origin icon indicating copy to clipboard operation
origin copied to clipboard

Published 20 hours ago verified publisher icon openshift

update SA checking when creating a project

Open jianzhangbjz opened this issue 1 year ago • 11 comments

The deployer and builder SAs are not a must when creating a project since OCP 4.14. For no-capabilities cluster, only default SA generated, no any secrets.

MacBook-Pro:~ jianzhang$ oc get clusterversion version -o=jsonpath='{.spec.capabilities}'
{"additionalEnabledCapabilities":["MachineAPI","CloudCredential"],"baselineCapabilitySet":"None"}MacBook-Pro:~ jianzhang$ 
MacBook-Pro:~ jianzhang$ 
MacBook-Pro:~ jianzhang$ oc get sa 
NAME      SECRETS   AGE
default   0         5m22s
MacBook-Pro:~ jianzhang$ oc get secret 
No resources found in jian namespace.

For ImageRegistry capability disabled cluster, no *-dockercfg-* secret generated. So, updated WaitForServiceAccountWithSecret func.

MacBook-Pro:~ jianzhang$ oc get clusterversion version -o=jsonpath='{.spec.capabilities}'
{"additionalEnabledCapabilities":["MachineAPI","CloudCredential","Build"],"baselineCapabilitySet":"None"}
MacBook-Pro:~ jianzhang$ oc get sa 
NAME      SECRETS   AGE
builder   0         2m5s
default   0         2m5s
MacBook-Pro:~ jianzhang$ oc get secret 
No resources found in jian namespace.

The ImageRegistry capability enabled cluster, the relevant secrets generated.

MacBook-Pro:~ jianzhang$ oc get clusterversion version -o=jsonpath='{.spec.capabilities}'
{"additionalEnabledCapabilities":["MachineAPI","CloudCredential","Build","ImageRegistry"],"baselineCapabilitySet":"None"}
MacBook-Pro:~ jianzhang$ oc get sa 
NAME      SECRETS   AGE
builder   1         82s
default   1         82s
MacBook-Pro:~ jianzhang$ oc get secret 
NAME                      TYPE                                  DATA   AGE
builder-dockercfg-t55j4   kubernetes.io/dockercfg               1      86s
builder-token-mqkmd       kubernetes.io/service-account-token   4      86s
default-dockercfg-g8727   kubernetes.io/dockercfg               1      86s
default-token-mp229       kubernetes.io/service-account-token   4      86s

To address https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_release/46958/rehearse-46958-periodic-ci-openshift-release-master-ci-4.15-e2e-aws-ovn-no-capabilities/1737365378285178880

[sig-instrumentation] Prometheus [apigroup:image.openshift.io] when installed on the cluster should have important platform topology metrics [apigroup:config.openshift.io] [Skipped:Disconnected] [Suite:openshift/conformance/parallel]
  github.com/openshift/origin/test/extended/prometheus/prometheus.go:493
    STEP: Creating a kubernetes client @ 12/20/23 08:40:24.519
  Dec 20 08:40:25.630: INFO: configPath is now "/tmp/configfile4283986400"
  Dec 20 08:40:25.630: INFO: The user is now "e2e-test-prometheus-bmnqc-user"
  Dec 20 08:40:25.630: INFO: Creating project "e2e-test-prometheus-bmnqc"
  Dec 20 08:40:25.754: INFO: Waiting on permissions in project "e2e-test-prometheus-bmnqc" ...
  Dec 20 08:40:25.982: INFO: Waiting for ServiceAccount "default" to be provisioned...
  Dec 20 08:40:26.150: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.250: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.352: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.448: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.553: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.649: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.[74](https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_release/46958/rehearse-46958-periodic-ci-openshift-release-master-ci-4.15-e2e-aws-ovn-no-capabilities/1737365378285178880#1:build-log.txt%3A74)8: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.[84](https://prow.ci.openshift.org/view/gs/origin-ci-test/pr-logs/pull/openshift_release/46958/rehearse-46958-periodic-ci-openshift-release-master-ci-4.15-e2e-aws-ovn-no-capabilities/1737365378285178880#1:build-log.txt%3A84)8: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:26.950: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.049: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.148: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.248: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.349: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.448: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.548: INFO: Waiting for service account "default" secrets () to include dockercfg ...
  Dec 20 08:40:27.648: INFO: Waiting for service account "default" secrets () to include dockercfg ...
...

jianzhangbjz avatar Dec 21 '23 03:12 jianzhangbjz

Hi @wking , could you help have a review when you get a chance? Thanks!

jianzhangbjz avatar Dec 21 '23 03:12 jianzhangbjz

@jianzhangbjz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn-single-node-upgrade 1f67ec064ed11afeef822f336be12132be056d7f link false /test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-aws-ovn-upgrade 1f67ec064ed11afeef822f336be12132be056d7f link false /test e2e-aws-ovn-upgrade
ci/prow/e2e-gcp-csi 1f67ec064ed11afeef822f336be12132be056d7f link false /test e2e-gcp-csi
ci/prow/e2e-gcp-ovn 1f67ec064ed11afeef822f336be12132be056d7f link true /test e2e-gcp-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-ci[bot] avatar Jan 18 '24 06:01 openshift-ci[bot]

Job Failure Risk Analysis for sha: 1f67ec064ed11afeef822f336be12132be056d7f

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-gcp-csi High
External Storage [Driver: pd.csi.storage.gke.io] [Testpattern: Dynamic PV (default fs)] provisioning should provision storage with pvc data source in parallel [Slow]
This test has passed 100.00% of 14 runs on jobs ['periodic-ci-openshift-release-master-nightly-4.16-e2e-gcp-ovn-csi'] in the last 14 days.

openshift-trt-bot avatar Mar 05 '24 16:03 openshift-trt-bot

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Jun 04 '24 01:06 openshift-bot

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot avatar Jul 04 '24 08:07 openshift-bot

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-bot avatar Aug 04 '24 00:08 openshift-bot

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-merge-robot avatar Aug 04 '24 00:08 openshift-merge-robot

@openshift-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci[bot] avatar Aug 04 '24 00:08 openshift-ci[bot]

/reopen /remove-lifecycle rotten

jianzhangbjz avatar Aug 05 '24 00:08 jianzhangbjz

@jianzhangbjz: Reopened this PR.

In response to this:

/reopen /remove-lifecycle rotten

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci[bot] avatar Aug 05 '24 00:08 openshift-ci[bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jianzhangbjz Once this PR has been reviewed and has the lgtm label, please assign stbenjam for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Aug 05 '24 00:08 openshift-ci[bot]