-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
4.12.z, 4.11.z, 4.10.z
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
No
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Serverless operator upgrade fails with "Service account is owned by another ClusterServiceVersion". This error can be seen on the ClusterServiceVersion resource.
Version-Release number of selected component (if applicable):
4.12.15, 4.10.59
How reproducible:
This error is intermittent. It's probably a race condition. A similar error was reported in the past: https://bugzilla.redhat.com/show_bug.cgi?id=1934080
Steps to Reproduce:
1. Create namespace and operatorgroup for the operator: oc create namespace openshift-serverless cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: serverless namespace: openshift-serverless EOF 2. Install the previous version of Serverless operator (version 1.27): cat <<EOF | oc apply -f - apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: serverless-operator namespace: openshift-serverless spec: channel: stable name: serverless-operator source: redhat-operators sourceNamespace: openshift-marketplace installPlanApproval: Manual startingCSV: serverless-operator.v1.27.0 EOF 3. Approve the CSV via UI or by approving the given InstallPlan in the openshift-serverless namespace. 4. Then, wait for the Serverless 1.28 to be offered, perform the upgrade by approving the CSV again.
Actual results:
The ClusterServiceVersion shows this status:
"requirementStatus": [
...
{
"group": "",
"kind": "ServiceAccount",
"message": "Service account is owned by another ClusterServiceVersion",
"name": "knative-openshift",
"status": "PresentNotSatisfied",
"version": "v1"
},
{
"group": "",
"kind": "ServiceAccount",
"message": "Service account is owned by another ClusterServiceVersion",
"name": "knative-operator",
"status": "PresentNotSatisfied",
"version": "v1"
},
{
"group": "",
"kind": "ServiceAccount",
"message": "Service account is owned by another ClusterServiceVersion",
"name": "knative-openshift-ingress",
"status": "PresentNotSatisfied",
"version": "v1"
}
]
Expected results:
The ClusterServiceVersion is ready, without errors.
Additional info:
We have seen this error on both OCP 4.10 and 4.12. It happens in the scenario described above when performing a first upgrade. This was seen e.g. here on OCP 4.10: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-knative-serverless-operator-main-4.10-upgrade-tests-aws-ocp-410-continuous/1655392361728970752 (I'm attaching must-gather logs from this run) It also happens (more often) during a second upgrade (after performing downgrade). Examples: OCP 4.10: https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-knative-serverless-operator-main-4.10-upgrade-tests-aws-ocp-410-continuous/1657385277863235584 OCP 4.12 https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/periodic-ci-openshift-knative-serverless-operator-main-4.12-upgrade-tests-aws-ocp-412-continuous/1657928885674708992 When performing downgrade the steps from the reproducer are performed twice, but in the meantime the operator is completely uninstalled using these steps: * Delete Subscription * Delete ClusterServiceVersion * Delete the operator namespace openshift-serverless