Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.16.z
Affects Version/s: 4.13.z, 4.14.z
Component/s: Cloud Credential Operator
Labels:
- gcp
- pre-merge-tested

Severity:
Moderate
Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, when the Cloud Credential Operator checked if passthrough mode permissions were correct, the Operator sometimes received a response from the {gcp-first} API about an invalid permission for a project. This bug caused the Operator to enter a degraded state that in turn impacted the installation of the cluster. With this release, the Cloud Credential Operator checks specifically for this error so that it diagnoses it separately without impacting the installation of the cluster. (link:https://issues.redhat.com/browse/OCPBUGS-36834[*~~OCPBUGS-36834~~*])

Show
* Previously, when the Cloud Credential Operator checked if passthrough mode permissions were correct, the Operator sometimes received a response from the {gcp-first} API about an invalid permission for a project. This bug caused the Operator to enter a degraded state that in turn impacted the installation of the cluster. With this release, the Cloud Credential Operator checks specifically for this error so that it diagnoses it separately without impacting the installation of the cluster. (link: https://issues.redhat.com/browse/OCPBUGS-36834 [* OCPBUGS-36834 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.16.z
Target Backport Versions:

4.13.z, 4.14.z, 4.15.z, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue ~~OCPBUGS-36140~~. The following is the description of the original issue:
—
Description of problem:

GCP private cluster with CCO Passthrough mode failed to install due to CCO degraded.
status:  
conditions:  - lastTransitionTime: "2024-06-24T06:04:39Z"    message: 1 of 7 credentials requests are failing to sync.    reason: CredentialsFailing    status: "True"    type: Degraded

Version-Release number of selected component (if applicable):

4.13.0-0.nightly-2024-06-21-203120

How reproducible:

Always

Steps to Reproduce:

    1.Create GCP private cluster with CCO Passthrough mode, flexy template is private-templates/functionality-testing/aos-4_13/ipi-on-gcp/versioned-installer-xpn-private     
    2.Wait for cluster installation

Actual results:

jianpingshu@jshu-mac ~ % oc get clusterversionNAME      VERSION   AVAILABLE   PROGRESSING   SINCE   STATUSversion             False       False         23m     Error while reconciling 4.13.0-0.nightly-2024-06-21-203120: the cluster operator cloud-credential is degraded

status:  
conditions:  - lastTransitionTime: "2024-06-24T06:04:39Z"    message: 1 of 7 credentials requests are failing to sync.    reason: CredentialsFailing    status: "True"    type: Degraded

jianpingshu@jshu-mac ~ % oc -n openshift-cloud-credential-operator get -o json credentialsrequests | jq -r '.items[] | select(tostring | contains("InfrastructureMismatch") | not) | .metadata.name as $n | .status.conditions // [{type: "NoConditions"}] | .[] | .type + "=" + .status + " " + $n + " " + .reason + ": " + .message' | sortCredentialsProvisionFailure=True cloud-credential-operator-gcp-ro-creds CredentialsProvisionFailure: failed to grant creds: error while validating permissions: error testing permissions: googleapi: Error 400: Permission commerceoffercatalog.agreements.list is not valid for this resource., badRequest
NoConditions= openshift-cloud-network-config-controller-gcp :
NoConditions= openshift-gcp-ccm :
NoConditions= openshift-gcp-pd-csi-driver-operator :
NoConditions= openshift-image-registry-gcs :
NoConditions= openshift-ingress-gcp :
NoConditions= openshift-machine-api-gcp :

Expected results:

Cluster installed successfully without degrade

Additional info:

Some problem PROW CI tests: 
https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.14-multi-nightly-gcp-ipi-user-labels-tags-filestore-csi-tp-arm-f14/1805064266043101184
https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-4.14-upgrade-from-stable-4.13-gcp-ipi-xpn-fips-f28/1804676149503070208

blocks

OCPBUGS-37288 GCP cluster with CCO Passthrough mode failed to install due to CCO degraded

Closed

clones

OCPBUGS-36140 GCP cluster with CCO Passthrough mode failed to install due to CCO degraded

Closed

is blocked by

OCPBUGS-36140 GCP cluster with CCO Passthrough mode failed to install due to CCO degraded

Closed

is cloned by

OCPBUGS-37288 GCP cluster with CCO Passthrough mode failed to install due to CCO degraded

Closed

links to

openshift/cloud-credential-operator#714: [release-4.16] OCPBUGS-36834: GCP passthrough permissions check to ignore problematic permissions.

RHBA-2024:4855 OpenShift Container Platform 4.16.z bug fix update

(1 links to)

Assignee:: Jeremiah Stuever

Reporter:: OpenShift Prow Bot

QA Contact:: Jianping Shu

Contributors:: Jianli Wei

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/07/10 4:58 PM

Updated:: 2024/07/31 1:08 PM

Resolved:: 2024/07/31 1:08 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates