Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-14027

[gcp] IPI installation to a shared VPC with 'credentialsMode: Manual' failed, due to no IAM service accounts for control-plane machines and compute machines

    XMLWordPrintable

Details

    • Moderate
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

    Description

      This is a clone of issue OCPBUGS-11921. The following is the description of the original issue:

      Description of problem:

      IPI installation to a shared VPC with 'credentialsMode: Manual' failed, due to no IAM service accounts for control-plane machines and compute machines

      Version-Release number of selected component (if applicable):

      4.13.0-0.nightly-2023-04-18-005127

      How reproducible:

      Always

      Steps to Reproduce:

      1. "create install-config", and then insert interested settings in install-config.yaml
2. "create manifests"
3. run "ccoctl" to create the required credentials
4. grant the above IAM service accounts the required permissions in the host project (see https://github.com/openshift/openshift-docs/pull/58474)
5. "create cluster"

      Actual results:

      The installer doesn't create the 2 IAM service accounts, one for control-plane machine and another for compute machine, so that no compute machine getting created, which leads to installation failure.

      Expected results:

      The installation should succeed.

      Additional info:

      FYI https://issues.redhat.com/browse/OCPBUGS-11605
$ gcloud compute instances list --filter='name~jiwei-0418'
NAME                        ZONE           MACHINE_TYPE   PREEMPTIBLE  INTERNAL_IP  EXTERNAL_IP  STATUS
jiwei-0418a-9kvlr-master-0  us-central1-a  n2-standard-4               10.0.0.62                 RUNNING
jiwei-0418a-9kvlr-master-1  us-central1-b  n2-standard-4               10.0.0.58                 RUNNING
jiwei-0418a-9kvlr-master-2  us-central1-c  n2-standard-4               10.0.0.29                 RUNNING
$ gcloud iam service-accounts list --filter='email~jiwei-0418'
DISPLAY NAME                                                     EMAIL                                                                DISABLED
jiwei-0418a-14589-openshift-image-registry-gcs                   jiwei-0418a--openshift-i-zmwwh@openshift-qe.iam.gserviceaccount.com  False
jiwei-0418a-14589-openshift-machine-api-gcp                      jiwei-0418a--openshift-m-5cc5l@openshift-qe.iam.gserviceaccount.com  False
jiwei-0418a-14589-cloud-credential-operator-gcp-ro-creds         jiwei-0418a--cloud-crede-p8lpc@openshift-qe.iam.gserviceaccount.com  False
jiwei-0418a-14589-openshift-gcp-ccm                              jiwei-0418a--openshift-g-bljz6@openshift-qe.iam.gserviceaccount.com  False
jiwei-0418a-14589-openshift-ingress-gcp                          jiwei-0418a--openshift-i-rm4vz@openshift-qe.iam.gserviceaccount.com  False
jiwei-0418a-14589-openshift-cloud-network-config-controller-gcp  jiwei-0418a--openshift-c-6dk7g@openshift-qe.iam.gserviceaccount.com  False
jiwei-0418a-14589-openshift-gcp-pd-csi-driver-operator           jiwei-0418a--openshift-g-pjn24@openshift-qe.iam.gserviceaccount.com  False
$

       

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-11605 GCP Shared VPC (XPN) Allows Manual CredentialsMode

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-11921 [gcp] IPI installation to a shared VPC with 'credentialsMode: Manual' failed, due to no IAM service accounts for control-plane machines and compute machines

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-11921 [gcp] IPI installation to a shared VPC with 'credentialsMode: Manual' failed, due to no IAM service accounts for control-plane machines and compute machines

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/installer#7204: [release-4.13] OCPBUGS-14027: GCP XPN: Pass instance service acct in manual mode

          Activity

            People

              Unassigned Unassigned
              openshift-crt-jira-prow OpenShift Prow Bot
              Jianli Wei Jianli Wei
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: