User Story

As an openshift maintainer I want our build tooling to produce the gcr credential provider plugin so that it can be distributed in RHCOS to be used by kubelet.

Background

We need to ship the gcr credential provider via an rpm, so it is available to kubelet when it first starts.

Now we have a working RPM we need to include it in the RCHOS builds by default, so kubelet can utilise it.

A working example for AWS is provided in this PR: https://github.com/openshift/os/pull/ 1416

Important: This is blocked on the PR to `ocp-build-data` being merged, (creating the production ART build) and the package being synced to the CI mirror. This can take a day to sync as it happens overnight.

This step (including the image in RCHOS) breaks a bunch of downstream builds. To avoid other build systems from needing to build the RPM we can promote the one built by CI into the o/k artifacts image.

This is a two step process, and requires changing the CI for the cloud provider, as well as o/k.

Example PR: https://github.com/openshift/release/pull/48496 and https://github.com/openshift/release/pull/48266

We also want to include the RPM in the ansible playbooks that spin up the RHEL worker nodes. This required updating a yaml file in `openshift-ansible`: https://github.com/openshift/openshift-ansible/commit/2956dc04c1dba86919c110f403620c22d7a2ed51 

Steps

• Update `packages-openshift.yaml` in openshift/release to reference the newly built RPM (brew production build name)
• Update the CI for cloud-provider-gcp to promote the built RPMs to their own image stream, e.g `cloud-provider-gcp-rpms`
• Update O/K CI to pull the RPMs from `cloud-provider-gcp-rpms` into the artifacts image.
• Notify OKD (Reach out to Vadim Rutkovsky and Christian Glombek) as they'll need to update their jobs to stop builds failing.
• Update openshift-ansible to include the package as a required node package

Stakeholders

• cluster-infra
• workloads team
• OKD

Definition of Done

• PR to `openshift/os`

• Docs

• N.A

• Testing

• N.A