-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.14.0
-
Moderate
-
No
-
False
-
-
N/A
-
Release Note Not Required
Description of problem:
The usage of "compute.platform.gcp.serviceAccount" needs to be clarified, and also the installation failure.
Version-Release number of selected component (if applicable):
4.14.0-0.nightly-2023-07-16-230237
How reproducible:
Always
Steps to Reproduce:
1. "openshift-install explain installconfig.compute.platform.gcp.serviceAccount" 2. "create cluster" with an existing install-config having the field configured
Actual results:
1. It tells "The provided service account will be attached to control-plane nodes...", although the field is under compute.platform.gcp. 2. The installation failed on creating install config, with error "service accounts only valid for master nodes, provided for worker nodes".
Expected results:
1. shall "explain" command tell the field "serviceAccount" under "installconfig.compute.platform.gcp"? 2. please clarify how "compute.platform.gcp.serviceAccount" should be used
Additional info:
FYI the corresponding PR: https://github.com/openshift/installer/pull/7308 $ openshift-install version openshift-install 4.14.0-0.nightly-2023-07-16-230237 built from commit c2d7db9d4eedf7b79fcf975f3cbd8042542982ca release image registry.ci.openshift.org/ocp/release@sha256:e31716b6f12a81066c78362c2f36b9f18ad51c9768bdc894d596cf5b0f689681 release architecture amd64 $ openshift-install explain installconfig.compute.platform.gcp.serviceAccount KIND: InstallConfig VERSION: v1RESOURCE: <string> ServiceAccount is the email of a gcp service account to be used for shared vpn installations. The provided service account will be attached to control-plane nodes in order to provide the permissions required by the cloud provider in the host project. $ openshift-install explain installconfig.controlPlane.platform.gcp.serviceAccount KIND: InstallConfig VERSION: v1RESOURCE: <string> ServiceAccount is the email of a gcp service account to be used for shared vpn installations. The provided service account will be attached to control-plane nodes in order to provide the permissions required by the cloud provider in the host project. $ yq-3.3.0 r test2/install-config.yaml platform gcp: projectID: openshift-qe region: us-central1 computeSubnet: installer-shared-vpc-subnet-2 controlPlaneSubnet: installer-shared-vpc-subnet-1 network: installer-shared-vpc networkProjectID: openshift-qe-shared-vpc $ yq-3.3.0 r test2/install-config.yaml credentialsMode Passthrough $ yq-3.3.0 r test2/install-config.yaml baseDomain qe1.gcp.devcluster.openshift.com $ yq-3.3.0 r test2/install-config.yaml metadata creationTimestamp: null name: jiwei-0718b $ yq-3.3.0 r test2/install-config.yaml compute - architecture: amd64 hyperthreading: Enabled name: worker platform: gcp: ServiceAccount: ipi-xpn-minpt-permissions@openshift-qe.iam.gserviceaccount.com tags: - preserved-ipi-xpn-compute replicas: 2 $ yq-3.3.0 r test2/install-config.yaml controlPlane architecture: amd64 hyperthreading: Enabled name: master platform: gcp: ServiceAccount: ipi-xpn-minpt-permissions@openshift-qe.iam.gserviceaccount.com tags: - preserved-ipi-xpn-control-plane replicas: 3 $ openshift-install create cluster --dir test2 ERROR failed to fetch Metadata: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: compute[0].platform.gcp.serviceAccount: Invalid value: "ipi-xpn-minpt-permissions@openshift-qe.iam.gserviceaccount.com": service accounts only valid for master nodes, provided for worker nodes $
- is related to
-
-
- Closed
-
- links to
-
RHEA-2023:5006
rpm