[release-4.15] OCPBUGS-26208: openshift/manifests: CloudCredential capability for CredentialsRequest #295
Conversation
(cherry picked from commit 298f12a)
This makes the build of setup-envtest consistent with the other tools built in hack/tools. By moving the dependency to go.mod, it also allows the build to work correctly when using enforced vendoring. (cherry picked from commit 757c7e6) Conflicts: hack/tools/go.sum
The primary purpose of this change is to enable running the envtests in environments where neither $XDG_DATA_HOME nor $HOME are set. Additionally, by executing setup-envtest explicitly in the `test` rule rather than in a global variable definition, we: * Only run it when it's required * Log its execution and output (cherry picked from commit c076ff9)
(cherry picked from commit 1dd7990)
CARRY: Fix vendoring
This is required for it to be included in the release payload. CAPO is actually deployed by cluster-capi-operator, but is not directly referenced by cluster-capi-operator. cluster-capi-operator instead consumes a ConfigMap deployed by CAPO. CAPO must be included in the release payload in order for cluster-capi-operator to be able to consume this ConfigMap.
For a node to join the cluster, a CSR generated by kubelet with the node name must be approved. The approval happens if the value of the NodeInternalDNS entry on the Machine matches the node name. When using legacy cloud provider the value of that node name is the Server name. This commit ensures the nodes handled with legacy cloud provides get approved by adding the server name to the list of Machine addresses. (cherry picked from commit de8aaa4)
UPSTREAM 1715: Add server name for the Machine InternalDNS
CARRY: Add DOWNSTREAM_OWNERS
CARRY: Mark CAPO as second level operator
CARRY: Restore OWNERS to upstream
UPSTREAM 1686: Move webhook CA injection into webhook resource
(cherry picked from commit 661c0ff)
UPSTREAM 1726: Replace kustomize vars with replacements
…gen/model This allows mockgen to run when using vendoring. (cherry picked from commit de1a0f4)
UPSTREAM 1712: Add explicit dependency on github.com/golang/mock/mock…
In particular, bump golang.org/x/net to v0.17.0 and
k8s.io/api{machinery,server} to v0.27.7.
OCPBUGS-22087: UPSTREAM 1733: deps: Bump dependencies
We now have the ability for a machine to have additional block devices to be attached. Here is an example on how to use `additionalBlockDevices` for adding additional Cinder volumes attached to the server instance: ```yaml additionalBlockDevices: - nameSuffix: dbvol1 size: 50 volumeType: my-volume-type availabilityZone: az0 tag: database ``` Co-authored-by: Matt Pryor <[email protected]> Co-authored-by: Emilien Macchi <[email protected]> (cherry picked from commit 94d9690)
Co-authored-by: Emilien Macchi <[email protected]> Co-authored-by: Martin André <[email protected]> (cherry picked from commit 1efeaf7)
Hitting golangci/golangci-lint#3228 when adding nolint. So allow to ignore unused nolints. (cherry picked from commit 4336f38)
This is step 1 of 3 in the dance necessary to add e2e tests. Next up, the job definition itself (in 'openshift/release'). Signed-off-by: Stephen Finucane <[email protected]>
Add stub e2e target
OCPBUGS-24296: Add Snyk file to exclude vendor directory on scan
As in openshift/cluster-version-operator@48fe9f2669 (install: Drop single-node-developer profile, 2021-11-05, openshift/cluster-version-operator#685). There's an enhancement proposal for this profile [1], and the Code Ready Containers folks took a run at using it in [2] before backing off in [3]. I don't have any problems with having a specific CRC profile, but if we end up going that way, we'll need a lot more manifests with the annotation (e.g. we'll probably also want the CVO manifests to include this annotation, or there won't be anything consuming the admin-ack ConfigMaps ;). This commit drops the annotation from this repository to avoid distracting folks with dead code. [1]: https://github.com/openshift/enhancements/blob/2911c46bf7d2f22eb1ab81739b4f9c2603fd0c07/enhancements/single-node/developer-cluster-profile.md [2]: crc-org/snc#338 [3]: crc-org/snc#373 (comment)
openshift/machine-api-operator@9c20871740 (annotate cloud credentials request, 2023-11-14, openshift/machine-api-operator#1174) added this capability to the machine-API analog of this manifest. And openshift/cluster-capi-operator@e305541274 (annotate credentials request manifests, 2023-11-13, openshift/cluster-capi-operator#143) annotated some cluster-API CredentialsRequests used for other providers. This commit catches cluster-API OpenStack up with those other changes. There is a risk that tech-preview clusters updating into this change will have the CloudCredential capability implicitly enabled. But because TechPreviewNoUpgrade blocks minor updates, and we don't intend to backport this to 4.14.z, that exposure is confined to unsuported prerelease clusters.
|
@openshift-cherrypick-robot: GitHub didn't allow me to assign the following users: wking. Note that only openshift members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@openshift-cherrypick-robot: Jira Issue OCPBUGS-26027 has been cloned as Jira Issue OCPBUGS-26208. Will retitle bug to link to clone. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
changed the title
openshift-ci-robot
added
jira/severity-moderate
|
@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-26208, which is valid. The bug has been moved to the POST state. 6 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira ([email protected]), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dulek The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest-required |
|
@openshift-cherrypick-robot: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Closing as we had to rebase release-4.15. Let's have the bot re-open. |
|
@mandre: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-merge-robot
added
the
needs-rebase
|
@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-26208. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
12 participants
This is an automated cherry-pick of #294
/assign wking