Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-1153

Remove legacy objects by adding tombstones

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • openshift-4.9
    • None
    • CLOUD Sprint 204, CLOUD Sprint 205, CLOUD Sprint 206

      The CVO have just implemented the ability to remove objects. (https://issues.redhat.com/browse/OTA-222)
      We should use this new functionality to remove anything that we created in previous releases that we no longer manage.

      https://issues.redhat.com/browse/OTA-395 identified a number of resources that we have left over, each of these will need a "tombstone" creating that requests deletion by the CVO.

      GROUP KIND NAME NAMESPACE Born In Last In YAML File
      cloudcredential.openshift.io CredentialsRequest openshift-machine-api openshift-cloud-credential-operator 4.1 4.1 0000_30_machine-api-operator_00_credentials-request.yaml
      apiextensions.k8s.io CustomResourceDefinition machinehealthchecks.healthchecking.openshift.io <none> 4.1 4.2 0000_30_machine-api-operator_07_machinehealthcheck.crd.yaml
      apiextensions.k8s.io CustomResourceDefinition machinedisruptionbudgets.healthchecking.openshift.io <none> 4.2 4.2 0000_30_machine-api-operator_08_machinedisruptionbudget.crd.yaml
      rbac.authorization.k8s.io ClusterRole machine-api-manager <none> 4.1 4.1 0000_30_machine-api-operator_08_rbac.yaml
      rbac.authorization.k8s.io ClusterRoleBinding machine-api-manager-rolebinding <none> 4.1 4.1 0000_30_machine-api-operator_08_rbac.yaml
      rbac.authorization.k8s.io RoleBinding machine-api-termination-handler openshift-machine-api 4.5 4.6 0000_30_machine-api-operator_09_rbac.yaml
      rbac.authorization.k8s.io Role machine-api-termination-handler openshift-machine-api 4.5 4.6 0000_30_machine-api-operator_09_rbac.yaml
      rbac.authorization.k8s.io Role cloud-provider-config-reader openshift-config 4.3 4.3 0000_30_machine-api-operator_09_rbac.yaml
      rbac.authorization.k8s.io RoleBinding machine-api-cloud-provider-config-reader openshift-config 4.3 4.3 0000_30_machine-api-operator_09_rbac.yaml
      v1 ConfigMap cluster-autoscaler-operator-ca openshift-machine-api 4.2 4.3 0000_50_cluster-autoscaler-operator_05_configmap.yaml
      monitoring.coreos.com PrometheusRule cluster-autoscaler-operator-rules openshift-machine-api 4.3 4.7 0000_50_cluster-autoscaler-operator_09_alertrules.yaml

      To remove the object, we will need to add the manifest back and ensure it has `release.openshift.io/delete: "true"` as an annotation, this will force CVO to delete it on a cluster if it exists.

      Eg.

      apiVersion: cloudcredential.openshift.io/v1
      kind: CredentialsRequest
      metadata: 
        name: openshift-machine-api
        namespace: openshift-cloud-credential-operator
        annotations: 
          release.openshift.io/delete: "true"
      

      Note, only the fields above are required, none of the actual spec/status are required, this is enough of the resource to create the tombstone.

      DoD:

      • When a cluster is upgraded to 4.9, if the resources listed in the above table, are removed by the CVO

      Docs:

      • This will need to be explicitly called out in the release notes as it is a removal of an API (MHC/MDB original APIs from release 4.1 - these have not been read from since 4.2)

              mimccune@redhat.com Michael McCune
              joelspeed Joel Speed
              Milind Yadav Milind Yadav
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: