Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

WIP: waiting for test results to check ovnkube-node logs, every other job without this fix has mentioned errors, e.g. https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_cluster-network-operator/1866/pull-ci-openshift-cluster-network-operator-master-e2e-gcp-ovn/1676458790074978304/artifacts/e2e-gcp-ovn/gather-extra/artifacts/pods/openshift-ovn-kubernetes_ovnkube-node-jqwlf_ovnkube-node.log

/retest-required

looks like this PR solves memory leak problem: you can pick one job from this PR e.g. https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_cluster-network-operator/1867/pull-ci-openshift-cluster-network-operator-master-e2e-azure-ovn/1676661712515764224 and same job for another pr e.g. https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_cluster-network-operator/1866/pull-ci-openshift-cluster-network-operator-master-e2e-azure-ovn/1676458790066589696
then spin up PromeCleus pod, and look at mem usage with node_namespace_pod_container:container_memory_rss{pod=~"ovnkube-.*", container="ovnkube-node"}
you will see old metrics (max 410 MB)

vs new metrics (max 60 MB)

@npinaeva: This pull request references Jira Issue OCPBUGS-15544, which is invalid:

• expected the bug to target the "4.14.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

/lgtm

/jira refresh

@npinaeva: This pull request references Jira Issue OCPBUGS-15544, which is valid. The bug has been moved to the POST state.

Requesting review from QA contact:
/cc @anuragthehatter

perhaps add it to bindata/network/ovn-kubernetes/common/007-rbac-cluster-reader.yaml as well?

nice catch! I didn't even know that file exists :)

Would this be a good time to add adminpolicybasedexternalroutes/status for the write verbs?
That's what we usually add for controllers with CRDs that update status.

Would this be a good time to add adminpolicybasedexternalroutes/status for the write verbs? That's what we usually add for controllers with CRDs that update status.

I guess we can do this after. PTAL @jordigilh

/lgtm
/approve

Would this be a good time to add adminpolicybasedexternalroutes/status for the write verbs? That's what we usually add for controllers with CRDs that update status.

I guess we can do this after. PTAL @jordigilh

/lgtm /approve

Yeah, would make sense to have only access to the status in the controller rather than the whole object. I will raise another PR. Thanks for the suggestion 😄

@jcaamano write verbs are only used by masters (before we default to ic) and it was added here #1765

/retest-required

Remaining retests: 0 against base HEAD 64ab110 and 2 for PR HEAD 0a43705 in total

@jcaamano write verbs are only used by masters (before we default to ic) and it was added here #1765

I guess what he means is to change this line to point to the status
https://github.com/jordigilh/cluster-network-operator/blob/cce5df4245f16688caca5b1c543376f181c0be00/bindata/network/ovn-kubernetes/common/003-rbac-controller.yaml#L90

- apiGroups: ["k8s.ovn.org"]
  resources:
  - egressfirewalls
...
...
  - "adminpolicybasedexternalroutes/status"

@jcaamano write verbs are only used by masters (before we default to ic) and it was added here #1765

I guess what he means is to change this line to point to the status https://github.com/jordigilh/cluster-network-operator/blob/cce5df4245f16688caca5b1c543376f181c0be00/bindata/network/ovn-kubernetes/common/003-rbac-controller.yaml#L90

- apiGroups: ["k8s.ovn.org"]
  resources:
  - egressfirewalls
...
...
  - "adminpolicybasedexternalroutes/status"

Yeah, you need to take care also in the code that you are just updating the status (edit: using the UpdateStatus method)

But it's just the same with egressips, egresssvcs, ... so we can also do this as a general effort.

edit: and we still need the read permission on the overall resource

@jcaamano write verbs are only used by masters (before we default to ic) and it was added here #1765

I guess what he means is to change this line to point to the status https://github.com/jordigilh/cluster-network-operator/blob/cce5df4245f16688caca5b1c543376f181c0be00/bindata/network/ovn-kubernetes/common/003-rbac-controller.yaml#L90

- apiGroups: ["k8s.ovn.org"]
  resources:
  - egressfirewalls
...
...
  - "adminpolicybasedexternalroutes/status"

Yeah, you need to take care also in the code that you are just updating the status (edit: using the UpdateStatus method)

But it's just the same with egressips, egresssvcs, ... so we can also do this as a general effort.

edit: and we still need the read permission on the overall resource

Yep, it is already using UpdateStatus().

@npinaeva awesome that it fixes the memleak thing... can you put the details of why this happens into the commit message too though?

/retest-required

Remaining retests: 0 against base HEAD 329e328 and 1 for PR HEAD 0a43705 in total

added some memory leak details to the comment

/lgtm

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jcaamano, jordigilh, npinaeva

The full list of commands accepted by this bot can be found here.

The pull request process is described here

/retest-required

Remaining retests: 0 against base HEAD 660d5bc and 2 for PR HEAD 98c7509 in total

/retest-required

/retest-required

Remaining retests: 0 against base HEAD 3a5af01 and 1 for PR HEAD 98c7509 in total

/override ci/prow/e2e-metal-ipi-ovn-ipv6
must-gather failed, not the tests

/override ci/prow/e2e-vsphere-ovn-windows

 time="2023-07-07T19:40:43Z" level=info msg="  Found ClusterServiceVersion \"openshift-windows-machine-config-operator/windows-machine-config-operator.v9.0.0\" phase: Installing"
time="2023-07-07T19:41:29Z" level=fatal msg="Failed to run packagemanifests: error waiting for CSV to install: etcdserver: request timed out\n"
Waiting for deployment "windows-machine-config-operator" rollout to finish: 0 of 1 updated replicas are available...
error: timed out waiting for the condition

/override ci/prow/e2e-gcp-ovn
Fixed by openshift/ovn-kubernetes#1747

@dcbw: Overrode contexts on behalf of dcbw: ci/prow/e2e-gcp-ovn, ci/prow/e2e-metal-ipi-ovn-ipv6, ci/prow/e2e-vsphere-ovn-windows

@npinaeva: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Full PR test history. Your PR dashboard.

@npinaeva: Jira Issue OCPBUGS-15544: All pull requests linked via external trackers have merged:

• openshift/cluster-network-operator#1867

Jira Issue OCPBUGS-15544 has been moved to the MODIFIED state.