Description of problem:
After upgrading to 4.11.3 from 4.10.43, the packageserver's pods's `seccompProfile` weren't updated.
Seems like this https://github.com/openshift/operator-framework-olm/blob/release-4.11/scripts/packageserver-deployment.patch.yaml wasn't triggered.
MacBook-Pro:~ jianzhang$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.3 True False 80m Cluster version is 4.11.3 MacBook-Pro:~ jianzhang$ oc get pods NAME READY STATUS RESTARTS AGE catalog-operator-d48b5b797-pkwc8 1/1 Running 0 103m collect-profiles-27700605-w8hgp 0/1 Completed 0 31m collect-profiles-27700620-hg56j 0/1 Completed 0 16m collect-profiles-27700635-fjk9l 0/1 Completed 0 118s olm-operator-65784cbbc8-lvl59 1/1 Running 0 103m package-server-manager-6cf68dbd6b-rvlq7 1/1 Running 0 103m packageserver-6766444545-gntkv 1/1 Running 0 103m packageserver-6766444545-xgh6h 1/1 Running 0 97m MacBook-Pro:~ jianzhang$ oc get pods packageserver-6766444545-gntkv -o yaml|grep seccompProfile MacBook-Pro:~ jianzhang$ oc get csv packageserver -o yaml|grep seccompProfile MacBook-Pro:~ jianzhang$ MacBook-Pro:~ jianzhang$ oc get pods packageserver-6766444545-gntkv -o yaml|grep seccompProfile MacBook-Pro:~ jianzhang$ oc get csv NAME DISPLAY VERSION REPLACES PHASE packageserver Package Server 0.18.3 Succeeded MacBook-Pro:~ jianzhang$ oc exec packageserver-6766444545-gntkv -- olm --version OLM version: 0.19.0 git commit: 8a984d41acc67c0bc9bfe807fadeef23f83abd44
Version-Release number of selected component (if applicable):
4.11
How reproducible:
always
Steps to Reproduce:
1. Install OCP 4.9 MacBook-Pro:~ jianzhang$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.9.47 True False 16m Cluster version is 4.9.47 2. Upgrade it to 4.10 and 4.11 MacBook-Pro:~ jianzhang$ oc adm upgrade --to 4.10.30 Requesting update to 4.10.30 MacBook-Pro:~ jianzhang$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.10.30 True False 12m Cluster version is 4.10.30 MacBook-Pro:~ jianzhang$ oc adm upgrade --to 4.11.3 Requesting update to 4.11.3 MacBook-Pro:~ jianzhang$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.3 True False 80m Cluster version is 4.11.3 3. check packageserver resource if were updated correctly.
Actual results:
1, Packageserver pods' `seccompProfile` wasn't updated, this will block the upgrading to 4.12. Such as, https://issues.redhat.com/browse/OCPBUGS-575
MacBook-Pro:~ jianzhang$ oc get pods packageserver-6766444545-gntkv -o yaml|grep seccompProfile MacBook-Pro:~ jianzhang$ oc get csv packageserver -o yaml|grep seccompProfile MacBook-Pro:~ jianzhang$ MacBook-Pro:~ jianzhang$ oc get pods packageserver-6766444545-gntkv -o yaml|grep seccompProfile
2, OLM doesn't report any issues.
MacBook-Pro:~ jianzhang$ oc get co NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE authentication 4.11.3 True False False 110m baremetal 4.11.3 True False False 5h1m cloud-controller-manager 4.11.3 True False False 5h3m cloud-credential 4.11.3 True False False 5h2m cluster-autoscaler 4.11.3 True False False 5h1m config-operator 4.11.3 True False False 5h2m console 4.11.3 True False False 113m csi-snapshot-controller 4.11.3 True False False 3h49m dns 4.11.3 True False False 5h1m etcd 4.11.3 True False False 5h image-registry 4.11.3 True False False 4h51m ingress 4.11.3 True False False 4h50m insights 4.11.3 True False False 4h49m kube-apiserver 4.11.3 True False False 4h51m kube-controller-manager 4.11.3 True False False 5h kube-scheduler 4.11.3 True False False 5h kube-storage-version-migrator 4.11.3 True False False 112m machine-api 4.11.3 True False False 4h50m machine-approver 4.11.3 True False False 5h1m machine-config 4.11.3 True False False 5h marketplace 4.11.3 True False False 5h1m monitoring 4.11.3 True False False 4h50m network 4.11.3 True False False 5h3m node-tuning 4.11.3 True False False 135m openshift-apiserver 4.11.3 True False False 4h51m openshift-controller-manager 4.11.3 True False False 5h1m openshift-samples 4.11.3 True False False 135m operator-lifecycle-manager 4.11.3 True False False 5h2m operator-lifecycle-manager-catalog 4.11.3 True False False 5h2m operator-lifecycle-manager-packageserver 4.11.3 True False False 3h45m service-ca 4.11.3 True False False 5h2m storage 4.11.3 True False False 4h51m MacBook-Pro:~ jianzhang$ oc get co operator-lifecycle-manager-packageserver -o yaml apiVersion: config.openshift.io/v1 kind: ClusterOperator metadata: annotations: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" creationTimestamp: "2022-09-01T08:22:34Z" generation: 1 name: operator-lifecycle-manager-packageserver ownerReferences: - apiVersion: config.openshift.io/v1 kind: ClusterVersion name: version uid: 1d8dcbbf-36b9-494b-8297-ac8d0d8a2b47 resourceVersion: "110012" uid: 781c4cf3-3ebc-447b-a908-9e5f45d210a2 spec: {} status: conditions: - lastTransitionTime: "2022-09-01T08:24:59Z" status: "False" type: Degraded - lastTransitionTime: "2022-09-01T09:41:07Z" message: ClusterServiceVersion openshift-operator-lifecycle-manager/packageserver observed in phase Succeeded reason: ClusterServiceVersionSucceeded status: "True" type: Available - lastTransitionTime: "2022-09-01T11:15:57Z" message: Deployed version 0.18.3 status: "False" type: Progressing - lastTransitionTime: "2022-09-01T08:25:00Z" message: Safe to upgrade status: "True" type: Upgradeable extension: null relatedObjects: - group: "" name: openshift-operator-lifecycle-manager resource: namespaces - group: operators.coreos.com name: packageserver namespace: openshift-operator-lifecycle-manager resource: clusterserviceversions versions: - name: operator version: 4.11.3 - name: packageserver version: 0.18.3
Expected results:
1. The Packageserver pods' `seccompProfile.Type` should be updated to `RuntimeDefault` according to https://github.com/openshift/operator-framework-olm/blob/release-4.11/scripts/packageserver-deployment.patch.yaml 2. OLM should raise issue if the packageserver deployments are not updated.
Additional info:
I installed a fresh 4.11.3 cluster, I can see the packageserver pods' seccompProfile.Type was updated correctly. As follows, so I guess this https://github.com/openshift/operator-framework-olm/blob/release-4.11/scripts/packageserver-deployment.patch.yaml was not trigged during upgrading to 4.11 from 4.10.
MacBook-Pro:~ jianzhang$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.11.3 True False 18m Cluster version is 4.11.3 MacBook-Pro:~ jianzhang$ oc get pods NAME READY STATUS RESTARTS AGE catalog-operator-6556578f6f-w92db 1/1 Running 0 30m collect-profiles-27700650-fx5cw 0/1 Completed 0 25m collect-profiles-27700665-plv6k 0/1 Completed 0 10m olm-operator-797c566b5b-5cvv6 1/1 Running 0 30m package-server-manager-75c99f87bd-njslw 1/1 Running 0 30m packageserver-7859bf5bb5-69vxn 1/1 Running 0 28m packageserver-7859bf5bb5-k6ksj 1/1 Running 0 28m MacBook-Pro:~ jianzhang$ oc get pods packageserver-7859bf5bb5-69vxn -o yaml|grep seccompProfile -A3 seccompProfile: type: RuntimeDefault serviceAccount: olm-operator-serviceaccount serviceAccountName: olm-operator-serviceaccount
- is caused by
-
OCPBUGS-858 package-server-manager does not migrate packageserver CSV from v0.17.0 to v0.18.3 on OCP 4.8 -> 4.9 upgrade
- Closed