Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-21764

4.14 no-op: Redundant rolebinding default-account-openshift-machine-config-operator in manifest

XMLWordPrintable

    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      In the 4.12 to 4.13 upgrade, I'm seeing rbac was re-creating rolebinding default-account-openshift-machine-config-operator after CVO deleted it. Looking at the 4.13 manifests, # grep -r default-account-openshift-machine-config-operator manifests/
manifests/0000_80_machine-config-operator_03_rbac.yaml:  name: default-account-openshift-machine-config-operator
manifests/0000_90_machine-config-operator_90_deletion.yaml:  name: default-account-openshift-machine-config-operator

We have 2 manifest files containing rolebinding default-account-openshift-machine-config-operator. 

# cat manifests/0000_90_machine-config-operator_90_deletion.yaml
# keep default for upgrading purposes, need to delete the existing role:
# https://github.com/openshift/enhancements/blob/master/dev-guide/cluster-version-operator/dev/object-deletion.md
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: default-account-openshift-machine-config-operator
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    include.release.openshift.io/single-node-developer: "true"
    release.openshift.io/delete: "true"
subjects:
- kind: ServiceAccount
  name: default
  namespace: openshift-machine-config-operator
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io

# cat manifests/0000_80_machine-config-operator_03_rbac.yaml
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: default-account-openshift-machine-config-operator
  annotations:
    include.release.openshift.io/ibm-cloud-managed: "true"
    include.release.openshift.io/self-managed-high-availability: "true"
    include.release.openshift.io/single-node-developer: "true"
subjects:
- kind: ServiceAccount
  name: default
  namespace: openshift-machine-config-operator
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
---
...

      Version-Release number of selected component (if applicable):

      4.13.0-0.nightly-2023-10-14-180128

      How reproducible:

      1/1

      Steps to Reproduce:

      1. Install a 4.12 cluster
2. Upgrade to 4.13
3.

      Actual results:

      rbac was re-creating rolebinding default-account-openshift-machine-config-operator after CVO deleted it

      Expected results:

      Either rolebinding default-account-openshift-machine-config-operator is kept or deleted during upgrade

      Additional info:

      CVO log:
yangyang:logs/ $ grep "default-account-openshift-machine-config-operator" current.log | grep -v 'throt\|syn' 
2023-10-16T07:50:11.793218573Z I1016 07:50:11.793011       1 helper.go:65] Delete requested for clusterrolebinding "default-account-openshift-machine-config-operator".
2023-10-16T07:50:27.174318546Z I1016 07:50:27.174296       1 upgradeable.go:276] Resource deletions in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"
2023-10-16T07:50:27.174318546Z I1016 07:50:27.174307       1 upgradeable.go:92] Upgradeability condition failed (type='UpgradeableDeletesInProgress' reason='ResourceDeletesInProgress' message='Cluster minor level upgrades are not allowed while resource deletions are in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"')
2023-10-16T07:53:49.857739011Z I1016 07:53:49.857719       1 rbac.go:20] ClusterRoleBinding default-account-openshift-machine-config-operator not found, creating
2023-10-16T07:54:24.198266419Z I1016 07:54:24.198225       1 helper.go:116] Delete of clusterrolebinding "default-account-openshift-machine-config-operator" has already been requested.
2023-10-16T07:56:12.484953693Z I1016 07:56:12.484945       1 upgradeable.go:276] Resource deletions in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"
2023-10-16T07:56:12.484969666Z I1016 07:56:12.484961       1 upgradeable.go:92] Upgradeability condition failed (type='UpgradeableDeletesInProgress' reason='ResourceDeletesInProgress' message='Cluster minor level upgrades are not allowed while resource deletions are in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"')
2023-10-16T07:58:51.702458434Z I1016 07:58:51.702408       1 helper.go:116] Delete of clusterrolebinding "default-account-openshift-machine-config-operator" has already been requested.
2023-10-16T08:00:08.288021985Z I1016 08:00:08.287915       1 upgradeable.go:276] Resource deletions in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"
2023-10-16T08:00:08.288021985Z I1016 08:00:08.287923       1 upgradeable.go:92] Upgradeability condition failed (type='UpgradeableDeletesInProgress' reason='ResourceDeletesInProgress' message='Cluster minor level upgrades are not allowed while resource deletions are in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"')
2023-10-16T08:03:11.306674558Z I1016 08:03:11.306628       1 helper.go:116] Delete of clusterrolebinding "default-account-openshift-machine-config-operator" has already been requested.
2023-10-16T08:04:04.091715354Z I1016 08:04:04.091697       1 upgradeable.go:276] Resource deletions in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"
2023-10-16T08:04:04.091720359Z I1016 08:04:04.091715       1 upgradeable.go:92] Upgradeability condition failed (type='UpgradeableDeletesInProgress' reason='ResourceDeletesInProgress' message='Cluster minor level upgrades are not allowed while resource deletions are in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"')
2023-10-16T08:07:34.716291970Z I1016 08:07:34.715748       1 helper.go:116] Delete of clusterrolebinding "default-account-openshift-machine-config-operator" has already been requested.
2023-10-16T08:07:59.894596953Z I1016 08:07:59.894580       1 upgradeable.go:276] Resource deletions in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"
2023-10-16T08:07:59.894610428Z I1016 08:07:59.894597       1 upgradeable.go:92] Upgradeability condition failed (type='UpgradeableDeletesInProgress' reason='ResourceDeletesInProgress' message='Cluster minor level upgrades are not allowed while resource deletions are in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"')
2023-10-16T08:11:55.698060791Z I1016 08:11:55.698049       1 upgradeable.go:276] Resource deletions in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"
2023-10-16T08:11:55.698066857Z I1016 08:11:55.698059       1 upgradeable.go:92] Upgradeability condition failed (type='UpgradeableDeletesInProgress' reason='ResourceDeletesInProgress' message='Cluster minor level upgrades are not allowed while resource deletions are in progress; resources=clusterrolebinding "default-account-openshift-machine-config-operator"')
2023-10-16T08:11:58.368609754Z I1016 08:11:58.368564       1 helper.go:116] Delete of clusterrolebinding "default-account-openshift-machine-config-operator" has already been requested.

            trking W. Trevor King
            yanyang@redhat.com Yang Yang
            Sergio Regidor de la Rosa Sergio Regidor de la Rosa
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: