for unit tests Signed-off-by: Sebastian Sch <sebassch@gmail.com>
…kage create also interfaces for everything so we can have better unit tests coverage Signed-off-by: Sebastian Sch <sebassch@gmail.com>
Change the `kubeVersion` constraint to permit pre-release versions as per: https://helm.sh/docs/chart_template_guide/function_list/#working-with-prerelease-versions
@SchSeba: This pull request references Jira Issue OCPBUGS-25423, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-25423, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/jira refresh |
@SchSeba: This pull request references Jira Issue OCPBUGS-33919, which is valid. 7 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
/label cherry-pick-approved |
0fb72f7
into
openshift:release-4.15
@SchSeba: Jira Issue OCPBUGS-33919: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-33919 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
[ART PR BUILD NOTIFIER] This PR has been included in build sriov-network-webhook-container-v4.15.0-202405200237.p0.g0fb72f7.assembly.stream.el9 for distgit sriov-network-webhook. |
[ART PR BUILD NOTIFIER] This PR has been included in build sriov-network-operator-container-v4.15.0-202405200237.p0.g0fb72f7.assembly.stream.el9 for distgit sriov-network-operator. |
[ART PR BUILD NOTIFIER] This PR has been included in build sriov-network-config-daemon-container-v4.15.0-202405200237.p0.g0fb72f7.assembly.stream.el9 for distgit sriov-network-config-daemon. |
skip commits on backport
Change behavior when deleting default config
65bb984
sriovOperatorconfig controller - dont create default config
45e4876
Dont create default operator config in main
add3554
remove EnableAdmissionController from vars
9fc63fa
remove use of ADMISSION_CONTROLLERS_ENABLED in test
7f3ecd0
Remove the creation of default SriovNetworkNodePolicy
dc8c040
small security improvements
0e821f2
change operator webhook image to non root user
bd69409
support switching resource injector webhook to Fail
56454db
Fix resource injector for pods wihtout annotation
74e3501
resourceInjectorMatchCondition documentation
0253817