OCPBUGS-44968: Reconcile SecretProvider for CSO on ARO HCP by bryan-cox · Pull Request #4904 · openshift/hypershift

bryan-cox · 2024-10-11T17:35:49Z

What this PR does / why we need it:
Reconcile the SecretProviderClass for the cluster storage operator (CSO) for ARO HCP deployments. The SecretProviderClass is used by the Secrets Store CSI driver to mount a certificate to a volume in the azure-disk-csi-controller and azure-file-csi-controller pod deployments.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes OCPBUGS-44968

Checklist

Subject and description added to both, commit and PR.
Relevant issues have been referenced.
This change includes docs.
This change includes unit tests.

openshift-ci · 2024-10-11T17:35:53Z

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

openshift-ci · 2024-10-11T17:36:08Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [bryan-cox]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

netlify · 2024-10-11T17:36:56Z

✅ Deploy Preview for hypershift-docs ready!

Name	Link
🔨 Latest commit	`7318da3`
🔍 Latest deploy log	https://app.netlify.com/sites/hypershift-docs/deploys/672118d13b30770009dda1ba
😎 Deploy Preview	https://deploy-preview-4904--hypershift-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

openshift-ci-robot · 2024-10-22T19:53:21Z

@bryan-cox: This pull request references HOSTEDCP-2034 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target only the "4.18.0" version, but multiple target versions were set.

Details

In response to this:

What this PR does / why we need it:
Reconcile the SecretProviderClass for the cluster storage operator (CSO) for ARO HCP deployments. The SecretProviderClass is used by the Secrets Store CSI driver to mount a certificate to a volume in the azure-disk-csi-controller and azure-file-csi-controller pod deployments.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

bryan-cox · 2024-10-22T20:21:24Z

Needs the following PRs before we can continue with this one:

OCPBUGS-42434: Update Azure CLI to Handle Authenticating with Service Principal Backed by Certificates #4877
HOSTEDCP-2033: Add ARO HCP environment vars to CSI deployment cluster-storage-operator#517
OCPBUGS-42325: Set separate secrets for file and disk config on HyperShift csi-operator#290

bryan-cox · 2024-10-29T17:18:19Z

/test all

openshift-ci-robot · 2024-10-29T20:01:57Z

@bryan-cox: This pull request references HOSTEDCP-2034 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target only the "4.18.0" version, but multiple target versions were set.

Details

In response to this:

What this PR does / why we need it:
Reconcile the SecretProviderClass for the cluster storage operator (CSO) for ARO HCP deployments. The SecretProviderClass is used by the Secrets Store CSI driver to mount a certificate to a volume in the azure-disk-csi-controller and azure-file-csi-controller pod deployments.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

enxebre · 2024-11-06T12:37:19Z

+				}
+				deployment.Spec.Template.Spec.Containers[i].Env = append(deployment.Spec.Template.Spec.Containers[i].Env,
+					corev1.EnvVar{
+						Name:  "ARO_HCP_SECRET_PROVIDER_CLASS_FOR_DISK",


can we // doc and link who is consuming this magic variable?

openshift-ci-robot · 2024-11-25T16:38:03Z

@bryan-cox: This pull request references Jira Issue OCPBUGS-44968, which is invalid:

expected the bug to target only the "4.19.0" version, but multiple target versions were set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

What this PR does / why we need it:
Reconcile the SecretProviderClass for the cluster storage operator (CSO) for ARO HCP deployments. The SecretProviderClass is used by the Secrets Store CSI driver to mount a certificate to a volume in the azure-disk-csi-controller and azure-file-csi-controller pod deployments.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes #

Checklist

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Reconcile the SecretProviderClass for the cluster storage operator (CSO) for ARO HCP deployments. The SecretProviderClass is used by the Secrets Store CSI driver to mount a certificate to a volume in the azure-disk-csi-controller and azure-file-csi-controller pod deployments. Signed-off-by: Bryan Cox <brcox@redhat.com>

bryan-cox · 2024-11-27T17:04:50Z

/jira refresh

openshift-ci-robot · 2024-11-27T17:04:57Z

@bryan-cox: This pull request references Jira Issue OCPBUGS-44968, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.19.0) matches configured target version for branch (4.19.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @Phaow

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

bryan-cox · 2024-11-27T18:53:49Z

/test e2e-aks

bryan-cox · 2024-11-27T21:36:13Z

/retest

csrwng

Just one comment, otherwise lgtm

csrwng · 2024-11-28T02:48:14Z

+		if err := r.Client.Get(ctx, client.ObjectKeyFromObject(credentialsSecret), credentialsSecret); err != nil {
+			return fmt.Errorf("failed to get Azure credentials secret: %w", err)
+		}
+		if err := r.Client.Get(ctx, client.ObjectKeyFromObject(credentialsSecret), credentialsSecret); err != nil {


remove duplicate code

Whoops! Not sure how that happened. It's been removed now.

Reconcile the secret data needed for the azure-disk and azure-file CSI controllers. The format is the same as the Cloud Provider. More info on the configuration can be found here: https://cloud-provider-azure.sigs.k8s.io/install/configs/ Signed-off-by: Bryan Cox <brcox@redhat.com>

csrwng · 2024-12-02T13:44:17Z

/lgtm

bryan-cox · 2024-12-02T14:51:13Z

/test e2e-aks

openshift-ci · 2024-12-02T19:10:55Z

@bryan-cox: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	`7428771`	link	false	`/test okd-scos-e2e-aws-ovn`
ci/prow/e2e-aks	`7428771`	link	false	`/test e2e-aks`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci-robot · 2024-12-02T19:14:56Z

@bryan-cox: Jira Issue OCPBUGS-44968: All pull requests linked via external trackers have merged:

openshift/hypershift#4904

Jira Issue OCPBUGS-44968 has been moved to the MODIFIED state.

Details

In response to this:

What this PR does / why we need it:
Reconcile the SecretProviderClass for the cluster storage operator (CSO) for ARO HCP deployments. The SecretProviderClass is used by the Secrets Store CSI driver to mount a certificate to a volume in the azure-disk-csi-controller and azure-file-csi-controller pod deployments.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story:
Fixes OCPBUGS-44968

Checklist

Subject and description added to both, commit and PR.

Relevant issues have been referenced.

This change includes docs.

This change includes unit tests.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-bot · 2024-12-03T01:03:30Z

[ART PR BUILD NOTIFIER]

Distgit: hypershift
This PR has been included in build ose-hypershift-container-v4.19.0-202412030007.p0.gd85237c.assembly.stream.el9.
All builds following this will include this PR.

bryan-cox · 2024-12-03T15:51:53Z

/jira backport release-4.18,release-4.17

openshift-ci-robot · 2024-12-03T15:52:10Z

@bryan-cox: The following backport issues have been created:

OCPBUGS-45349 for branch release-4.18
OCPBUGS-45350 for branch release-4.17

Queuing cherrypicks to the requested branches to be created after this PR merges:
/cherrypick release-4.18
/cherrypick release-4.17

Details

In response to this:

/jira backport release-4.18,release-4.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-cherrypick-robot · 2024-12-03T15:52:50Z

@openshift-ci-robot: #4904 failed to apply on top of branch "release-4.17":

Applying: Reconcile SecretProvider for the CSO on ARO HCP
Using index info to reconstruct a base tree...
M	control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
M	control-plane-operator/controllers/hostedcontrolplane/storage/params.go
Falling back to patching base and 3-way merge...
Auto-merging control-plane-operator/controllers/hostedcontrolplane/storage/params.go
Auto-merging control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
CONFLICT (content): Merge conflict in control-plane-operator/controllers/hostedcontrolplane/hostedcontrolplane_controller.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 Reconcile SecretProvider for the CSO on ARO HCP

Details

In response to this:

@bryan-cox: The following backport issues have been created:

OCPBUGS-45349 for branch release-4.18

OCPBUGS-45350 for branch release-4.17

Queuing cherrypicks to the requested branches to be created after this PR merges:
/cherrypick release-4.18
/cherrypick release-4.17

In response to this:

/jira backport release-4.18,release-4.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

bryan-cox changed the title ~~Aro hcp cso cert~~ Reconcile SecretProvider for the CSO on ARO HCP Oct 11, 2024

bryan-cox changed the title ~~Reconcile SecretProvider for the CSO on ARO HCP~~ Reconcile SecretProvider for CSO on ARO HCP Oct 11, 2024

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 20, 2024

bryan-cox changed the title ~~Reconcile SecretProvider for CSO on ARO HCP~~ HOSTEDCP-2034: Reconcile SecretProvider for CSO on ARO HCP Oct 22, 2024

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Oct 22, 2024

bryan-cox force-pushed the aro-hcp-cso-cert branch from fa5e41a to 88ede2d Compare October 22, 2024 20:16

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 22, 2024

bryan-cox force-pushed the aro-hcp-cso-cert branch from 88ede2d to 7318da3 Compare October 29, 2024 17:18

bryan-cox force-pushed the aro-hcp-cso-cert branch from 7318da3 to 43b2914 Compare October 29, 2024 20:01

bryan-cox marked this pull request as ready for review October 29, 2024 20:01

openshift-ci Bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 29, 2024

openshift-ci Bot requested review from csrwng and hasueki October 29, 2024 20:02

enxebre reviewed Nov 6, 2024

View reviewed changes

bryan-cox changed the title ~~HOSTEDCP-2034: Reconcile SecretProvider for CSO on ARO HCP~~ OCPBUGS-44968: Reconcile SecretProvider for CSO on ARO HCP Nov 25, 2024

openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Nov 25, 2024

bryan-cox force-pushed the aro-hcp-cso-cert branch from 43b2914 to 330b676 Compare November 27, 2024 14:23

bryan-cox force-pushed the aro-hcp-cso-cert branch from 330b676 to 46b77c0 Compare November 27, 2024 16:26

openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Nov 27, 2024

openshift-ci Bot requested a review from Phaow November 27, 2024 17:05

csrwng reviewed Nov 28, 2024

View reviewed changes

bryan-cox force-pushed the aro-hcp-cso-cert branch from 46b77c0 to 7428771 Compare November 28, 2024 13:31

openshift-ci Bot assigned csrwng Dec 2, 2024

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label Dec 2, 2024

openshift-merge-bot Bot merged commit d85237c into openshift:main Dec 2, 2024

bryan-cox deleted the aro-hcp-cso-cert branch December 2, 2024 20:44

bryan-cox mentioned this pull request Dec 3, 2024

[release-4.18] OCPBUGS-45349: CPO fails to reconcile the SecretProviderClass for CSO on ARO HCP #5225

Merged

4 tasks

Conversation

bryan-cox commented Oct 11, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci Bot commented Oct 11, 2024

Uh oh!

openshift-ci Bot commented Oct 11, 2024

Uh oh!

netlify Bot commented Oct 11, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for hypershift-docs ready!

Uh oh!

openshift-ci-robot commented Oct 22, 2024 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

bryan-cox commented Oct 22, 2024

Uh oh!

bryan-cox commented Oct 29, 2024

Uh oh!

openshift-ci-robot commented Oct 29, 2024 • edited by openshift-ci Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

enxebre Nov 6, 2024

Choose a reason for hiding this comment

Uh oh!

openshift-ci-robot commented Nov 25, 2024

Uh oh!

bryan-cox commented Nov 27, 2024

Uh oh!

openshift-ci-robot commented Nov 27, 2024

Uh oh!

bryan-cox commented Nov 27, 2024

Uh oh!

bryan-cox commented Nov 27, 2024

Uh oh!

csrwng left a comment

Choose a reason for hiding this comment

Uh oh!

csrwng Nov 28, 2024

Choose a reason for hiding this comment

Uh oh!

bryan-cox Nov 28, 2024

Choose a reason for hiding this comment

Uh oh!

csrwng commented Dec 2, 2024

Uh oh!

bryan-cox commented Dec 2, 2024

Uh oh!

openshift-ci Bot commented Dec 2, 2024

Uh oh!

openshift-ci-robot commented Dec 2, 2024

Uh oh!

openshift-bot commented Dec 3, 2024

Uh oh!

bryan-cox commented Dec 3, 2024

Uh oh!

openshift-ci-robot commented Dec 3, 2024

Uh oh!

openshift-cherrypick-robot commented Dec 3, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

bryan-cox commented Oct 11, 2024 •

edited

Loading

netlify Bot commented Oct 11, 2024 •

edited

Loading

openshift-ci-robot commented Oct 22, 2024 •

edited by openshift-ci Bot

Loading

openshift-ci-robot commented Oct 29, 2024 •

edited by openshift-ci Bot

Loading