Skip to content

HOSTEDCP-1849: blocked-edges/4.15-HyperShiftKubeAPIPort443: Declare risk #5657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-bot merged 1 commit into from
Aug 2, 2024
Merged

HOSTEDCP-1849: blocked-edges/4.15-HyperShiftKubeAPIPort443: Declare risk #5657

openshift-merge-bot merged 1 commit into from
Aug 2, 2024

Conversation

@wking
Copy link
Member

@wking wking commented Aug 2, 2024
edited
Loading

Generated by writing the 4.15.17 risk by hand, and then copying it out to the other exposed releases with:

$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.15&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]15[.]\(1[8-9]\|2[0-4]\)$' | while read VERSION; do sed "s/4.15.17/${VERSION}/" blocked-edges/4.15.17-HyperShiftKubeAPIPort443.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort443.yaml"; done

After which I manually declared fixedIn for 4.15.25, which included OCPBUGS-37695.

I did not need to declare 4.16 risks, because f8316da (2024-06-06, #5352) landed early enough that no exposed 4.16 bake in update-recommendations from unexposed 4.15.(z<17) releases. For example:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.16.0-x86_64 | grep 'Created\|Upgrades'
Created:        2024-06-25T20:17:15Z
  Upgrades: 4.15.18, 4.16.0-ec.1, 4.16.0-ec.2, 4.16.0-ec.3, 4.16.0-ec.4, 4.16.0-ec.5, 4.16.0-ec.6, 4.16.0-rc.0, 4.16.0-rc.1, 4.16.0-rc.2, 4.16.0-rc.3, 4.16.0-rc.4, 4.16.0-rc.5, 4.16.0-rc.6, 4.16.0-rc.9

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Aug 2, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Aug 2, 2024
edited by openshift-ci bot
Loading

@wking: This pull request references HOSTEDCP-1849 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.17.0" version, but no target version was set.

Details

In response to this:

Generated by writing the 4.15.17 and 4.16.0 risks by hand, and then copying them out to the other exposed releases with:

$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.15&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]15[.]\(1[8-9]\|2[0-4]\)$' | while read VERSION; do sed "s/4.15.17/${VERSION}/" blocked-edges/4.15.17-HyperShiftKubeAPIPort433.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort433.yaml"; done
$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.16&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]16[.][1-5]$' | while read VERSION; do sed "s/4.16.0/${VERSION}/" blocked-edges/4.16.0-HyperShiftKubeAPIPort433.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort433.yaml"; done

After which I manually declared fixedIn for:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 2, 2024
@wking wking force-pushed the HyperShiftKubeAPIPort433 branch from e6a9a09 to de16293 Compare August 2, 2024 19:55
@wking wking changed the title HOSTEDCP-1849: blocked-edges/4.*-HyperShiftKubeAPIPort433: Declare risk HOSTEDCP-1849: blocked-edges/4.*-HyperShiftKubeAPIPort443: Declare risk Aug 2, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Aug 2, 2024
edited by openshift-ci bot
Loading

@wking: This pull request references HOSTEDCP-1849 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.17.0" version, but no target version was set.

Details

In response to this:

Generated by writing the 4.15.17 and 4.16.0 risks by hand, and then copying them out to the other exposed releases with:

$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.15&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]15[.]\(1[8-9]\|2[0-4]\)$' | while read VERSION; do sed "s/4.15.17/${VERSION}/" blocked-edges/4.15.17-HyperShiftKubeAPIPort443.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort443.yaml"; done
$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.16&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]16[.][1-5]$' | while read VERSION; do sed "s/4.16.0/${VERSION}/" blocked-edges/4.16.0-HyperShiftKubeAPIPort443.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort443.yaml"; done

After which I manually declared fixedIn for:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@wking wking force-pushed the HyperShiftKubeAPIPort433 branch from de16293 to b3a6c9c Compare August 2, 2024 20:07
@hongkailiu
Copy link
Member

hongkailiu commented Aug 2, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 2, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hongkailiu, wking

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@wking
Copy link
Member Author

wking commented Aug 2, 2024

/hold I can drop the 4.16s

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 2, 2024
@wking
blocked-edges/4.15-HyperShiftKubeAPIPort443: Declare risk
24b0e4f 
Generated by writing the 4.15.17 risk by hand, and then copying it out
to the other exposed releases with:

  $ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.15&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]15[.]\(1[8-9]\|2[0-4]\)$' | while read VERSION; do sed "s/4.15.17/${VERSION}/" blocked-edges/4.15.17-HyperShiftKubeAPIPort443.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort443.yaml"; done

After which I manually declared fixedIn for 4.15.25 [1], which included [2].

I did not need to declare 4.16 risks, because f8316da
(build-suggestions/4.16: Set minor_min to 4.15.17, 2024-06-06, openshift#5352)
landed early enough that no exposed 4.16 bake in
update-recommendations from unexposed 4.15.(z<17) releases.  For example:

  $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.16.0-x86_64 | grep 'Created\|Upgrades'
  Created:        2024-06-25T20:17:15Z
    Upgrades: 4.15.18, 4.16.0-ec.1, 4.16.0-ec.2, 4.16.0-ec.3, 4.16.0-ec.4, 4.16.0-ec.5, 4.16.0-ec.6, 4.16.0-rc.0, 4.16.0-rc.1, 4.16.0-rc.2, 4.16.0-rc.3, 4.16.0-rc.4, 4.16.0-rc.5, 4.16.0-rc.6, 4.16.0-rc.9

[1]: https://multi.ocp.releases.ci.openshift.org/releasestream/4-stable-multi/release/4.15.25
[2]: https://issues.redhat.com/browse/OCPBUGS-37695
@wking wking force-pushed the HyperShiftKubeAPIPort433 branch from b3a6c9c to 24b0e4f Compare August 2, 2024 20:31
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 2, 2024

New changes are detected. LGTM label has been removed.

@wking wking changed the title HOSTEDCP-1849: blocked-edges/4.*-HyperShiftKubeAPIPort443: Declare risk HOSTEDCP-1849: blocked-edges/4.15-HyperShiftKubeAPIPort443: Declare risk Aug 2, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Aug 2, 2024
edited by openshift-ci bot
Loading

@wking: This pull request references HOSTEDCP-1849 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the spike to target the "4.17.0" version, but no target version was set.

Details

In response to this:

Generated by writing the 4.15.17 risk by hand, and then copying it out to the other exposed releases with:

$ curl -s 'https://api.openshift.com/api/upgrades_info/graph?channel=candidate-4.15&arch=amd64' | jq -r '.nodes[] | .version' | grep '^4[.]15[.]\(1[8-9]\|2[0-4]\)$' | while read VERSION; do sed "s/4.15.17/${VERSION}/" blocked-edges/4.15.17-HyperShiftKubeAPIPort443.yaml > "blocked-edges/${VERSION}-HyperShiftKubeAPIPort443.yaml"; done

After which I manually declared fixedIn for 4.15.25, which included OCPBUGS-37695.

I did not need to declare 4.16 risks, because f8316da (2024-06-06, #5352) landed early enough that no exposed 4.16 bake in update-recommendations from unexposed 4.15.(z<17) releases. For example:

$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.16.0-x86_64 | grep 'Created\|Upgrades'
Created:        2024-06-25T20:17:15Z
 Upgrades: 4.15.18, 4.16.0-ec.1, 4.16.0-ec.2, 4.16.0-ec.3, 4.16.0-ec.4, 4.16.0-ec.5, 4.16.0-ec.6, 4.16.0-rc.0, 4.16.0-rc.1, 4.16.0-rc.2, 4.16.0-rc.3, 4.16.0-rc.4, 4.16.0-rc.5, 4.16.0-rc.6, 4.16.0-rc.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@wking
Copy link
Member Author

wking commented Aug 2, 2024

Testing the PromQL on a classic/standalone/non-HyperShift cluster (build02), it correctly judges "I'm not exposed to this risk":

image

@wking
Copy link
Member Author

wking commented Aug 2, 2024

I'd like to test on a HyperShift cluster too, but Cluster Bot is timing out on getting me one, and the PromQL I'm using is very similar to what we've used on previous risks like TechPreviewSignatureStoresInDefault and NetworkNodeIdentityWebhookUserConflict, so I'm fine with this merging without that being tested.

And before he clocked out, Hongkai LGTMed this. I'm confident in my subsequent removal of the 4.16 risks, so I'm unilaterally restoring the LGTM label to get this landed before the weekend.

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 2, 2024
@wking wking added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 9462067 into openshift:master Aug 2, 2024
@wking wking deleted the HyperShiftKubeAPIPort433 branch August 2, 2024 20:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LalatenduMohanty LalatenduMohanty Awaiting requested review from LalatenduMohanty

@PratikMahajan PratikMahajan Awaiting requested review from PratikMahajan

Assignees

@hongkailiu hongkailiu

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wking @openshift-ci-robot @hongkailiu