Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.14] Resync release-4.14 branch with main 2024-05-22 #530

Merged
merged 37 commits into from
May 22, 2024
Merged

[release-4.14] Resync release-4.14 branch with main 2024-05-22 #530

merged 37 commits into from
May 22, 2024

Conversation

donpenney
Copy link
Collaborator

Background / Context

Until LCA reaches GA, we will periodically resync the release branches with main to ensure content is aligned.

This update resyncs release-4.14 branch up to: #522

The diff against main after the resync and version reset:

$ git diff main..resync-4.14-with-main-20240522
diff --git a/Dockerfile b/Dockerfile
index a8f1b671..d475479c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,8 +25,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -mod=vendor -a

 #####################################################################################################
 # Build the operator image
-# note: update origin-cli-artifacts from `latest` to an appropriate OCP verison during release e.g `4.17`
-FROM quay.io/openshift/origin-cli-artifacts:latest AS origincli
+FROM quay.io/openshift/origin-cli-artifacts:4.14 AS origincli
 FROM registry.access.redhat.com/ubi9/ubi-minimal:latest

 RUN if [[ ! -f /bin/nsenter ]]; then \
@@ -45,7 +44,7 @@ COPY --from=builder \

 COPY lca-cli/installation_configuration_files/ /usr/local/installation_configuration_files/

-COPY --from=origincli /usr/share/openshift/linux_amd64/oc.rhel9 /usr/bin/oc
+COPY --from=origincli /usr/share/openshift/linux_amd64/oc /usr/bin/oc

 COPY must-gather/collection-scripts/ /usr/bin/

diff --git a/Makefile b/Makefile
index e008c1cd..43de5e92 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 4.17.0
+VERSION ?= 4.14.0

 # You can use podman or docker as a container engine. Notice that there are some options that might be only valid for one of them.
 ENGINE ?= docker
diff --git a/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml b/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml
index 856f74db..70eebc8c 100644
--- a/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml
+++ b/bundle/manifests/lifecycle-agent.clusterserviceversion.yaml
@@ -26,7 +26,7 @@ metadata:
             ],
             "seedImageRef": {
               "image": "quay.io/xyz",
-              "version": "4.16.0"
+              "version": "4.14.0"
             },
             "stage": "Idle"
           }
@@ -56,7 +56,7 @@ metadata:
     features.operators.openshift.io/token-auth-aws: "false"
     features.operators.openshift.io/token-auth-azure: "false"
     features.operators.openshift.io/token-auth-gcp: "false"
-    olm.skipRange: '>=4.14.0 <4.17.0'
+    olm.skipRange: '>=4.14.0 <4.14.999'
     operatorframework.io/suggested-namespace: openshift-lifecycle-agent
     operatorframework.io/suggested-namespace-template: |-
       {
@@ -77,7 +77,7 @@ metadata:
     support: Red Hat
   labels:
     operatorframework.io/arch.amd64: supported
-  name: lifecycle-agent.v4.17.0
+  name: lifecycle-agent.v4.14.0
   namespace: openshift-lifecycle-agent
 spec:
   apiservicedefinitions: {}
@@ -632,7 +632,7 @@ spec:
                 - /usr/local/bin/manager
                 env:
                 - name: PRECACHE_WORKLOAD_IMG
-                  value: quay.io/openshift-kni/lifecycle-agent-operator:4.17.0
+                  value: quay.io/openshift-kni/lifecycle-agent-operator:4.14.0
                 - name: MY_POD_NAME
                   valueFrom:
                     fieldRef:
@@ -641,7 +641,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/openshift-kni/lifecycle-agent-operator:4.17.0
+                image: quay.io/openshift-kni/lifecycle-agent-operator:4.14.0
                 livenessProbe:
                   httpGet:
                     path: /healthz
@@ -739,4 +739,4 @@ spec:
   provider:
     name: Red Hat
   replaces: lifecycle-agent.v0.0.0
-  version: 4.17.0
+  version: 4.14.0
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 442ed8c2..be8304d2 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -13,6 +13,6 @@ configMapGenerator:
 images:
 - name: controller
   newName: quay.io/openshift-kni/lifecycle-agent-operator
-  newTag: 4.17.0
+  newTag: 4.14.0
 patches:
 - path: related-images/patch.yaml
diff --git a/config/manifests/bases/lifecycle-agent.clusterserviceversion.yaml b/config/manifests/bases/lifecycle-agent.clusterserviceversion.yaml
index bf4163ce..3d80e15a 100644
--- a/config/manifests/bases/lifecycle-agent.clusterserviceversion.yaml
+++ b/config/manifests/bases/lifecycle-agent.clusterserviceversion.yaml
@@ -17,7 +17,7 @@ metadata:
     features.operators.openshift.io/token-auth-aws: "false"
     features.operators.openshift.io/token-auth-azure: "false"
     features.operators.openshift.io/token-auth-gcp: "false"
-    olm.skipRange: '>=4.14.0 <4.17.0'
+    olm.skipRange: '>=4.14.0 <4.14.999'
     operatorframework.io/suggested-namespace: openshift-lifecycle-agent
     operatorframework.io/suggested-namespace-template: |-
       {
@@ -36,7 +36,7 @@ metadata:
     support: Red Hat
   labels:
     operatorframework.io/arch.amd64: supported
-  name: lifecycle-agent.v4.17.0
+  name: lifecycle-agent.v4.14.0
   namespace: openshift-lifecycle-agent
 spec:
   apiservicedefinitions: {}
diff --git a/config/samples/lca_v1_imagebasedupgrade.yaml b/config/samples/lca_v1_imagebasedupgrade.yaml
index 2a97c39e..ecec45ea 100644
--- a/config/samples/lca_v1_imagebasedupgrade.yaml
+++ b/config/samples/lca_v1_imagebasedupgrade.yaml
@@ -5,7 +5,7 @@ metadata:
 spec:
   stage: Idle
   seedImageRef:
-    version: 4.16.0
+    version: 4.14.0
     image: quay.io/xyz
   autoRollbackOnFailure: {}
   extraManifests:

dependabot bot and others added 30 commits May 8, 2024 21:49
@dependabot
Bump github.com/coreos/ignition/v2 from 2.15.0 to 2.18.0
941c703 
Bumps [github.com/coreos/ignition/v2](https://github.com/coreos/ignition) from 2.15.0 to 2.18.0.
- [Release notes](https://github.com/coreos/ignition/releases)
- [Changelog](https://github.com/coreos/ignition/blob/main/docs/release-notes.md)
- [Commits](coreos/ignition@v2.15.0...v2.18.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/ignition/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@leo8a
bundle: Update csv annotations in LCA bundle
8b3afac 
Sets proxy-aware and fips-compliant annotations to true in the LCA bundle, this will notify users installing LCA from the official catalogs about this operator's capabilities.

Signed-off-by: Leonardo Ochoa-Aday <lochoa@redhat.com>
@jc-rh
Upversion main to 4.17
2b08308
@openshift-merge-bot
Merge pull request openshift-kni#508 from jc-rh/main
b01eb9a 
Upversion main to 4.17
@jc-rh
Update seed format version due to the api version change
e4b6311
@openshift-merge-bot
Merge pull request openshift-kni#510 from openshift-kni/jc-rh-patch-1
05f32b5 
Update seed format version due to the api version change
@leo8a
Update README.md with some badges
e319e0a 
Signed-off-by: Leonardo Ochoa-Aday <lochoa@redhat.com>
@leo8a
Fix misspell, ineffassign and gofmt issues
43190f2 
Fixes some recommendations provided by the goreportcard.com.

Signed-off-by: Leonardo Ochoa-Aday <lochoa@redhat.com>
@leo8a
Add code-coverage targets to Makefile
36c4cea 
Adds code-coverage target to Makefile and a config file, these could be used (e.g., in the ci-job or in local by devs) at any moment.

Signed-off-by: Leonardo Ochoa-Aday <lochoa@redhat.com>
@tsorya
OCPBUGS-33536: [IBI] install-rhcos-and-restore-seed.service fails the…
45f2225 
… first time it starts

We are taking lca-cli from seed image and sometimes it can fail.
Adding dependency for this service on network-online and adding retry to
image pull part
@openshift-merge-bot
Merge pull request openshift-kni#500 from tsorya/igal/MGMT-17615
3bb9b3d 
OCPBUGS-33536: [IBI] install-rhcos-and-restore-seed.service fails the first time it starts
@openshift-merge-bot
Merge pull request openshift-kni#496 from leo8a/bundle-update
22fce42 
CNF-12652: bundle: Update csv annotations in LCA bundle
@pixelsoccupied
handle sigterm when stateroot job is progress
834762b
@donpenney
Merge branch 'main' into dependabot/go_modules/github.com/coreos/igni…
27d7726 
…tion/v2-2.18.0
@openshift-merge-bot
Merge pull request openshift-kni#514 from leo8a/add-badges
c9d9ba7 
CNF-12712: Add badges and code-coverage targets
@openshift-merge-bot
Merge pull request openshift-kni#498 from pixelsoccupied/handle-sigte…
fb1ee6b 
…rm-stateroot

CNF-12656: Handle SIGTERM for stateroot setup job
@tsorya
MGMT-17828: LCA should allow reconfiguration if hostname wasn't provided
365c800 
1. We should block localhost as hostname
2. In case hostname was not provided as part of seed reconfiguration we
   should use current node hostname
3. Hostname should be set with hostnamectl command rather than with
   /etc/hostname file in order to be changed immediately
@openshift-merge-bot
Merge pull request openshift-kni#518 from tsorya/igal/MGMT-17828
133ba4d 
MGMT-17828: LCA should allow reconfiguration if hostname wasn't provided
@javipolo
OCPBUGS-33786 - Fix SELinux issues in IBI when running outside of a c…
81553ac 
…ontainer

Signed-off-by: Javi Polo <jpolo@redhat.com>
@openshift-merge-bot
Merge pull request openshift-kni#491 from openshift-kni/dependabot/go…
fe96bf3 
…_modules/github.com/coreos/ignition/v2-2.18.0

Bump github.com/coreos/ignition/v2 from 2.15.0 to 2.18.0
@pixelsoccupied
prep stage doc updates and unify logs and naming
2c98d56
@omertuc
Enforce FIPS compatibility
af1eda7 
Solves MGMT-17748

# Background

LCA recently added support for upgrading of FIPS-enabled clusters (see
commit 82460ad).

# Issue

The current implementation does not enforce FIPS compatibility between
the seed image and the cluster being upgraded. This can lead to issues
when the seed image has FIPS enabled but the cluster being upgraded does
not, or vice versa.

# Solution

Add a check for FIPS compatibility between the seed image and the cluster
being upgraded.

# Implementation details

- Add a new field `HasFIPS` to the `SeedClusterInfo` struct to store
  whether the seed image has FIPS enabled or not. This field is set
  based on the value of the `FIPS` field in the `MachineConfig` object
  referenced by the `machineconfiguration.openshift.io/currentConfig`
  label of the only node in the cluster.

- Check for FIPS compatibility when pulling the seed image. If the seed
  image has FIPS enabled but the cluster being upgraded does not, or
  vice versa, return an error.
@openshift-merge-bot
Merge pull request openshift-kni#519 from javipolo/ibi-selinux-policy
bc326eb 
OCPBUGS-33786 - Fix SELinux issues in IBI when running outside of a container
@jc-rh
Update to golang 1.21 and k8s api 0.29.4
348b730
@tsorya
MGMT-17652: Possibly improve etcd performance through defrag/compaction
685b5d5 
Adding etcd defrag as part of seed creation right after recert
Currently added as best-effort.
@tsorya
OCPBUGS-34010: In case proxy status was set there is no reason to update
f331b9d 
proxy in post pivot phase (IBU flow)
@openshift-merge-bot
Merge pull request openshift-kni#483 from omertuc/fipsenforce
8969b70 
Enforce FIPS compatibility
@openshift-merge-bot
Merge pull request openshift-kni#517 from pixelsoccupied/update-doc
54e971d 
OCPBUGS-32495: prep stage doc updates and unify logs and naming
@Missxiaoguo
extramanifest configmaps validation update
a64e82f 
Signed-off-by: Angie Wang <angwang@redhat.com>
@tsorya
MGMT-16515: in order to set machine network in node ip hint file in post
2a18012 
pivot we should take it from target
openshift-merge-bot bot and others added 7 commits May 21, 2024 16:35
@openshift-merge-bot
Merge pull request openshift-kni#523 from tsorya/igal/etcd
8256fbb 
MGMT-17652: Possibly improve etcd performance through defrag/compaction
@openshift-merge-bot
Merge pull request openshift-kni#525 from tsorya/igal/MGMT-16515
24bc127 
MGMT-16515: in order to set machine network in node ip hint file in post pivot we should take it from target
@openshift-merge-bot
Merge pull request openshift-kni#526 from tsorya/igal/OCPBUGS-34010
55af044 
OCPBUGS-34010: In case proxy status was set there is no reason to update proxy in post pivot phase (IBU flow)
@openshift-merge-bot
Merge pull request openshift-kni#521 from Missxiaoguo/validation_mani…
aa16365 
…fest

OCPBUGS-33275: extramanifest configmaps validation update
@openshift-merge-bot
Merge pull request openshift-kni#522 from jc-rh/main
8662ded 
Update to golang 1.21 and k8s api 0.29.4
@donpenney
Merge branch 'main' into resync-4.14-with-main-20240522
18427d6
@donpenney
Reset version to 4.14 after resync with main
3a64ca4 
Signed-off-by: Don Penney <dpenney@redhat.com>
@openshift-ci openshift-ci bot requested review from browsell and leo8a May 22, 2024 05:11
@donpenney
Copy link
Collaborator Author

/cc @jc-rh

@openshift-ci openshift-ci bot requested a review from jc-rh May 22, 2024 05:11
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 22, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 22, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jc-rh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 22, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 1b7d79e into openshift-kni:release-4.14 May 22, 2024
8 checks passed
@donpenney donpenney deleted the resync-4.14-with-main-20240522 branch June 14, 2024 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jc-rh jc-rh jc-rh approved these changes

@browsell browsell Awaiting requested review from browsell

@leo8a leo8a Awaiting requested review from leo8a

Assignees

@jc-rh jc-rh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@donpenney @jc-rh @leo8a @tsorya @pixelsoccupied @javipolo @omertuc @Missxiaoguo