Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 4.14.0
Affects Version/s: 4.13
Component/s: Installer / openshift-installer
Labels:
- pre-merge
- triaged

Severity:
Important
Regression:
No
Story Points:
0
Sprint:
Sprint 240, Sprint 241, Sprint 242
sprint_count:
3
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Previously, shared VPC installations on GCP using passthrough credentials mode could fail because the installation program used credentials from the default service account. With this update, you can specify another service account to use for node creation instead of the default. (link:https://issues.redhat.com/browse/OCPBUGS-15421[*~~OCPBUGS-15421~~*])

Show
Previously, shared VPC installations on GCP using passthrough credentials mode could fail because the installation program used credentials from the default service account. With this update, you can specify another service account to use for node creation instead of the default. (link: https://issues.redhat.com/browse/OCPBUGS-15421 [* OCPBUGS-15421 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.14.0

SFDC Cases Counter:
SFDC Cases Links:

Description of problem:

When authenticating openshift-install with the gcloud cli, rather than using a service account key file, the installer will throw an error because https://github.com/openshift/installer/blob/master/pkg/asset/machines/gcp/machines.go#L170-L178 ALWAYS expects to extract a service account to passthrough to nodes in XPN installs. 

An alternative approach would be to handle the lack of service account without error, and allow the required service accounts to passed in through another mechanism.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1. Create install config for gcp xpn install
2. Authenticate installer without service account key file (either gcloud cli auth or through a VM).
3.

Actual results:

Expected results:

Additional info:

is depended on by

OCPBUGS-19670 GCP XPN Installs fail when authenticating with CLI

Closed

is related to

OCPBUGS-17757 GCP CLI authentication should only be allowed in manual mode

Closed

relates to

OCPBUGS-16292 [gcp] questions about "compute.platform.gcp.serviceAccount"

Closed

OCPSTRAT-260 Extend Installer's capabilities while deploying OCP to a shared VPC in GCP

Backlog

links to

openshift/installer#7308: OCPBUGS-15421: Allow different service account for xpn installs in gcp

RHSA-2023:5006 OpenShift Container Platform 4.14.z security update

(1 links to)

Assignee:: Brent Barbachem

Reporter:: Patrick Dillon

QA Contact:: Jianli Wei

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2023/06/26 1:23 PM

Updated:: 2023/10/31 1:43 PM

Resolved:: 2023/10/31 1:43 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates