Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-19807

'oc adm release extract --include ...' obsoletes ccoctl's --enable-tech-preview


    • Moderate
    • No
    • False
    • Hide


    • N/A
    • Release Note Not Required

      Description of problem:

      ccoctl consumes CredentialsRequests extracted from OpenShift releases and manages secrets associated with those requests for the cluster. Over time, ccoctl has grown a number of CredentialRequest filters, including deletion annotations in CCO-175 and tech-preview annotations in cco#444.

      But with OTA-559, 4.14 and later oc adm release extract ... learned about an --included parameter, which allows oc to perform that "will the cluster need this credential?" filtering, and there is no longer a need for ccoctl to perform that filtering, or for ccoctl callers to have to think through "do I need to enable tech-preview CRs for this cluster or not?".

      Version-Release number of selected component (if applicable):

      4.14 and later.

      How reproducible:


      Steps to Reproduce:

      $ cat <<EOF >install-config.yaml 
      > apiVersion: v1
      > platform:
      >   gcp:
      >     dummy: data
      > featureSet: TechPreviewNoUpgrade
      > EOF
      $ oc adm release extract --included --credentials-requests --install-config install-config.yaml --to credentials-requests quay.io/openshift-release-dev/ocp-release:4.14.0-rc.2-x86_64
      $ ccoctl gcp create-all --dry-run --name=test --region=test --project=test --credentials-requests-dir=credentials-requests

      Actual results:

      ccoctl doesn't dry-run create the TechPreviewNoUpgrade openshift-cluster-api-gcp CredentialsRequest unless you pass it {--enable-tech-preview}}.

      Expected results:

      ccoctl does dry-run create the TechPreviewNoUpgrade openshift-cluster-api-gcp CredentialsRequest unless you pass it --enable-tech-preview=false.

      Additional info:

      Longer-term, we likely want to go through some phases of deprecating and maybe eventually removing --enable-tech-preview and the ccoctl-side filtering. But for now, I think we want to pivot to defaulting to true, so that anyone with existing flows that do not include the new --included extraction has an easy way to keep their workflow going (they can set --enable-tech-preview=false). And I think we should backport that to 4.14's ccoctl to simplify OSDOCS-4158's docs#62148. But we're close enough to 4.14's expected GA, that it's worth some consensus-building and alternative consideration, before trying to rush changes back to 4.14 branches.

            jstuever@redhat.com Jeremiah Stuever
            trking W. Trevor King
            Jianping Shu Jianping Shu
            0 Vote for this issue
            6 Start watching this issue