[release-4.15] OCPBUGS-36466: Allow operator to update Route spec.subdomain #1100
Conversation
openshift-ci-robot
added
jira/severity-moderate
|
@Miciah: This pull request references Jira Issue OCPBUGS-36466, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/invalid-bug
Before this commit, cluster-ingress-operator did not have permission to
update spec.host or spec.subdomain on an existing route as the operator's
serviceaccount did not have the necessary "routes/custom-host" permission.
A previous change to the operator had added logic to clear spec.host and
instead set spec.subdomain, but without the required permission, the update
would fail with the following error message:
ERROR operator.init controller/controller.go:265 Reconciler error
{"controller": "canary_controller", "object": {"name":"default","namespace":"openshift-ingress-operator"},
"namespace": "openshift-ingress-operator", "name": "default", "reconcileID": "463061e3-93a1-4067-802e-03e3f1f8cdd0",
"error": "failed to ensure canary route: failed to update canary route openshift-ingress-canary/canary:
Route.route.openshift.io \"canary\" is invalid: spec.subdomain: Invalid value: \"canary-openshift-ingress-canary\": field is immutable"}
This commit adds the needed permission to the clusterrole for the
operator's serviceaccount so that the update can succeed.
This commit fixes OCPBUGS-32887.
https://issues.redhat.com/browse/OCPBUGS-32887
Follow-up to commit 530d326.
* manifests/00-cluster-role.yaml: Add permission for routes/custom-host.
Fix the update logic for the canary route to handle clearing spec.host. Attempts to clear spec.host using a simple update may be ignored[1]. Therefore it is necessary to delete and recreate the route. 1. openshift/origin@54c072c Before this commit, the operator would set spec.subdomain, but it did not actually clear spec.host, and so setting spec.subdomain had no effect. After this commit, the operator should clear spec.host, and spec.subdomain should be in effect. Follow-up to commit 77c61ba. This commit is related to OCPBUGS-36465. https://issues.redhat.com/browse/OCPBUGS-36465 * pkg/operator/controller/canary/route.go (updateCanaryRoute): Delete and recreate the route in order to clear spec.host. (deleteCanaryRoute): Add an options parameter for updateCanaryRoute to use. * test/e2e/canary_test.go (TestCanaryRouteClearsSpecHost): New test. Verify that the operator clears spec.host if it is set on the canary route. * test/e2e/all_test.go (TestAll): Add TestCanaryRouteClearsSpecHost as a serial test.
Miciah
force-pushed
the
cherry-pick-1047-and-1099-to-release-4.15
branch
from
d19536f to
357c1a7
Compare
|
/test e2e-gcp-operator |
|
/assign |
|
Verified the fix using clusterbot hence marking the bug are verified |
openshift-ci
bot
added
the
qe-approved
|
@Miciah: This pull request references Jira Issue OCPBUGS-36466, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Dependency on #1099 |
|
Backport is required because the original bug OCPBUGS-36465 was found in version 4.14 and disrupts upgrades from 4.13 to 4.14. Any risk introduced by this fix is balanced against the improvement in the success of 4.14 upgrades. /label backport-risk-assessed |
openshift-ci
bot
added
the
backport-risk-assessed
|
/label cherry-pick-approved |
openshift-ci
bot
added
the
cherry-pick-approved
|
/approve |
|
@candita: This pull request references Jira Issue OCPBUGS-36466, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: candita The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@melvinjoseph86: This pull request references Jira Issue OCPBUGS-36466, which is valid. 7 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@Miciah: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
@Miciah: Jira Issue OCPBUGS-36466: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-36466 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build ose-cluster-ingress-operator-container-v4.15.0-202407131406.p0.g0928822.assembly.stream.el9 for distgit ose-cluster-ingress-operator. |
|
Fix included in accepted release 4.15.0-0.nightly-2024-07-13-204028 |
|
/jira refresh |
|
@candita: Jira Issue OCPBUGS-36466 is in an unrecognized state (Verified) and will not be moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
8 participants
Allow operator to update Route
spec.subdomainBefore this change, cluster-ingress-operator did not have permission to update
spec.hostorspec.subdomainon an existing route as the operator's serviceaccount did not have the necessary "routes/custom-host" permission. #965 added logic to the operator to clearspec.hostand instead setspec.subdomain, but without the required permission, the update would fail with the following error message:This PR adds the needed permission to the clusterrole for the operator's serviceaccount so that the update can succeed.
Delete and recreate canary route to clear
spec.hostFix the update logic for the canary route to handle clearing
spec.host. Attempts to clearspec.hostusing a simple update may be ignored (see openshift/origin@54c072c). Therefore it is necessary to delete and recreate the route.Before this change, the operator would set
spec.subdomain, but it did not actually clearspec.host, and so settingspec.subdomainhad no effect.After this change, the operator should clear
spec.host, andspec.subdomainshould be in effect.This is manual cherry-pick of #1047 and #1099.