OCPBUGS-46380: StaticPodOperatorStatus validation should reject downgrades and concurrent node rollouts

[benluddy]

No description provided.

[openshift-ci]

Hello @benluddy! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[deads2k]

/test all

[deads2k]

missing integration test

[benluddy]

/payload-job periodic-ci-openshift-release-master-ci-4.19-e2e-gcp-ovn

[openshift-ci]

@benluddy: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-master-ci-4.19-e2e-gcp-ovn

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/92294ac0-b80d-11ef-8f69-be8d4af6e02e-0

[benluddy]

/payload-aggregated periodic-ci-openshift-release-master-ci-4.19-e2e-gcp-ovn 3

[openshift-ci]

@benluddy: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[benluddy]

/payload-aggregate periodic-ci-openshift-release-master-ci-4.19-e2e-gcp-ovn 3

[openshift-ci]

@benluddy: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

• periodic-ci-openshift-release-master-ci-4.19-e2e-gcp-ovn

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/7f63f180-b89c-11ef-9416-0d3097789c7a-0

[benluddy]

I caught the static pod installer controller trying to decrease currentRevision and failing validation here in https://prow.ci.openshift.org/view/gs/test-platform-results/logs/openshift-api-2123-ci-4.19-e2e-gcp-ovn/1867227820942430208.

[openshift-ci-robot]

@benluddy: This pull request references Jira Issue OCPBUGS-46380, which is invalid:

• expected the bug to target the "4.19.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[benluddy]

/jira refresh

[openshift-ci-robot]

@benluddy: This pull request references Jira Issue OCPBUGS-46380, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.19.0) matches configured target version for branch (4.19.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @wangke19

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[benluddy]

/assign @deads2k

[deads2k]

In the future we'll make this only increase too

[deads2k]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: benluddy, deads2k

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [deads2k]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@benluddy: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	f4a5275	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/e2e-azure	f4a5275	link	false	/test e2e-azure

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@benluddy: Jira Issue OCPBUGS-46380: All pull requests linked via external trackers have merged:

• openshift/api#2123

Jira Issue OCPBUGS-46380 has been moved to the MODIFIED state.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

Distgit: ose-cluster-config-api
This PR has been included in build ose-cluster-config-api-container-v4.19.0-202412130637.p0.gf5726c3.assembly.stream.el9.
All builds following this will include this PR.

[p0lyn0mial]

Oh, this is not true. There is a fallback logic in SNO that might revert the CurrentRevision if the new revision fails to install. I think we should revert it; otherwise, it might break an SNO cluster.

[wangke19]

Yes, this reminds me of an earlier bug https://bugzilla.redhat.com/show_bug.cgi?id=1985997.

[benluddy]

I'm not really here, but would it be compatible to instead validate that self.currentRevision == oldSelf.targetRevision?

[wangke19]

@p0lyn0mial A clear logic for fallback we can see https://github.com/openshift/enhancements/blob/master/enhancements/kube-apiserver/startup-monitor.md, CurrentRevision won't decrease, when detecting problems with the new revision, the startup-monitor will copy the pod-manifest of the /etc/kubernetes/static-pods/last-known-good link (or the previous revision if the link does not exist, or don't do anything if there is no previous revision as in bootstrapping) into /etc/kubernetes.

[benluddy]

/cherry-pick release-4.18

[openshift-cherrypick-robot]

@benluddy: new pull request created: #2152

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.