SDN-4308: Update status merge for APBRoute and EgressFirewall. #2132
Conversation
Update APBRoute IP validation. Signed-off-by: Nadia Pinaeva <[email protected]>
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
npinaeva
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@npinaeva: This pull request references SDN-4308 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
/retest |
|
/retest-required |
| status: | ||
| description: A concise indication of whether the AdminPolicyBasedRoute | ||
| resource is applied with success | ||
| type: string | ||
| required: | ||
| - lastTransitionTime | ||
| - messages | ||
| - status |
There was a problem hiding this comment.
I talked with @npinaeva about this being a backward incompatible change. Need to confirm if we are ok with this.
| @@ -138,6 +138,7 @@ rules: | |||
| resources: | |||
| - adminpolicybasedexternalroutes | |||
| - egressfirewalls | |||
| - egressfirewalls/status | |||
There was a problem hiding this comment.
Why did you need this and not adminpolicybasedexternalroutes/status as well?
There was a problem hiding this comment.
I actually need it, but it should've already been here, because node updates status already 😕
There was a problem hiding this comment.
nice catch @jcaamano , it is a 4.14 bug :) just checked, 4.14 can't update status
W1130 14:58:55.081710 5185 master_controller.go:227] Failed to update AdminPolicyBasedExternalRoutes default status: failed to update AdminPolicyBasedExternalRoutes default status: adminpolicybasedexternalroutes.k8s.ovn.org "default" is forbidden: User "system:ovn-node:ci-ln-f2400f2-72292-sgnts-master-2" cannot update resource "adminpolicybasedexternalroutes/status" in API group "k8s.ovn.org" at the cluster scope
There was a problem hiding this comment.
created a separate PR for that, since it is a different problem and should be backported to 4.14 #2139
| - adminpolicybasedexternalroutes | ||
| - adminpolicybasedexternalroutes/status | ||
| - egressfirewalls | ||
| - egressfirewalls/status |
There was a problem hiding this comment.
I guess we are following the status quo here but we should really only need update perms on adminpolicybasedexternalroutes/status and egressfirewalls/status
| required: | ||
| - messages |
There was a problem hiding this comment.
So thinking about it a bit, I wouldn't add this as required. It is just a hassle.
| @@ -713,14 +720,14 @@ spec: | |||
| items: | |||
| type: string | |||
| type: array | |||
| x-kubernetes-list-type: set | |||
| status: | |||
| description: A concise indication of whether the AdminPolicyBasedRoute | |||
| resource is applied with success | |||
| type: string | |||
| required: | |||
| - lastTransitionTime | |||
| - messages | |||
There was a problem hiding this comment.
Now that we are at making backward incompatible changes, shouldn't we just remove messages and lastTransitionTime from required. It just can't make sense of them being required.
egressfirewall. For ovnkube-controller: watch and patch APBRoute and egressfirewall. Make all .stauts fields optional (backward incompatible change for apbroute) Signed-off-by: Nadia Pinaeva <[email protected]>
npinaeva
force-pushed
the
status-subresource
branch
from
a940867
to
b31c88d
Compare
|
/lgtm |
openshift-ci
bot
added
the
approved
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: npinaeva, trozet The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/override ci/prow/e2e-metal-ipi-ovn-ipv6 |
|
@trozet: Overrode contexts on behalf of trozet: ci/prow/e2e-metal-ipi-ovn-ipv6 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-merge-bot
bot
merged commit 4f14d36
into
openshift:master
|
@npinaeva: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build cluster-network-operator-container-v4.15.0-202312012309.p0.g4f14d36.assembly.stream for distgit cluster-network-operator. |
Update APBRoute IP validation.
Depends on ovn-org/ovn-kubernetes#3750